v0.29.0

• OpenID Connect works! The plumbing for this has been in place for some time, but this release supports the /userinfo endpoint and enough parameters from the authorization endpoint to make it work the OIDC clients we've tested.
• The dev server now automatically generates a JWT private key when it's ran for the first time. This enables OpenID Connect to be used without further configuration.
• Auth.js / NextAuth.js support validated. Our implementation had a few bugs, and authjs also had some issues that the server now has workarounds in place for.
• Lots of documentatation fixes and additions. (Thank you @usrrname).
• Workaround for authjs incorrectly encoding colon in Basic Auth with percent-encoding.
• #590: When a OIDC client doesn't provide a nonce, the server encoded the nonce as 'null' in the id token. It should have simply been omitted and this was breaking authjs.
• Added OpenID Connect endpoints to home screen.
• Fixed validation bugs in the OAuth2 app update screen.
• Support for the OIDC /.well-known/openid-configuration endpoint.
• Added 'email', 'phone' and 'name' claims to OpenID id token.
• Support for OpenID Connect 'userinfo' endpoint.
• #596: Support for 'prompt' parameter in OIDC authorize request.
• Support for auth_time in OIDC id_token
• Force users to go through login process after changing their password. Before this change a change-password token was enough to complete login, but this could allow a user to circumvent other authentication factors such as TOTP.
• Added a small HAL form for easily obtaining developer access tokens.
• Added a /me endpoint that always redirects to the currently authenticated user or app.
• Add support for prefer: transclude=item header and ?embed=item query parameter on the /user collection, allowing clients to get the full representation of each user.
• A refresh of the home endpoint, with a few more links to OIDC endpoints.

v0.28.5

• Fix: authorization_challenge was emitting an incorrect error for users logging in with unverified email addresses.

v0.28.4

• Logging with an unverified email is no longer a blocker for the authorization-challenge system. Users can now verify their email address during the login process. (@chelsearoman-ca)
• Adding a friendly error message to devs trying to directly POST to the /login endpoint.
• Refreshed getting started and CONTRIBUTING documents. (@usrrname)
• Added some guides for getting a basic OAuth2 integration up and running using vanilla Javascript.
• Added guide on testing SMTP.

v0.28.3

• Login challenge now prefers TOTP challenge over Email OTP by default.
• Fix admin logout.
• Cosmetic fixes in email templalates.
• Fix bug in password reset form.
• User can now override the a12n-server application title via the APP_NAME environment variable.

v0.28.2

• Add a new privilege for managing user identities. Before this change it was required to have the 'admin' privilege to do this.
• Verify response endpoint is now exposed as a form on the identity resource.
• It's now possible to mark an identity as an MFA identity when verifying using the 'enableMfa' property.

v0.28.1

• Fix a timing bug when using Redis as the kv store.

v0.28.0

• #563: Users can now enter a code sent to them by email as a one-time-password. This feature has been added to the authorizion_challege / first party auth API but is not yet exposed to the admin interface.
• Refactored and centralized abstract cache system, supporting redis/valkey and memory stores.
• Email identities can now be verified in the admin UI and via the API.
• Allow authorization_challenge to be preselected in 'new client'
• Add button in admin UI to enable/disable MFA for a specific email identity.
• Dropped support for Node 16, which is EOL.

v0.27.6

• Update @curveball/browser, which fixes an issue with submitting HTML forms that don't use GET or POST.

v0.27.5

• #555: Another fix for launching the a12nserver npx script. (@Zen-cronic)

v0.27.4

• Schemas misspelled as 'schema'. Sorry for all the releases, I dont know to do a clean test of npx without doing a release first, so the feedback loop is change->release->test.