Skip to content

Releases: curveball/a12n-server

v0.27.3

06 Dec 20:59
@evert evert
v0.27.3
f193678
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.3
  • Copy simplewebauthn browser bundle into assets directory for easier distribution.
Assets 2
Loading

v0.27.2

06 Dec 20:47
@evert evert
v0.27.2
98ce843
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.2
  • Fix missing entries in files section in package.json, preventing the npx @curveball/a12n-server tool from working.
Assets 2
Loading

v0.27.1

06 Dec 05:00
@evert evert
v0.27.1
32457b9
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.1
  • Fix HTTP/500 error when requesting a developer access token.
Assets 2
Loading

v0.27.0

05 Dec 22:30
@evert evert
v0.27.0
9d5ffbd
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.27.0
  • authorization_challenge now supports a TOTP challenge step!
  • Refactored logging system. Less ugly now with fewer enums!
  • authorization_challenge clients can now specify remote_addr and user_agent, so the server can keep accurate logs of the users' browser that's trying to authenticate.
  • Return the correct 'ttl' value for a verification-token.
  • Instead of 1 generic error with a few parameters, the server now emits invididual error codes for each kind of error that may be emitted from the authorization_challenge endpoint. This is change is based on examples in more recent drafts and should simplify the process for clients a bit. This is a BC break for authorization_challenge.
  • Renamed login_failed event to password-check-failed.
  • Added events: password-check-succes, totp-success, login-challenge-started, login-challenge-success
Assets 2
Loading

v0.26.7

07 Nov 19:28
@evert evert
v0.26.7
47a762a
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.26.7
  • Updated Curveball dependencies. CURVEBALL_TRUSTPROXY should now work as expected.
Assets 2
Loading

v0.26.6

06 Nov 21:28
@evert evert
v0.26.6
d71d57c
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.26.6
  • Updated Curveball dependencies
Assets 2
Loading

v0.26.5

30 Oct 05:24
@evert evert
v0.26.5
6a59e51
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.26.5
  • Developer tokens will now be associated with a client_id if an OAuth2 client was used to generate one. This allows them to be refreshed.
  • A scope can now be specified when creating a developer token.
Assets 2
Loading

v0.26.4

28 Oct 21:20
@evert evert
v0.26.4
1dc4444
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.26.4
  • New: access-token endpoint now returns refresh token.
Assets 2
Loading

v0.26.3

28 Oct 20:32
@evert evert
v0.26.3
a31c935
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.26.3
  • User accounts are now automatically locked after 5 failed login attempts. (@YunhwanJeong).
  • Stricter validation on the 'Create App Client Form.'
  • Looks for database in 'public' searchPath in Postgres. (@Zen-cronic)
  • Fix internal error on user/id route in Postgres. (@Zen-cronic)
  • Generating arbitrary access-tokens is now behind the a12n:access-token:generate privilege instead of just admin. Having the admin privilege still includes this privilege so this is not a backwards compatibility break.
  • Fix: Introspection on developer tokens threw an error.
  • Fix: CSRF error on change password page (@Zen-cronic).

Contributors

YunhwanJeong and Zen-cronic
Assets 2
Loading

v0.26.2

30 Aug 18:50
@evert evert
v0.26.2
4c3f0ad
This commit was signed with the committer’s verified signature.
evert Evert Pot
GPG key ID: F189847A04AD9D0F
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.26.2
  • Allow admins to auto-generate an intitial 'diceware' password when creating
    new users, which should make onboaring new users and testing easier.
  • Fix CSRF error on register form
  • Fix a bug in the automatic App creation flow
Assets 2
Loading