OpenID Connect Relying Party and OAuth 2.0 Resource Server for Apache HTTP Server 2.x
OpenID Connect Relying Party and OAuth 2.0 Resource Server for Apache HTTP Server 2.x
- Developed at Apache:Modules
- Sources inherited from project openSUSE:Factory
-
2
derived packages
- Download package
-
Checkout Package
osc -A https://api.opensuse.org checkout openSUSE:Factory:PowerPC/apache2-mod_auth_openidc && cd $_
- Create Badge
Refresh
Refresh
Source Files
Filename | Size | Changed |
---|---|---|
apache2-mod_auth_openidc-2.4.6.tar.gz | 0000255474 249 KB | |
apache2-mod_auth_openidc.changes | 0000016194 15.8 KB | |
apache2-mod_auth_openidc.spec | 0000002243 2.19 KB |
Revision 14 (latest revision is 31)
Richard Brown (RBrownSUSE)
accepted
request 873294
from
Petr Gajdos (pgajdos)
(revision 14)
- re-download tarball - Update to version 2.4.6 * Bugfixes - don't set SameSite=None on cookies when on plain http - fix semaphore cleanup on graceful restarts; see #522 - fix inconsistent public/private keys loading order; closes #515 - return HTTP 400 Bad Request instead of 500 Internal Server Error when state cookie matching fails - optimize Redis AUTH execution once per connection - avoid segmentation fault when hitting an endpoint configured with AuthType openid-connect in an OAuth 2.0 only setup; see #529 - make sure the module compiles with Apache 2.2 for passphrase exec: * Features - add Redis database selection option with OIDCRedisCacheDatabase; closes #423 - add base64url option to OIDCPassClaimsAs primitive; closes #417 - add environment variable to control libcURL CURLOPT_SSL_OPTIONS behaviors e.g.: - SetEnvIfExpr true CURLOPT_SSL_OPTIONS=CURLSSLOPT_NO_REVOKE - removed support for https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state * Security - avoid displaying the client_secret in debug logs * Dependencies - libcjose >= 0.5.1
Comments 0