2018-06-13 07:29:16 +00:00
|
|
|
= Client Scopes and support for OAuth 2 scope parameter
|
2018-06-07 13:18:50 +00:00
|
|
|
|
2018-06-13 07:29:16 +00:00
|
|
|
We added support for Client Scopes, which replaces Client Templates. Client Scopes are a more flexible approach and also provides
|
|
|
|
|
better support for the OAuth `scope` parameter.
|
|
|
|
|
|
|
|
|
|
There are changes related to Client Scopes to the consent screen. The list on the consent screen is now linked to client scopes
|
|
|
|
|
instead of protocol mappers and roles.
|
|
|
|
|
|
|
|
|
|
See the documentation and migration guide for more details.
|
|
|
|
|
|
|
|
|
|
= OAuth 2 Certificate Bound Access Tokens
|
|
|
|
|
|
|
|
|
|
We now have a partial implementation of the specification
|
|
|
|
|
https://tools.ietf.org/html/draft-ietf-oauth-mtls-08[OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens] .
|
|
|
|
|
More accurately we have support for the Certificate Bound Access Tokens. If your confidential client is able to use 2-way SSL,
|
|
|
|
|
{project_name} will be able to add the hash of the client certificate into the tokens issued for the client. At this moment,
|
|
|
|
|
it's just the {project_name} itself, which verifies the token hashes (for example during `refresh token` requests).
|
|
|
|
|
We plan to add support to adapters as well. We also plan to add support for Mutual TLS Client Authentication.
|
|
|
|
|
|
|
|
|
|
Thanks to https://github.com/tnorimat[tnorimat] for the contribution.
|
