4.0.0 release notes - added Client Scopes and Certificate Bound Access Tokens

2018-06-13 09:29:16 +02:00 · 2018-06-13 09:29:16 +02:00 · c08cc3039b
commit c08cc3039b
parent 2996da5774
1 changed files with 19 additions and 2 deletions
--- a/release_notes/topics/4_0_0_final.adoc
+++ b/release_notes/topics/4_0_0_final.adoc
@ -1,3 +1,20 @@
-= Test Feature
+= Client Scopes and support for OAuth 2 scope parameter

-Some test feature.
+We added support for Client Scopes, which replaces Client Templates. Client Scopes are a more flexible approach and also provides
+better support for the OAuth `scope` parameter.
+
+There are changes related to Client Scopes to the consent screen. The list on the consent screen is now linked to client scopes
+instead of protocol mappers and roles.
+
+See the documentation and migration guide for more details.
+
+= OAuth 2 Certificate Bound Access Tokens
+
+We now have a partial implementation of the specification
+https://tools.ietf.org/html/draft-ietf-oauth-mtls-08[OAuth 2.0 Mutual TLS Client Authentication and Certificate Bound Access Tokens] .
+More accurately we have support for the Certificate Bound Access Tokens. If your confidential client is able to use 2-way SSL,
+{project_name} will be able to add the hash of the client certificate into the tokens issued for the client. At this moment,
+it's just  the {project_name} itself, which verifies the token hashes (for example during `refresh token` requests).
+We plan to add support to adapters as well. We also plan to add support for Mutual TLS Client Authentication.
+
+Thanks to https://github.com/tnorimat[tnorimat] for the contribution.