Skip to content

v0.19.0
Compare
Choose a tag to compare
@jalyna jalyna released this 03 Aug 08:50
· 143 commits to main since this release
v0.19.0
e04fb32
This commit was signed with the committer’s verified signature.
jalyna Jalyna
GPG key ID: 77480DC641C77630
Verified
Learn about vigilant mode.
  • Do not store refresh tokens from client credentials flow to improve security (until they are removed by the hub)
  • Do not redeem refresh tokens in get_access_token instead use client credentials flow so that only users redeem refresh tokens
  • Automatically revoke access token on logout (security)
  • Add Zaikio::OAuthClient.find_active_access_token( session[:zaikio_access_token_id]) that should be used to find the latest valid access token. If the (redirect) access token e.g. was revoked (user disconnected, security breach, ...) the user shall be logged out.
  • Add Zaikio::AccessToken#revoke!
Assets 2
Loading