All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Fix crash when storing a token without refresh_expires_in or refresh_token @julien-nc #1025
- Disable token exchange mechanism by default @julien-nc #1025
- Support for Global Scale (globalsiteselector app) @julien-nc #1011
- Add whitelist regular expression for group provisioning @bergerar #884
- Optionally restrict login to users matching a certain group @bergerar #884
- Token exchange mechanism for other apps @julien-nc #974
- Password confirmation in admin settings @janepie #991
- Add option to configure bearer provisioning via occ @janepie #1003
- Add config value to make the email match optional when searching for a user or a display name @julien-nc #1014
- Make the app Reuse compliant @AndyScherzinger #975
- Add support for comma-separated groups in group mapping attribute @julien-nc #1006
- Update cache when discovery endpoint is changed @janepie #1002
- Set fallback redirect URL for login if already logged in @janepie #1001
- Fix redirect URI when Nextcloud is accessed at a sub path @bdovaz #990
- Handle redirect URL containing a ':' @artonge #1008
- Avoid slow queries in scenarios where we do not need a search @juliusknorr #1019
- Adjust provisioning service to correctly update the display name on login @julien-nc #979
- Fix state token missing while trying to login using Nextcloud Desktop (login flow) @joselameira #971
- Ensure providerClientId is declared when validating bearer tokens @artonge #969
- feat(provisioning): New system config flag to disable user creation in soft auto provisioning @julien-nc #954
- feat(ApiController): Add endpoint to de-provision user @edward-ly #960
- Add an OCS API controller for pre-provisioning and de-provisioning @julien-nc #963
- Make aud and azp checks optional when logging in or validating a bearer token @julien-nc #921
- Bump max NC version to 31
- Fix provisioning mistake when setting role @julien-nc #930
- Fix LoginController: revert default
token_endpoint_auth_methodvalue @edward-ly #946 - Fix integration tests sometimes not finding docker-compose but 'docker compose' @julien-nc #953
- Backchannel logout endpoint should only return 200 or 400 @julien-nc #955
- Use correct userId when getting user folder in provisioning endpoint if unique-uid is enabled @julien-nc #958
- Re-enable PKCE by default (if supported by the IdP) @edward-ly #956
- Prevent redirecting to an absolute URL after login @julien-nc #961
- Fix provisioning: If address attr is an object but can't be parsed to an array, give null to the 'attr mapped' event @julien-nc #948
- Many fixes in ProvisioningServer @julien-nc #905
- Update npm pkgs
- Use nextcloud/vue 8.15.0
- Support more token endpoint authentication methods @xataxxx #897
- Set avatar on login @julien-nc #838
- Fix small accessibility issue with NcModal @julien-nc
- Support search by email in the user backend @tcoupin #815
- Improve the stub so it's not confusing IDEs @nickvergessen @julien-nc #862 #863
- Set group displayname when provisioning @towo @julien-nc #880
- Add issuer, audience and azp checks in bearer token validator @julien-nc #864
- Allow to disable default quota, displayName, groups and email claims @julien-nc #883
- Fix, improve and refactor the upsert occ command @julien-nc #860
- Fix biography attr being used to set the account gender @julien-nc #888
- Update npm packages
- Stop using missing OC::->getEventDispatcher method (dropped in NC 28) @julien-nc #818
- Soft auto-provisioning @julien-nc #730
- Prevent using ID4ME routes if ID4ME is disabled @julien-nc
- Fix(login): user get null check @skjnldsv #789
- Customizeable end session endpoint @nc-fkl #724
- Implement ICountUsersBackend to give a user count in 'occ user:report' @julien-nc #733
- Many additional user attribute mapping @nc-fkl #729
- Psalm checks @julien-nc #765
- Ensure the discovery endpoint result is valid @nc-fkl #750
- Bump max NC version to 29 @julien-nc #717
- Bump min NC version to 25 @julien-nc #765
- Increased database column length for client id and secret @nc-fkl #711
- Make PKCE optional @julien-nc #740
- Update nextcloud/vue to v8 @julien-nc #763
- Avoid a lot of error log on token validation failure @aro-lew #721
- Avoid identifier edition when editing a provider @nc-fkl #714
- PKCE support #697 @rullzer @nc-fkl
- improve id4me token validation #715 @julien-nc
- fix potentially missing alg in jwks #713 @julien-nc
- Disable password confirmation for SSO @juliushaertl #668
- Add issuer and azp validation, improve audience validation @julien-nc #642
- Encrypt stored oidc provider client secrets and id4me client secrets @julien-nc #636
- fix Oracle database support by avoiding empty strings that are replaced with null @julien-nc #563
- use more recent Ubuntu image for PhpUnit tests as the old ones are not picked up by runners @julien-nc #619
- better error handling and throttling in Id4Me and login controllers @julien-nc #615 #618
- show redirect URI to help configuring the client on the provider side @julien-nc #598
- add Nextcloud 27 support @julien-nc #616
- fix id4me/id4me-rp imports @julien-nc #585
- don't include .nextcloudignore in app releases @julien-nc #595
- avoid using IUserManager::getDisplayName that was introduced in NC 25 @julien-nc #594
- Group provisioning @MarvinOehlerkingCap #502
- Group mapping @MarvinOehlerkingCap #502
- Prefix user ID with provider ID @MarvinOehlerkingCap #502
- User provisioning on API requests authenticated with a Bearer token @MarvinOehlerkingCap #502
- DiscoveryService tests @julien-nc #518
- Expected code being exposed when the received one does not match @julien-nc #580
- Non-unique database indexes @julien-nc #541
- User display name change propagation @julien-nc #530
- Fix discovery URL generation with GET parameters @julien-nc #518
- Safer user sync with LDAP user provisioning @julien-nc #535
- Support for Nextcloud 26 @nickvergessen #504
- Support backchannel logout @julien-nc #464
- New endpoint to pre-provision users @julien-nc #450
- Create and populate user storage if necessary on bearer token validation @julien-nc #443
- Fix crash on bearer token validation before first login @julien-nc #498
- Potential XSS with Safari @julien-nc #496
- Fix single logout when using Keycloak >= 18 @ubipo #493
- Enforce HTTPS @julien-nc #495
- Check if user was deleted in LDAP if necessary @julien-nc #451
- Perform a user search before login to make sure LDAP users are synced @julien-nc #436
- Make sure the user avatar is generated on login @julien-nc #437
- Fix upsert command resetting the scope if none provided @julien-nc #433
- Fix upsert command not printing the provider when no parameter given @julien-nc #431
- Fix single logout with non-auto provisioned users @julien-nc #429
- Modernize settings frontend (use
@nextcloud/vue, bump js libs...) @julien-nc #497
- Fix and polish upsert and delete commands @eneiluj #338
- Remove redundant and time consuming userinfo validation @eneiluj #334
- Cache provider public keys @eneiluj #337
- Move to IBootstrap @juliushaertl #385
- New system config to disable SelfEncodedValidator bearer token validator @eneiluj #372
- Dispatch new event when a bearer token is validated @eneiluj #381
- Add new provider setting to request extra claims @eneiluj #407
- Implement single logout @eneiluj #373
- Avoid claiming 'sub', display code response error @eneiluj #329
- Optionally keep userinfo validator for api calls only, use all providers @eneiluj #335
- Let .nextcloudignore skip defined paths only in root @juliushaertl #353
- Avoid empty session on certain redirect situations in Safari @juliushaertl #358
- Cache discovery endpoint results @juliushaertl #367
- Fix a small php 8 compatibility issue @CarlSchwan #406
- Cache user object when checking existance @CarlSchwan #412
- Ensure that a remember me cookie is created @juliushaertl #425
- #304 Allow to disable other login methods
- #306 Add integration tests with keycloak
- #317 Claim handling and complex mapping rules @tsdicloud
- #320 Bearer token validation
- #303 Properly handle redirect after login
- #319 Fix typo in quota attribute @rgfernandes
- #316 Fix provider edition
- #314 Fix header/column label missmatch @alerque
- Dependency updates
v1.0.0 (2021-08-03)
Implemented enhancements:
- Add provider admin commands #292 (tsdicloud)
- Move to npm7 and update actions #286 (skjnldsv)
- Custom attribute mappings #268 (juliushaertl)
- Implement missing user backend methods #267 (juliushaertl)
- Update webpack config and add settings icon #259 (skjnldsv)
Fixed bugs:
- Move mozart out of regular dependencies #296 (juliushaertl)
- Make column explitly nullable
- NC 21 support
- Installing on NC20
- Basic implementation of OIDC client
- Expirimental support for ID4ME