0.1.58

Full Changelog

Implemented enhancements:

• Nodejs version check
• Automated database migrations
• SAML 2.0 protocol and provider
• Travis CI integration
• Request claims using scope values
• Istanbul code coverage

0.1.57

This release is missing key commits and should not be used. Unfortunately npm does not allow for updating an existing published version, so we had to create a new release. Please use 0.1.58 or higher instead.

0.1.56

Full Changelog

Implemented enhancements:

• SSL and secure cookies in production #90

Merged pull requests:

• Use anvil-connect-keys package #229 (christiansmith)
• Change type of client "trusted" property to boolean #228 (christiansmith)

0.1.55

Full Changelog

Implemented enhancements:

• Improve error-handling and display #224 (vsimonian)
• Create first time setup endpoint #223 (vsimonian)

Fixed bugs:

• Fix tests for error-handling middleware #226 (vsimonian)

Closed issues:

• Strip leading/trailing whitespace from JSON inputs. #220

Merged pull requests:

• Namespace user-by-provider index #227 (vsimonian)
• Use Modinha trim property for client redirect_uris #225 (vsimonian)
• Trim whitespace around redirect URIs #221 (vsimonian)
• Use GitHub Changelog Generator #219 (vsimonian)

0.1.54

Full Changelog

Implemented enhancements:

• Enforce client grant_types #96
• Enforce client response_types #95

Fixed bugs:

• Fix handling of optional options parameter in Passport shim #218 (vsimonian)

Merged pull requests:

• Enforce client grant_types and response_types #217 (vsimonian)

Security update

If you are running Anvil Connect 0.1.52 or earlier, please upgrade to 0.1.53. This release patches a security vulnerability.

Changes:

• Fix: unverified redirect_uri redirect vulnerability (#216)
• Fix: Improve nv command behaviour and output
• Fix: Improve standards-compliance with fragment and query string URLs
• Fix: Validate redirect_uris properly (#215)
• Fix: Validate that jwks and jwks_uri are not both used on clients (#98)
• New: Support none response_type (#55)