All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
0.10.3 - 2021-05-07
- Use our own forked versin of per item TTL cache. It fixes a nasty bug that was making evicted entries look like they were alive in the cache, but returning a nil value when looked up.
0.10.2 - 2021-03-31
- More debugging information, for other corner cases.
0.10.1 - 2021-03-30
- Lots of additional debugging information to be able to diagnose corner cases.
0.10.0 - 2020-10-29
- [BREAKING CHANGE] Upgraded http-kit dependency to 2.5.0. This change bumps the minimum JVM version from 1.6 to 1.7!
0.9.0 - 2020-08-24
- Upgraded http-kit dependency to 2.4.0. This fixes issue #1.
0.8.6 - 2020-07-01
- Explicitly prevent verifying tokens with the 'none' algorithm (instead of relying on the behaviour of the underlying JWT library).
0.8.5 - 2020-03-19
- Emergency fix for last minute non-tested change that breaks the build.
0.8.4 - 2020-03-19
- You can now provide two additional configuration keys for JWKS retrieval connection policy. :jwks-retrieval-timeoutspecifies the connection timeout (in milli-seconds) and:jwks-retrieval-retriesspecifies the number of additional retries in case of connection failure.
0.8.3 - 2020-03-02
- Bumped Amazonica dependency version (devel profile only)
- Removed CIDER dependency (devel profile only)
- Bumped mininum Leiningen version to 2.9.0.
- Reorganized dev profile definition to allow to override some settings via profiles.clj file inside project's directory.
- Increased timeout to 500s with 3 max retries (from 250ms with 5 max retries)
- Made a couple of caching related unit test more thorough, to make sure we do the right thing.
0.7.0 - 2019-09-06
- 'aud' claim can now be either a single string value or a collection of them. The aud claim of the token is checked against all of them.
0.6.0 - 2019-06-18
- Fixed installation instructions in README.md
- This CHANGELOG
- Implemented JWKS keys retrieval retries with diehard
- You can now provide a configuration key that implements the duct.logger/Loggerprotocol and the the library will log any relevant issues that may prevent tokens from being validated (e.g., inability to get the JWKS URL, getting invalid keys in the JWKS body, etc.)
0.5.0 - 2019-02-21
- Added composed cache to set token storage limit. This was previously disabled (even if it was documented as working in the README), as composition with ttlcachedidn't seem to work.
- Bumped CIDER version dependency (devel profile only)
0.4.0 - 2019-01-29
- Updated Clojure version to 1.10.0
- Added deploy config
0.3.0 - 2019-01-28
- Initial commit (previous versions were not publicly released)