- MODAT-168 auth.* permissions rename, review and cleanup Module Descriptor for mod-authtoken
- MODAT-169 Upgrade dependencies: Vert.x 4.5.10, okapi-common 6.1.0, folio-vertx-lib 3.3.0, …
- MODAT-170 perms.permissions.get rename
- MODAT-167 Vert.x 4.5.8 fixing Netty form POST OOM CVE-2024-29025
- MODAT-166 Illegal base64 character 5f when decoding token with username with umlaut
- MODAT-164 Quesnelia deps: Vert.x 4.5.4, log4j 2.23.0
- MODAT-163 Add tenantId to RouteApi response
- MODAT-159 allow.cross.tenant.requests=false to disable consortia options
- MODAT-160 When a token isn't present in a request, return 400 rather than 403
Deploy failure.
MODAT-156 Response head already sent for legacy token tenant feature
Support for ECS, finalization of RTR
- MODAT-154 Update dependencies for Poppy
- MODAT-153 Check "error" in GET /_/tenant/<tenantid> in AuthTokenTest
- MODAT-152 Create new token type DummyTokenExpiring
- MODAT-151 Implement enhanced security mode
- MODAT-149 Make RTR compatible with ECS
- Add running application in consortia mode locally without redeploying mod-authtoken
- MODAT-148 Allow cross tenant requests only when special system property variable presented
- MODAT-146 Update to Java 17
- MODAT-145 Use GitHub Workflows api-lint and api-schema-lint and api-doc
- MODAT-143 Provide ability to cross tenant requests for consortia members
- Use free port in test
- MODAT-133 Finalize refresh token backend
- MODAT-65 Configurable access/refresh token expiration
- MODAT-142 Upgrade to vertx-lib 3.0.0, Vert.x 4.3.8
- MODAT-140 Upgrade dependencies (Vertx, log4j, okapi-common, nimbus-jose-jwt)
- MODAT-134 Allow users interface 15.0 thru 16.0
- MODAT-136 Fix Upgrade from 2.9.1 (Lotus) to 2.11.0 (Morning Glory) fails
- MODAT-137 Upgrade to Vert.x 4.3.3 fixing https for WebClient
This is the first version of mod-authtoken that uses Postgresql storage.
- MODAT-132 Upgrade dependencies (folio-vertx-lib 2.0.0, Vert.x 4.3.1, ..
- MODAT-128 jwt.signing.key hint on BadSignatureException
- MODAT-126 Implement OpenAPI
- MODAT-123 Report "no token" when permission required and token missing
- MODAT-125 Update dependencies (CVE-2021-27568, CVE-2021-31684)
- MODAT-112 Implement access token expiration and refresh token rotation
- MODAT-110 Implement token persistent store
Fixes:
Improvements:
- MODAT-120 Define permissions auth.signtoken, auth.signrefreshtoken
- MODAT-118 Clear permission cache when user logs in
- MODAT-117 Redundant web service request
- MODAT-109 Implement new token types
- MODAT-115 Log4j 2.16.0, disable JNDI
- MODAT-113 Log4j 2.15.0 fixing remote execution
- MODAT-108 Out of bounds exception
- MODAT-107 X-Okapi-MOdule-Tokens, refactor
- Support /admin/health Other:
- Upgrade to Vert.x 4.1.4, okapi-common 4.9.0
- Notes on refresh tokens.
No functional changes since 2.7.0.
- Upgrade to Vert.x 4.1.0.CR1
- MODAT-92 Add personal data disclosure form
- Support both "http.port" and "port" property variables
Update mod-authtoken to use same log format as RMB and Okapi. Upgrade from Vert.x 3 to 4. Token cache optimization and bug fix.
- MODAT-98 log4j2 format, Vert.x 4.0.2
- MODAT-82 Replace linear search MainVerticle.LimitedSizeQueue
- MODAT-96 Upgrade mod-authtoken to Vert.x 4.0.0
- MODAT-63 Update log4j from 1.x API to 2 API
- MODAT-89 Upgrade to Vertx 3.9.3
- MODAT-88 Migrate to JDK 11
- MODAT-86 Remove requestId from token claims
- MODAT-79 Fix Error: 414 Request-URI Too Large. Fixed by skipping expanded system permissions
- MODAT-78 refresh system perm set expansion if it is empty
- MODAT-77 Provide permissionsRequired property.
- MODAT-76 Update to Vert.x 3.9.1
- MODAT-72 Expand module permission set
- MODAT-61 Increase HTTP client pool size.
- MODAT-62 Issue with log4j configuration.
- MODAT-59 Update log4j from 1.2.17 to 2.x fixing security vulnerability CVE-2019-17571
- MODAT-56 validate user deactivation when checking access token
- Use new JAVA_OPTIONS MaxRAMPercentage FOLIO-2358
- Use new base docker image FOLIO-2358
- MODAT-49 Two caches for permissionsForUser and expandPermissions
- MODAT-50 Fix Does not pass X-Okapi-Request-Id
- MODAT-43 Bump up token perm cache from 10s to 60s
- MODAT-44 Fix mod-auth requires permissions interface
- MODAT-46 checkout-by-barcode returns 500 "HTTP header is larger than 8192 bytes
- No need to include raml-test (not in use)
- Update to Vertx 3.5.4
- Fix issue with caching permissions (MODAT-42)
- Correct version in pom.xml
- Fix issue with missing module token when acting as filter (MODAT-38, MODAT-39)
- Enable A256GCM Encryption (MODAT-35, MODAT-36)
- Code clean-up
- Implement /refreshtoken and /refresh endpoints for obtaining and using refresh tokens
- Change return format of /token endpoint to return token in body rather than header
- Reduce verbosity and level of several logs
- Merge fix for caching-flush bug
- Add 'iat' claim to all generated tokens
- Correct package name in pom
- Add header to zap cache on demand
- Implement option for time-based caching
- Adjust token signing hand-off for new Okapi behavior
- Change behavior to act as a "headers only" filter in Okapi
- Allow wildcard permission names in desired permissions
- Use new id-referenced scheme for retrieving permissions
- Add userid field to authtoken
- Fix bug with missing source file
- Add support for X-Okapi-User-Id header
- Add support for X-Okapi-Request-Id header
- Expand permission sets provided as modulePermissions to modules
- Treat 404 for permission lookup as empty permission set
- Remove keep-alive idle timeout
- Fix internal dependency
- Initial release after splitting repository from mod-auth