All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
0.9.0 - 2024-12-04
A new DynamoDB cache provider
0.8.0 - 2024-11-29
- Now requires elixir ~> 1.14
- Normalized auth0_base_url config value
- Bumped absinthe, credo, dialyxir, ex_doc, jason, joken, plug, redix, stream_data, telemetry, telepoison
0.7.1 - 2024-02-06
- Server config validation: if
:audienceis not string, an error is raised
- Fix redis cache config warnings (and related documentation)
0.7.0 - 2023-12-22
0.7.0-pre.0 - 2023-11-27
- Deprecate the
:prima_auth0_ex, :redis, :enabledoption in favor of:prima_auth0_ex, :token_cache
To migrate set :prima_auth0_ex, :token_cache to EncryptedRedisTokenCache, NoopCache or MemoryCache(default)
- Tokens are now cached by default using the MemoryCache backend
You can disable it by setting :prima_auth0_ex, :token_cache to NoopCache.
- Use the rfc8414 metadata endpoint to fetch information about the auth server.
This allows auth0_ex to be used with other compliant openid servers, like okta.
Note that if you're using localauth0, you will need to update to version 0.6.2 or later(public.ecr.aws/c6i9l4r6/localauth0:0.6.2).
- Use the rfc8414 metadata endpoint to fetch information about the auth server
This allows auth0_ex to be used with other compliant openid servers, like okta.
Note that if you're using localauth0, you will need to update to version 0.6.2 or later(public.ecr.aws/c6i9l4r6/localauth0:0.6.2).
0.6.4 - 2023-11-20
Logger.warnis now replaced in favour ofLogger.warning(thanks to @neslinesli93)
0.6.3 - 2023-08-31
0.6.3-rc.0 - 2023-08-30
- If no client is defined, application doesn't fail to start
0.6.2 - 2023-08-25
Bug fixes
0.6.1 - 2023-08-25
0.6.0 - 2023-08-24
:clientsconfig, which can now be used to configure multiple clientsconfig :prima_auth0_ex, :clients, default_client: [...]can be used to configure a default client, so thattoken_forand other methods can be used without specifying a client:redisconfiguration, which is now separate from the clients' ones
:clientsand:servernow have an:auth0_base_urlparametertoken_forandrefresh_token_forhave an additionalclientparameter, which defaults to:default_client
config :prima_auth0_ex, :clientno longer works,:clients, default_client: [...]can be used insteadconfig :prima_auth0_ex, auth0_base_url: ...is not used anymore, each base url is now client and server specific
0.5.0 - 2022-09-28
- [Breaking] Do not disable certificate verification connecting to Redis when the
redis_ssl_allow_wildcard_certificatesoption is enabled.
0.4.6 - 2022-09-27
redis_ssl_allow_wildcard_certificatesonly works ifredis_ssl_enabledis true
0.4.5 - 2022-08-05
PrimaAuth0Ex.TokenProvider.TokenEncryptor.decryptwill now return a proper error on decrypt error
0.4.4 - 2022-07-28
- Rename the metric defined by the default telemetry handler from
retrieve_token:*(invalid) toauth0.token
0.4.3 - 2022-06-16
- Absinthe plugs use a map instead of custom struct as context
0.4.2 - 2022-06-01
- Fix compilation error when only
:absinthedependency is present without:absinthe_plug
0.4.1 - 2022-06-01
- New
:redis_ssl_enabledand:redis_ssl_allow_wildcard_certificatesoptions
0.4.0 - 2022-05-31
- New Absinthe plug & middleware to bootstrap authentication
- New telemetry events on token retrieval
- New telemetry pre-defined handler
- New
mix keygencommand to easily generatecache_encryption_key
- All errors are logged when caching token on Redis fails
0.3.1 - 2022-03-15
- [Breaking] When Plug configuration miss the required_permissions field a runtime error will be thrown
- Added
missing_auth_header_log_levelconfiguration option to control log level when the autorization header is missing.
0.3.0 - 2022-01-25
- Added a warning log to alert of missing configurations at startup.
- Token validation configurations are now read at runtime instead of compile time so the library doesn't have to be forcibly recompiled when configurations change.
- Bumped
telepoisonto 1.0
0.3.0-rc.1.3 - 2022-01-03
- Bumped
jasonto 1.3 - Relaxed version requirements for
jasonandjoken
0.3.0-rc.1.2 - 2021-11-30
- Added
:ex_docdependency
0.3.0-rc.1.1 - 2021-11-30
- Fixed package inside mix project
0.3.0-rc.1 - 2021-11-26
- Published project to Hex.pm.
- Renamed project to
prima_auth0_ex. This is a breaking change, and it impacts both configuration and usage of the library.
0.2.5 - 2021-11-17
- Bumped version of joken, joken_jwks and telepoison
0.2.4 - 2021-10-01
- Bumped some dependencies
0.2.3 - 2021-08-18
- Bumped some dependencies
0.2.2 - 2021-06-30
- Added
Auth0Ex.refresh_token_for/1
0.2.1 - 2021-04-30
- Added periodic check on the client to ensure that the signing keys of the tokens are still valid - according to the JWKS server
- Fixed config issue that prevented the redis cache from being enabled in version 0.2.0
0.2.0 - 2021-04-15
- Added support for validation of tokens with multiple audiences
- Added utilities to forge tokens for local development (see
Auth0Ex.LocalToken) - Added documentation for use of library to validate permissions in Graphql APIs with Absinthe
- Config parameter names have changed - refer to README to see how to update
- Refresh time for a token is now decided upfront as soon as the token is obtained.
token_check_interval,min_token_durationandmax_token_durationare no longer public configurations. It is suggested not to rely on them.
- Fixed validation of permissions for tokens with no
permissionsclaim
0.1.1 - 2021-03-22
- Fixed compilation error when
:auth0_ex, :serveris not configured inconfig.exs