DRACOON OAuth Service

Version 4.14.2 (2019-11-28)

latest version

Bugfix Fixed an issue in connection with the URL query/fragment parsing.

Version 4.14.1 (2019-11-18)

Security Issue Fixed reflected XSS vulnerability on login page.

Bugfix Enabled usage of specific status codes for communication errors with DRACOON Core Service.

Version 4.14.0 (2019-09-27)

UX Improvement Reversed state of "use alternative authentication" button.

Version 4.13.0 (2019-08-08)

New Feature Introduced attributes "createdAt" and "usedAt" to store the creation and last usage dates for authorizations.

New Feature Ended support for multiple authentication methods per user.

Version 4.12.1 (2019-11-18)

Security Issue Fixed reflected XSS vulnerability on login page.

Version 4.12.0 (2019-06-18)

Security Issue Fixed an XSS vulnerability on the login page.

Security Issue Fixed a reflected XSS vulnerability.

New Feature Added OAuth client types (see RFC 6749, section 2.1).

New Feature Improved support of DRACOON branding.

New Feature Introduced "lang" parameter to enable a client to request a specific language.

New Feature Introduced logout mechanism to terminate OAuth session.

New Feature Introduced token revocation endpoint.

New Feature Added an option to make the position of the login box adjustable.

New Feature DRACOON OAuth Service now uses Spring Boot.

New Feature Added device information to OAuth authorizations so that devices can be distinguished.

Improvement Discontinued usage of "X-Fowarded-Host" header.

Improvement Improved responsiveness of the UI.

Improvement Added an option to configure GZIP compression.

Bugfix Fixed an issue where special chars in branded texts prevented the UI from being correctly displayed.

Bugfix Fixed an issue with URI validation.

Bugfix Revised handling of errors on remote calls.

Version 4.11.2 (2019-06-12)

Bugfix Fixed an issue that would make the redirect fail if the state parameter was not provided.

Bugfix Fixed an issue with the caching mechanism that may lead to an incorrect branding being delivered.

Version 4.11.1 (2019-05-16)

Bugfix Fixed an issue that made the redirect fail if the state parameter contained special characters.

Version 4.11.0 (2019-04-10)

New Feature Added support for OpenID Connect Hybrid Flow.

New Feature Added support for DRACOON Branding.

New Feature Existing access and refresh token now stay valid on successful token refresh.

Improvement Increased length of authorization code.

Improvement Applied material design to user interface.

Improvement Replaced Spring Security OAuth library.

Improvement Focus is now immediately set on input fields.

Bugfix Reworked the validation of the send redirect URI so that lower case and upper case are treated equally.

Bugfix Ensured that the authorization code is deleted after usage.

Version 4.10.0 (2018-09-27)

Security Issue Updated dependencies to their latest versions.

New Feature Added error handling for OpenID user import.

Bugfix Fixed an issue that that caused redirect URLs to use http instead of https

Version 4.9.1 (2018-08-17)

Bugfix Fixed an issue with handling 404 status codes.

Version 4.9.0 (2018-08-05)

Improvement Refactored all occurences of SDS.

Bugfix Fixed an issue that allowed only one authorization per client per user.

Version 4.8.3 (2018-08-28)

Bugfix Fixed an issue that that caused redirect URLs to use http instead of https

Version 4.8.2 (2018-08-17)

Bugfix Fixed an issue with handling 404 status codes.

Version 4.8.1 (2018-08-05)

Bugfix Fixed an issue that allowed only one authorization per client per user.

Version 4.8.0 (2018-04-26)

New Feature Added a callback page that displays the authorization code.

Improvement Disabled session for token endpoint.

Improvement Improved responsiveness for passwort hint.

Improvement Improved error handling for invalid/expired sessions.

Bugfix Fixed an issue with validating empty login fields.

Bugfix Fixed an issue that prevented RADIUS authentication from working properly.

Version 4.7.0 (2018-03-29)

New Feature Added filtering to OAuth client listing API.

New Feature Added sorting to OAuth client listing API.

New Feature Added OAuth clients for official DRACOON apps.

Improvement Added responsive UI for mobile clients.

Improvement Changed configuration path to /etc/dracoon/.

Improvement Show client name on authorization page.

Improvement Removed field "clientId" and generate client ID by default.

Improvement Removed field "redirectUrl" from client configuration APIs.

Bugfix Fixed imprint link.

Bugfix Fixed an issue with multiple authorizations from the same OAuth client.