feat(oidc): persist hashed OIDC tokens, authorization codes, and user consent in smartdata storage
This commit is contained in:
@@ -1,5 +1,14 @@
|
||||
# Changelog
|
||||
|
||||
## 2026-04-20 - 1.19.0 - feat(oidc)
|
||||
persist hashed OIDC tokens, authorization codes, and user consent in smartdata storage
|
||||
|
||||
- replace in-memory OIDC authorization code, access token, refresh token, and consent stores with SmartData document classes
|
||||
- store authorization codes and tokens as hashes instead of persisting plaintext values, with helpers for matching, expiration, and revocation
|
||||
- persist and merge user consent scopes when issuing authorization codes
|
||||
- add cleanup lifecycle management for expired OIDC state and stop the cleanup task when reception shuts down
|
||||
- add tests covering hashed code/token matching, authorization code usage, refresh token revocation, and consent scope merging
|
||||
|
||||
## 2026-04-20 - 1.18.0 - feat(reception)
|
||||
persist email action tokens and registration sessions for authentication and signup flows
|
||||
|
||||
|
||||
Reference in New Issue
Block a user