#### **1.0.2 (April 22th, 2016)**

FIXES:
 * Cleaned up a lot of code base to make this simplier
 * Fixed elements in the refresh tokens and simplified the controller
 * Removed of the code out from methods into functions to reduce the dependencies (unit testing is easier as well)
 * Fixed how the refresh tokens are implemented, i was somewhat confused between refresh token and offline token
 * Fixed the encryption key length, must be either 16 or 32 for aes-128/256 selection

FEATURES:
 * Added the ability to store the refresh token in either local boltdb file or a redis service rather than
   an encrypted cookie (note, the token regardless is encrypted)
 * Added a /oauth/logout endpoint to logout the user
 * Added a /oauth/login (niche requirement) to provide grant_type=password requests

TODO:
 * Really need to mock a oauth server to simplify the unit tests

BREAKING CHANGES:
 * Changed the following configuration options to conform to their command line equivalents
   - refresh_sessions -> refresh-sessions
   - discovery_url      -> discovery-url
   - redirection_url    -> redirection-url
   - tls_ca_certificate -> tls-ca-certificate
   - tls_private_key    -> tls-private-key
   - tls_cert           -> tls-cert
   - log_json_format    -> log-json-format
   - log_requests       -> log-requests
   - forbidden_page     -> forbidden-page
   - sign_in_page       -> sign-in-page
   - secret             -> client-secret