Skip to content
Snippets Groups Projects
Commit d87fb3e0 authored by Rohith's avatar Rohith
Browse files

- shifing to version v1.0.6 (#62)

- updating the CHANGELOG and the README
parent 1803dc87
No related branches found
No related tags found
No related merge requests found
*.swp
.idea/ .idea/
bin/ bin/
release/ release/
......
#### **1.0.6 (May 6th, 2016)**
FIXES:
* Fixed the logout endpoint, ensuring users sessions are revoked. Note: i've not really tested this against Keycloak
and Google. Revocation or logouts seems to have somewhat scattered implementation across providers.
#### **1.0.5 (May 3th, 2016)** #### **1.0.5 (May 3th, 2016)**
FEATURES: FEATURES:
......
...@@ -318,10 +318,14 @@ which was signed by the CA being used. ...@@ -318,10 +318,14 @@ which was signed by the CA being used.
Refresh tokens are either be stored as an encrypted cookie or placed (encrypted) in a shared / local store. At present, redis and boltdb are the only two methods supported. To enable a local boltdb store. --store-url boltdb:///PATH or relative path boltdb://PATH. For redis the option is redis://HOST:PORT. In both cases the refresh token is encrypted before placing into the store Refresh tokens are either be stored as an encrypted cookie or placed (encrypted) in a shared / local store. At present, redis and boltdb are the only two methods supported. To enable a local boltdb store. --store-url boltdb:///PATH or relative path boltdb://PATH. For redis the option is redis://HOST:PORT. In both cases the refresh token is encrypted before placing into the store
#### **- Refresh & Offline Tokens** #### **- Refresh Tokens**
Assuming access response responds with a refresh token and the --enable-refresh-token is true, the proxy will automatically refresh the access token for you. The tokens themselves are kept either as an encrypted (--encryption-key=KEY) cookie (cookie name: kc-state). Alternatively you can place the refresh token (still requires encryption key) in a local boltdb file or shared redis. Naturally the encryption key has to be the same on all instances and boltdb is for single instance only developments. Assuming access response responds with a refresh token and the --enable-refresh-token is true, the proxy will automatically refresh the access token for you. The tokens themselves are kept either as an encrypted (--encryption-key=KEY) cookie (cookie name: kc-state). Alternatively you can place the refresh token (still requires encryption key) in a local boltdb file or shared redis. Naturally the encryption key has to be the same on all instances and boltdb is for single instance only developments.
#### **- Logout Endpoint**
A /oauth/logout?redirect=url is provided as a helper to logout the users, aside from dropping a sessions cookies, we also attempt to refrevoke session access via revocation url (config revocation-url or --revocation-url) with the provider. For keycloak the url for this would be https://keycloak.example.com/auth/realms/REALM_NAME/protocol/openid-connect/logout, for google /oauth/revoke
#### **- Cross Origin Resource Sharing (CORS)** #### **- Cross Origin Resource Sharing (CORS)**
You are permitted to add CORS following headers into the /oauth uri namespace You are permitted to add CORS following headers into the /oauth uri namespace
......
...@@ -22,7 +22,7 @@ import ( ...@@ -22,7 +22,7 @@ import (
const ( const (
prog = "keycloak-proxy" prog = "keycloak-proxy"
version = "v1.0.5" version = "v1.0.6"
author = "Rohith" author = "Rohith"
email = "gambol99@gmail.com" email = "gambol99@gmail.com"
description = "is a proxy using the keycloak service for auth and authorization" description = "is a proxy using the keycloak service for auth and authorization"
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment