mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-07 21:00:30 -06:00
Code Issues Packages Projects Releases Wiki Activity

Automated changelog update [skip ci]

Browse Source
This commit is contained in:
Ralf Haferkamp
2022-08-03 10:00:56 +00:00
parent 6e848c7254
commit a0213938bd
1 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
CHANGELOG.md
View File

@@ -10,6 +10,7 @@ The following sections list the changes for unreleased.
* Bugfix - Substring search for sharees: [#547](https://github.com/owncloud/ocis/issues/547)
* Bugfix - Space Creators can hand over spaces: [#4244](https://github.com/owncloud/ocis/pull/4244)
* Enhancement - Add drives field to users endpoint: [#4072](https://github.com/owncloud/ocis/pull/4072)
* Enhancement - Improve validation of OIDC access tokens: [#3841](https://github.com/owncloud/ocis/issues/3841)
* Enhancement - Improve error log for "could not get user by claim" error: [#4227](https://github.com/owncloud/ocis/pull/4227)
* Enhancement - Allow providing list of services NOT to start: [#4254](https://github.com/owncloud/ocis/pull/4254)
* Enhancement - Introduce insecure flag for smtp email notifications: [#4279](https://github.com/owncloud/ocis/pull/4279)
@@ -53,6 +54,20 @@ The following sections list the changes for unreleased.
https://github.com/owncloud/ocis/pull/4072
https://github.com/cs3org/reva/pull/3046
* Enhancement - Improve validation of OIDC access tokens: [#3841](https://github.com/owncloud/ocis/issues/3841)
Previously OIDC access tokes were only validated by requesting the userinfo from the IDP. It is
now possible to enable additional verification if the IDP issues access tokens in JWT format.
In that case the oCIS proxy service will now verify the signature of the token using the public
keys provided by jwks_uri endpoint of the IDP. It will also verify if the issuer claim (iss)
matches the expected values.
The new validation is enabled by setting `PROXY_OIDC_ACCESS_TOKEN_VERIFY_METHOD` to
"jwt". Which is also the default. Setting it to "none" will disable the feature.
https://github.com/owncloud/ocis/issues/3841
https://github.com/owncloud/ocis/pull/4227
* Enhancement - Improve error log for "could not get user by claim" error: [#4227](https://github.com/owncloud/ocis/pull/4227)
We've improved the error log for "could not get user by claim" error where previously only the