Dan Milne ed7ceedef5 Include the hash of the access token in the JWT / ID Token under the key at_hash as per the requirements. Update the discovery endpoint to describe subject_type as 'pairwise', rather than 'public', since we do pairwise subject ids.

2025-12-31 14:45:38 +11:00

..

assets

First commit

2025-10-23 16:19:56 +11:00

channels/application_cable

First crack

2025-10-23 16:45:00 +11:00

controllers

Include the hash of the access token in the JWT / ID Token under the key at_hash as per the requirements. Update the discovery endpoint to describe subject_type as 'pairwise', rather than 'public', since we do pairwise subject ids.

2025-12-31 14:45:38 +11:00

helpers

Add OIDC fixes, add prefered_username, add application-user claims

2025-11-25 16:29:40 +11:00

javascript

PKCE is now default enabled. You can now create public / no-secret apps OIDC apps

2025-12-31 09:22:18 +11:00

jobs

Backchannel complete - improve oidc credential display

2025-11-27 11:52:25 +11:00

mailers

Improve some front end views. More descriptive error condition reporting. Updates to CLINCH_HOST for better WEBAUTHN

2025-11-12 16:24:05 +11:00

models

Use SolidQueue in production. Use the find_by_token method, rather than iterating over refresh tokens, as we already fixed for tokens

2025-12-31 14:32:34 +11:00

services

Include the hash of the access token in the JWT / ID Token under the key at_hash as per the requirements. Update the discovery endpoint to describe subject_type as 'pairwise', rather than 'public', since we do pairwise subject ids.

2025-12-31 14:45:38 +11:00

views

Add rails encryption for totp - allow configuration of encryption secrets from env, or derive them from SECRET_KEY_BASE. Don't leak email address via web_authn, rate limit web_authn, escape oidc state value, require password for changing email address, allow settings the hmac secret for token prefix generation

2025-12-31 10:33:56 +11:00