4.0.0-rc.1

This is the first release candidate for the 4.0 major version. No further breaking changes are expected until the next major version.

Refer to the Upgrade Guide for tips on how to upgrade from 3.x.

New Features

• Add support for specific JOSE header types (#161)

Bug Fixes

• Export CoreJsonCurveType (#182)

Other Changes

• Remove defunct sponsorship from README
• Bump oauth2 to 5.0.0-rc.1

Full Changelog: 4.0.0-alpha.2...4.0.0-rc.1

4.0.0-alpha.2

Bug Fixes

• Return impl Future instead of Pin<Box<dyn Future>> (#158)

Full Changelog: 4.0.0-alpha.1...4.0.0-alpha.2

4.0.0-alpha.1

This is an API-unstable release intended for gathering feedback about breaking API changes in 4.0. It should be safe to use in applications, but further breaking API changes MAY occur before stabilizing the API for the 4.0.0 release.

Refer to the Upgrade Guide for tips on how to upgrade from 3.x.

Breaking Changes

• Bump oauth2 to 5.0.0-alpha.4 (19043b1)
• Fix EdDSA signature verification (1d97e0e)
• Replace JWT-related generic traits with associated types (5f039ee)
• Bump oauth2 to 5.0.0-alpha.3 along with http, reqwest, and base64 (7efc894)
• Remove unused nightly feature (c67ffe9)
• Update oauth2 to 5.0.0-alpha.2 (fd40498)
• Remove jwk-alg Cargo feature (73ee82f)

New Features

• Implement From<> for unwrapping newtypes
• Derive Eq for types that already derive PartialEq (898ead2)

Bug Fixes

• Propagate timing-resistant-secret-traits feature flag to oauth2 (1c9f770)
• Fix doc comment URL (1131afa)

Other Changes

• Add upgrade guide (6852dcc)
• Address clippy lints from Rust 1.77 (29aad1c)
• Update list of example OIDC providers (fcada17)
• Update README (fd077bd)
• Remove private JsonCurveType trait (ffde16a)
• Refactor crate into smaller private modules (e87580c)
• Remove empty leading and trailing lines from doc comments (38baa1a)
• Improve Display output of ClientRegistrationError (3a801c9)
• Address clippy lints and clean up examples (9aadf67)
• Add keywords to Cargo.toml (06e9d6c

Full Changelog: 3.5.0...4.0.0-alpha.1

3.5.0

New Features

• Add UserInfoRequest::set_response_type by @FabianLars in #146

Bug Fixes

• Remove #[non_exhaustive] from LogoutProviderMetadata (#150)
• Include the full discovery url on invalid HTTP response by @Timshel in #142

Full Changelog: 3.4.0...3.5.0

3.4.0

New Features

• Take JSON Web Key alg field into account during key selection (#131). This change is gated by a non-default jwk-alg feature flag, which was added to avoid introducing breaking changes. During a future major version, this feature flag will be removed and the functionality will be included unconditionally.
• Support EdDSA signatures (#130)

Full Changelog: 3.3.1...3.4.0

3.3.1

Bug Fixes

• Enable chrono wasmbind feature to fix panic in WASM environments (#127)

3.3.0

This release increases the Minimum Supported Rust Version (MSRV) of this crate to 1.65.

Bug Fixes

• Support standard OIDC birthdate claim (#119). This crate supports a typo'ed birthday claim, which continues to work as before. In addition, it now supports the standardized birthdate claim.

Other Changes

• Update rsa, p256, p384, serde_with, and url dependencies to their latest versions (#117)
• Implement Eq trait on structs and enums already implementing PartialEq to address Clippy lint

Full Changelog: 3.2.0...3.3.0

3.2.0

New Features

• Add support for OAuth 2.0 Device Authorization Grant, along with an example of how to use this flow with Okta (#114). This feature updates the minimum required oauth2 crate version to 4.4.1.

Bug Fixes

• Fix various cargo doc warnings and rustdoc links

3.1.1

Bug Fixes

• Export PostLogoutRedirectUrl and LogoutHint

3.1.0

New Features

• Add support for OpenID Connect RP-Initiated Logout (#112).

  Special thanks to @jsimonrichard for contributing this feature!