Release notes
Contents
Version 4.0
new Redirect URI
This version introduces breaking changes to how the Redirect URI is constructed, which require updating the settings in your ID Service Provider.
Thanks to these changes, deep links will be handled correctly.
The Redirect URI now matches virtual host source path mapping. For instance, you have the following vhost mapping:
mapping.myoidc.host = xp.example.com
mapping.myoidc.source = /my-admin
mapping.myoidc.target = /admin
mapping.myoidc.idProvider.myoidc = defaultThe correct Redirect URI should be:
https://xp.example.com/my-admin/_/idprovider/myoidcRequired Actions
-
Review your existing ID Provider settings.
-
Update Redirect URI (aka Callback URI) to follow the new format.
-
Ensure that the Redirect URI exactly matches your virtual host mapping.
User events
Starting from version 4.0, you can specify the userEventPrefix and userEventMode properties to manage user events. More details can be found here.
clientSecret
Added support for multiple space-separated clientSecret values to follow Auth0 rotation best practices and avoid downtime from propagation delays.
Version 3.0
What’s new in version 3
-
Starting from version 3.0, it is possible to specify
oidcWellKnownEndpoint(Provider’s OpenID Connect Discovery URL) to obtain the values for theissuer,authorization_endpoint,token_endpoint,userinfo_endpointandjwks_uriproperties. -
User
displayNameandemailare now automatically updated when the user logs in with Authorization Code Flow. -
Authorization Code Flow with PKCE is now supported and used by default. Disable it (
usePkce = false) if your provider does not support it. -
In Authorization Code Flow, the ID Token verification is now done with the public keys from the JWKS URI (
jwksUri). -
The
clientIdandclientSecretfields are now optional in the ID Provider configuration. If you want to disable Authorization Code Flow,clientIdshould be omitted.
