Release notes


What’s new in version 3

  • Starting from version 3.0, it is possible to specify oidcWellKnownEndpoint (Provider’s OpenID Connect Discovery URL) to obtain the values for the issuer,authorization_endpoint, token_endpoint, userinfo_endpoint and jwks_uri properties.

  • User displayName and email are now automatically updated when the user logs in with Authorization Code Flow.

  • Authorization Code Flow with PKCE is now supported and used by default. Disable it (usePkce = false) if your provider does not support it.

  • In Authorization Code Flow, the ID Token verification is now done with the public keys from the JWKS URI (jwksUri).

  • The clientId and clientSecret fields are now optional in the ID Provider configuration. If you want to disable Authorization Code Flow, clientId should be omitted.