Dan Milne 524a7719c3 Merge branch 'main' into feature/claims

2026-01-05 12:11:53 +11:00

..

concerns

Switch Access / Refresh tokens / Auth Code from bcrypt ( and plain ) to hmac. BCrypt is for low entropy passwords and prevents dictionary attacks - HMAC is suitable for 256-bit random data.

2025-12-31 15:48:32 +11:00

application_group.rb

StandardRB fixes

2026-01-01 13:29:44 +11:00

application_record.rb

First commit

2025-10-23 16:19:56 +11:00

application_user_claim.rb

StandardRB fixes

2026-01-01 13:29:44 +11:00

application.rb

Add skip-consent, correctly use 303, rather than 302, actually rename per app 'logout' to 'require re-auth'. Add helper methods for token lifetime - allowing 10d for 10days for example.

2026-01-05 12:03:01 +11:00

current.rb

First crack

2025-10-23 16:45:00 +11:00

group.rb

StandardRB fixes

2026-01-01 13:29:44 +11:00

oidc_access_token.rb

StandardRB fixes

2026-01-01 13:29:44 +11:00

oidc_authorization_code.rb

Add claims support

2026-01-05 12:00:29 +11:00

oidc_refresh_token.rb

StandardRB fixes

2026-01-01 13:29:44 +11:00

oidc_user_consent.rb

Add claims support

2026-01-05 12:00:29 +11:00

session.rb

First crack

2025-10-23 16:45:00 +11:00

user_group.rb

StandardRB fixes

2026-01-01 13:29:44 +11:00

user.rb

StandardRB fixes

2026-01-01 13:29:44 +11:00

webauthn_credential.rb

Fix webauthn bug. Fix tests. Update docs

2026-01-01 15:24:56 +11:00