Releases: google/oauth2l
OAuth2l v1.3.0 Release
This release contains major security updates.
Features added:
- 3LO Loopback Flow:
- Add support for 3LO loopback flow, which redirects the authorization code to a localhost server (managed by OAuth2l) to complete the 3LO flow. This is in contrast with the deprecated 3LO Out-of-band (OOB) flow that required users to manually copy-and-paste the auth code.
- The 3LO loopback flow is automatically triggered when using a client ID credentials file where redirect_uris is set to "localhost" (this is the default value for credentials file obtained from Google Cloud Console). Furthermore, the browser will be automatically be opened to bring up the consent page (unless this behavior is disabled using the flag "disableAutoOpenConsentPage").
- PKCE:
- Add PKCE (Proof Key Code Exchange) to 3LO flow, which protects against CSRF and authorization code injection attacks.
OAuth2l v1.2.2 Release
Features:
- Support "scope" for self-signed JWT in addition to "audience".
Bug fixes:
- Support "id_token" and "scope" as token extras and cache these extra token fields correctly.
OAuth2l v1.2.1 Release
Include id_token field in JSON output when applicable.
NOTE: v1.2.1 release does not properly cache id_token field - id_token field will be omitted when oauth2l returns a cached token. For id_token caching support, please use v1.2.2
OAuth2l v1.2.0 Release
This is a major release containing several new features and bug fixes.
Features added:
- Service Account Impersonation:
- Added "--impersonate-service-account xxx" option to exchange the retrieved User access token with a Service Account access token using Google's IAM Service.
- Domain-wide Delegation:
- Use "--email xxx" option to specify a user email account for domain-wide delegation when authenticating with Service Account credentials.
- Exporting gcloud Refresh Token Credentials:
- Use “--output_format refresh_token” to export a gcloud refresh token credentials JSON when authenticating with 3-legged OAuth. This credentials JSON can subsequently be used for user-based authentication in client libraries.
- Replaced “sgauth” module with official “oauth2” library:
- The “sgauth” module that powered oauth2l was a forked version of the golang “oauth2” library. The feature gaps have been reconciled, and oauth2l will use the official oauth2 library going forward.
OAuth2l v1.1.0 Release
This is a major release containing several new features and bug fixes.
Features added:
- STS support:
- Added "--sts" boolean flag to perform STS token exchange as a final step, converting the fetched OAuth Access Token to STS token. This flag is compatible with oauth and sso auth types, as well as curl and caching.
- Added "--quota_project" GUAC parameter for use in STS claim.
- OAuth2l Playground support:
- Added "web" command to install and launch an interactive web app version of the OAuth2l tool via local deployment via docker. This feature is currently in experimental phase and will be enhanced in future releases.
- Improved handling of expired access tokens in cache:
- OAuth2l will no longer return expired access tokens from the cache to the user.
- OAuth2l will automatically refresh expired access token (via refresh token), if the "--refresh" parameter is enabled. This eliminates the hassle of having to redo the authorization flow for 3LO when the access token has expired.
v1.0.2
OAuth2l v1.0.1 Release
November 2019 Update
Support Go modules
Initial version of Golang with refined interface
July 2019 Update
The oauth2l client has been redesigned to support a richer set of
command-line options. Options such as "scope", "audience", and "email" can
now be specified explicitly in order to avoid ambiguity and mis-use.
Furthermore, several options have been deprecated and/or renamed for clarity:
--jsonis now--credentials--credentials_formatis now--output_format--jwtis now--type jwt--ssois now--type sso
Note: The tool maintains backward compatibility with the old option names
and continues to accept implicit options for "scope", "audience", and
"email" based on context. However, please use the new style of explicit
options going forth. Refer to the "Command Options" section for details.
Please check the README file for more information about the usage.