lua-resty-openidc Files

Features - added id_token and the token endpoint response as additional arguments to the on_authenticated lifecycle hook; see [#413] - added opts.discovery_expires_in in order to make cache expiry of OpenID Connect Discovery responses configurable. - added public functions that allow tokens to be revoked without destroying the current session; see [#402]; thanks to @thorstenfleischmann - authenticate's last parameter can now be an existing session rather than options for starting a new one: see [#405]; thanks to @thorstenfleischmann - added opts.cache_segment as option to shard the cache used by token introspection or JWT verification; see [#399] - made jwt_verify() and bearer_jwt_verify() use a separate cache named "jwt_verification" and introduced opts.jwt_verification_cache_ignore to disable caching completely; see [#399]

Bugfixes - when the x5c claim of a JWK is an empty array it will be ignored rather than cause an error; see [#406] - if lifecyle handlers return truthy values they cause the operation they are handlers of to fail; see [#384]; thanks to @arcivanov - fixed a session leak in access_token() and for a very unlikely code-path in authenticate(); authenticate will still normally not close the session as users may want to use it after the method returns; see https://github.com/zmartzone/lua-resty-openidc#sessions-and-locking; see [#374]