- Allow for multiple Guardian setups in a single applications
- Adds pipelines
- Significantly updates Guardian api to be more consistent
- Make Phoenix an optional dependency
- Make Plug an optional dependency
- Permissions as an optional add-in
- Deprecates Hooks in favour of callbacks on particular implementations
- Removes Phoenix macros in favour of plain functions
See the 0.14 to 1.0 Upgrade Guide for detailed updating instructions
Update the poison and phoenix deps to allow a broader version setting
- Fix a param issue in sockets
- Fix function specs
- Renew session on
sign_in - Add a custom claim key from load resource
- _Really fix pattern matching error with GuardianDB
- Fixed pattern matching error with GuardianDB
- Update to Elixir 1.3
- Added test coverage: ueberauth#234
- Token exchange: ueberauth#150
- Adds ensure resource plug ueberauth#238
- Name collision fix: ueberauth#215
- Support for
{:system, var}configuration options - Adds an
allowed_driftoption to allow for clock skew
- Replaced taking a function for configuring secret_key with accepting a tuple {mod, func, args}
- Change default token type from "token" to "access"
- Fix Dialyzer errors
- Target Elixir 1.3+
- Update Jose and Phoenix dependencies
- Fixes for ttl and exp
- Added integration tests
- Add
one_ofto permissions Plug to allow for OR'd sets of permissions as well as AND'd ones - Fix infinite recursion bug when joining channels
- Support for secret keys other than "oct" which provides support for signature algorithms other than HSxxx. See #122
- Fix incorrect param name in channel
- Tighten up log calls
- Fix moar typos
- General code cleanup
- Losen poison requirement to >= 1.3.0
- Use existing resource on conn if already present
- Fix refresh to correctly use revoke
- Fix error in Guardian.Plug.ErrorHandler when Accept header is unset.
- Adding Guardian.Plug.EnsureNotAuthenticated to validates that user isn't logged
- Fix bug where TTL was not able to be set when generating tokens
- Add a Guardian.Phoenix.Socket module and refactor Guardian.Channel
- Update JOSE to Version 1.6.0. Version 1.6.0 of erlang-jose adds the ability of using libsodium and SHA-3 (keccack) algorithms. This improves speed a lot.
- Adds travis
- Adds ability to use custom secrets
- Allows peeking at the contents of the token
- Stop compiling permissions. This leads to weird bugs when permissions are changed but not recompiled
- Remove internal calls to Dict
- Store the type of the token in the typ field rather than the aud field The aud field should default to the sub or failing that, the iss. This is to facilitate implementing an OAuth provider or just allowing folks to declare their own audience.
- Fix a bug with logout where it was not checking the session, only the assigns This meant that if you had not verified the session the token would not be revoked.
- Adds basic Phoenix controller helpers
- Remove Joken from the dependencies and use JOSE instead.
- Add a refresh! function
- Adds Guardian.Plug.authenticated?
- Adds simple claim checks to EnsureAuthenticated
- Fix an issue with permissions strings vs atoms (not encoding correctly)
Rename
Guardian.mint -> Guardian.encode_and_sign
Guardian.verify -> Guardian.decode_and_verify
Guardian.Plug.EnsureSession -> Guardian.Plug.EnsureAuthenticated
Guardian.Plug.VerifyAuthorization -> Guardian.Plug.VerifyHeader
Add new hooks on_verify and on_revoke Remove multiple hooks registration
Allow multiple hooks to be registered to Guardian
Use strings for keys in the token.
Remove CSRF tokens support. CSRF tokens are masked and so cannot be adequately implemented.
- Add callback hooks for authentication things
- Update to use new Joken
- Include permissions
Initial Release