oidc-agent 5.3.6

Bugfixes

• Fixed a bug that error messages were not correctly parsed and automatic user help could not be provided.

Provider

• Added a public client for https://proxy.myaccessid.org

oidc-agent 5.3.5

Features

• Added --trace-http FILE option to oidc-agent that writes all HTTP
  traffic with OpenID Providers to a user-specified file, including full
  request/response headers and bodies, TLS info, and per-request timing.
  This enables diagnosing issues like scope negotiation failures without
  needing external tools. (#623)

Enhancements

• Include the OP endpoint URL in token error messages so users can
  distinguish OP-side errors from oidc-agent-side errors.
• Log scope mismatches at NOTICE level when the OP returns different
  scopes than requested.
• Add per-request timing (CURLINFO_TOTAL_TIME) to DEBUG log output.
• Added log_error parameter to file I/O functions to control error
  logging, preventing unnecessary error messages when files do not
  exist. (#645)
• The socket path trust check error message now includes the actual
  path that failed, giving users actionable diagnostic information. (#603)

Bugfixes

• Fixed scope resolution for public clients without configured scopes:
  when scope=max is used and the public client has no scope field in
  its issuer config, oidc-agent now falls back to fetching
  scopes_supported from the OP's discovery endpoint. The interactive
  oidc-gen scope prompt now also filters default scopes against the
  OP's supported scopes. (#622)
• Fixed socket path trust check failing on root-owned directories (e.g.
  /tmp owned by root:root with group-writable + sticky bit). GID 0
  is now trusted, mirroring the existing implicit trust of UID 0. (#603)
• Fixed DELETE requests being logged as "Https GET".
• Fixed compiler warnings about wrong argument types when calling
  curl_easy_setopt.
• Fixed mismatched return type between ipc_connect declaration and
  definition.

oidc-agent 5.3.4

• Allow usage of custom parameters in the device init request
• Fix audience handling in device flow; #638

oidc-agent 5.3.3

Bugfixes

• Fixed a bug that caused a segfault (and therefore crash of oidc-agent) when trying to use oidc-agent with mytoken.

oidc-agent 5.3.2

Bugfixes

• Fixed an internal bug, that prevented building on macos

oidc-agent 5.3.1

Bugfixes

• Fixed an internal bug, that prevented building on macos

oidc-agent 5.3.0

Features

• The issuer.config file(s) now have support for a user_client object.
  This can be used to add a user registered client to an issuer and re-use
  accross account configurations.

Enhancements

• Allow empty encryption password in GUI password prompts.
• In the refresh flow, oidc-agent now does not request the offline_access scope.
• When migrating from oidc-agent <5 the automatic update of the issuer.config
  file was improved. It can now correctly handle the case where an issuer
  existed with and without a trailing slash in the old file.

Bugfixes

• Fixed a bug where oidc-agent would segfault if issuer.config files do
  not exist.

oidc-agent 5.2.3

Bugfixes

• Fixed a bug where oidc-token would segfault if the account was not known.

oidc-agent 5.2.2

Bugfixes

• Fixed a bug where oidc-agent would crash due to a segmentation fault if ~/.config/oidc-agent/issuer.config was not present.

oidc-agent 5.2.1

Bugfixes

• Fixed permissions on static lib
• Removed bash completion for oidc-tokensh
• Fixed options passing from oidc-agent-service to oidc-agent