All notable changes to this project will be documented in this file. This change log follows the conventions of keepachangelog.com.
- [Issue #65 - Cannot create ClientRepresentation with standard flow, direct access, or service accounts disabled][#65]
- Bumps clj-common/fs to address CVE-2024-26308 (https://www.cve.org/CVERecord?id=CVE-2024-26308)
- Fixes import of Vault libraries.
- Fix the
get-user-by-username
function in bothkeycloak.admin
andkeycloak.user
ns, fix the failing tests inkeycloak.user-test
ns
- Fix the LICENSE metadata in pom.xml that prevented uploading the JAR to clojars (see https://github.com/clojars/clojars-web/wiki/Pushing#licenses)
- PR 57 - Moves to newer versions of logging libraries CVE-2023-6378
- PR 56 - Add ES256/384/512 & PS256/384/512 signature verification
- PR 55 - Refactor deprecated RSATokenVerifier with TokenVerifier
- Refactor the build process of the uberjar for the docker image of Keycloak starter (use now tools.build instead of depstar because of a bug with reader macro in depstar fixed in tools.build)
- this change resolves the following vulnerability: CVE-2023-2976
- this change resolves the following vulnerabilities: CVE-2022-3171
- This change resolves the following vulnerabilities: CVE 2022-41854
- Bump Keycloak client libs to Keycloak's version
20.0.3
- This change resolves the following vulnerabilities: CVE-2020-25633 and CVE-2020-25647
- Snakeyaml dependency had a CVE that they fixed, clj-yaml pulled it in with this newest release. https://nvd.nist.gov/vuln/detail/CVE-2022-25857
- Refactoring of documentation for better presentation in cljdoc, need a patch on clojar...
- Issue 46 - Refactor the keycloak.deployment/extract to include all the properties from JsonWebToken and IDToken
- Issue 45 - Add a path parameter for building the Keycloak URL during starter init
- Fix the naming of the
keycloak.user/add-required-actions!
function
- Issue 44 - Add a specific function to add required action(s) to a user
- Issue 41 - Bump to Keycloak 18.0.0
- Issue 40 - Retry mechanism with exponential backoff
- Bump Keycloak libs to version
16.1.1
- Upgrade SCI dependency org
- Add token store feature (for client using a token) and near-expiration? predicate in
keycloak.authn
ns
- Fix
keycloak.authn/authenticate
function by adding content-type
- Better reporting and logging when applying any reconciliation plan
- Better performance for users reconciliation plan (avoid unnecessary process and add parallelization when groups are retrieved for every users in standalone requests)
- Issue #38 Add
send-verification-email
andexecute-actions-email
functions inkeycloak.user
ns
- Change HTTP configuration: pool size increase to 8, connect timeout of 4 seconds and read timeout of 20 seconds
- Remove confusing output when applying a step from a reconciliation plan (particularly deletions that eventually are not applied...)
- Add functions for generating passwords in ns
keycloak.user
- Issue #37 Fix for
keycloak.admin/regenerate-secret
failure
- First release of the reconciliation behavior and usage in the starter init process
- Add a
dry-run
option to CLI to only ontput the data structure but not applying it - Fix a bug with hashicorp vault integration
- various bug fixes and patches for dry-run
- Issue #35: Bump keycloak-clojure to use Keycloak libs version 16.1.0
- Issue #33: Make the Docker image of keycloak-clojure-starter multiplatform (both linux/amd64 and linux/arm64 for Apple M1)
- Issue #34: Add the client mappers as a parameter to starter And a bug fix related to the attributes settings when updating an existing user.
- Issue #30 - Add a new option
:user-admin
in:realm
section of the starter input data structure
- Issue #29 - Fix the keycloak.user/user-id behavior with now an exact match
Add .close
to Response object that were not closed. See #27
All the patch between that two versions are for fixing the issues to make the lib properly integrating in cljdoc (mess with cli-matic and :git/url dep style).
Fix NPE with the user-for-update
function when no password is provided
Add new functions in keycloak.backend
namespace for verifying token in a Yada context or Ring request.