Connect2id server 9.3
This release of the Connect2id server adds a new plugin interface and updates the SQL and DynamoDB database connectors.
SPI for customising token responses
A new plugin interface enables customisation of token responses. Deployments willing to experiment with the new OAuth 2.0 Rich Authorization Requests (RAR) spec, in development at the OAuth 2.0 WG, can use it to return the required RAR metadata in the token response. We provided a working example.
Token error responses can also be potentially customised.
Database connector updates
The SQL store connector was updated and now has a default configuration where a single SQL connection pool is shared between all Connect2id server maps and caches with data persistence. Support for vertical partitioning is still available.
The DynamoDB connector was also updated and can now be configured with an HTTP proxy host and port for connections to the database endpoint.
The authorisation session API of the Connect2id server also received a small update and a bug fix.
Check the release notes below for additional information.
To download a ZIP package of Connect2id server 9.3:
As WAR package only:
Contact Connect2id support.
- Updates the SQL store schema to v2.7 and switches to a single shared database connection pool for all Infinispan map and cache structures used by the Connect2id server. Support for per map / cache connection pool to spread the load over multiple databases (vertical partitioning) is still available.
- Updates the DynamoDB store schema to v1.7 and adds support for configuring an optional HTTP proxy for connections to the DynamoDB endpoint. The HTTP proxy is configured by setting the Java system properties "dynamodb.httpProxyHost" and "dynamodb.httpProxyPort".
- Exposes the optional "id_token_hint" OpenID authentication request parameter in the authorisation session object (under "auth_req").
Upgrades the Connect2id server SDK to com.nimbusds:c2id-server-sdk:4.20
- New SPI for composing custom token success and error responses. Can be used to include additional parameters in an access token response based on the authorisation (consent) "data" parameter, such as an "authorization_details" parameter required in OAuth 2.0 Rich Authorization Requests (draft-lodderstedt-oauth-rar-03).
Previously consented claims appearing in the consent prompt (authorisation session API) must not include language tags. Fixed a bug which prevented stripping of the tags from claim names retrieved from the "clm" field in authorisation records (issue server/558).
Enhances the authorisation session API by automatically stripping language tags in the names of consented claims (issue server/559).
Upgrades to com.nimbusds:c2id-server-sdk:4.20
Upgrades to com.nimbusds:oauth2-oidc-sdk:7.5
Upgrades to com.nimbusds:oauth2-authz-store:14.6
Upgrades to com.nimbusds:infinispan-cachestore-sql:4.2.2
Upgrades to com.nimbusds:infinispan-cachestore-dynamodb:3.6.1