- Fix request body handling for large request bodies.
- Replace linting and formatting with ruff.
- Fix deprecation warnings in tests.
- Security Improvement: Added authentication and authorization checks for HTTP OPTIONS requests in OpaMiddleware. This ensures that OPTIONS requests are subjected to the same security policies as other HTTP methods, preventing potential information leaks. See advisory for more details
- Update dependencies due to multiple vulnerabilities.
- Drop Python 3.7 support due to FastAPI update
- Update dependencies due to vulnerabilities:
- Optionally use
x-forwarded-
cookies when reconstructing redirect path for OIDC
- Add option to define package name parameter in OPA Config
- Update dependencies due to vulnerabilities
- Use flake8 instead of flake9 to enable removing transitive override.
- Update dependencies due to vulnerabilities.
- requests: CVE-2023-32681
- starlette: no CVE
- Add timeout to requests calls CWE-400
- Add documentation guidelines enforced with vale.
- Update packages due to vulnerability CVE-2023-0286 and others.
- Bump GitPython due to vulnerability CVE-2022-24439
- Drop Python 3.6 support due to incompatibility with GitPython > 3.1.29.
- Change method from get to post in testing to fix parameter issue.
- Fix a bug with oidc redirect login
- Add API Key authentication
- Add options to allow multiple authentication methods
- Bump lxml (transitive dependency) due to vulnerability CVE-2022-2309
- Bump pyjwt due to vulnerability CVE-2022-29217
- Fix multiple usage of the request body
- Skip lifespan requests (server startup / shutdown)
- Improve type extraction for graphql
- Uses regex to skip endpoints
- Properly implement the usage of access tokens
- Add an option to allow id tokens or access tokens
- Replace contrib.rocks img with manual list
- Add the option to skip some given endpoints (middleware + injectable).
- Allow authentication through bearer token
- Fix a bug with graphql injectable
- Update versions and fix python version range
- Allow updating fastapi >= 0.66 and force updating because of CVE in versions < 0.65.2.
- Stop protecting the openapi endpoints by this middleware.
- Skip CORS "OPTIONS" requests.
- Change redirect to OIDC identity provider from 307 to 303.
- Add session middleware and single log out for auth_saml
- Remove fixed versions of dependencies.
- Add readme flow diagram with absolute link to be displayed on pypi.
- Add saml authentication as an authentication method.
- Adapt authentication interface (backwards compatible) to allow async and request usage within the authentication method.
- Allow custom injectables to enrich the payload sent to OPA.
- Add GraphQLAnalysis to parse raw GraphQL payloads and add an injectable to send additional data to OPA allowing fine-grained authorization policies.
- Remove uvicorn as a pkg dependency.
- Make OIDC jkws endpoint optional (not necessary for the HS256 algorithm).
- Allow non-keycloak well_known endpoints and usage without a well_known endpoint. This changes the interface of the OIDC config object.
- Add support for python versions > 3.6.
- Testing of OPA middleware and OIDC authentication as well as the pipeline setup for executing tests, style checks and dependency audit. (#4)
- Initial implementation of OPA middleware and OIDC authentication.
- Package documentation and usage instructions.