- Add
caStore
to relying party config.
- Make x5c check conditional for Entra exchange.
- Add config-based override for x5c enforcement to native exchange.
- Log Entra callback explicitly.
- Remove success log event for Entra callback error.
- Remove extra error log event for Entra callback error.
- Redact callback error log.
- Report error upon encountering a callback error.
- Add logging for successful and failed presentation attempts.
- Add Entra verification callback logs.
- Add additional validation for trusted issuers.
- Add X.509 validation to Entra workflows, in case Entra doesn't do it natively.
- Make exchange error title and subtitle messages configurable.
- Make reset title message configurable.
- Make exchange active expiry time configurable.
- Render exchange active expiry time in UI.
- Replace
decodeJwtPayload
withjose.decodeJwt
.
- Fix breaking change in
BaseWorkflowService.getExchange
.
- Add support for config validation and VS Code schema-based config completion.
- Add default values for audit fields.
- Avoid reCaptcha timeout by waiting to invoke it until the user submits.
- Enable user to reset exchange from failed back to pending to try submitting again.
- Fix Entra security bug, by using a different secret access token for an exchange's verification callback endpoint.
- Changed cookie timeout from 15m to 1m
- Exchange is updated to invalid state upon invalid JWT presentation. (resettable)
- Removed development-only optional
credentialVerificationCallbackAuthEnabled
Entra workflow configuration option.
- Updated
credential-handler-polyfill
to released version.
- End the spinner if the exchange fails (enters an invalid state), and show an error message.
- Add better reCAPTCHA logging to audit feature.
- Add missing return statement to /context/verification endpoint.
- Add tutorial documents.
- Add logo to README.
- Add reCAPTCHA to the audit form.
- Use red asterisks to denote required fields in the audit form.
- Changed example config to show "steps" in Entra config.
- Compress audit config fields into single object.
- Enabled more precise control of text when switching OID4VP views.
- Updated
credential-handler-polyfill
to experimental branch to incorporate module change. - Remove all whitespace from VP token before submitting audit.
- Fixed another bug with old spinner showing in mobile view.
- Fixed old spinner showing in mobile view.
- Improve error handling in config validation.
- Fix missing "step" functionality in Entra flow.
- Fix ability to create a new authorization request when in mobile active state.
- Fix
client_id
requirement on/config/app.json
.
- Add RP specific translations override.
- Apply fixes to the
authorization.js
config.
- Add support for dropdown audit fields.
- Add new verification page.
- Add
untrustedVariableAllowList
to a workflow to allow specific custom variables to be provided via untrusted user input. - Add callbacks to workflow steps.
- Add new
active
state once authorization request has been retrieved. - Add button view in mobile view with QR code option.
- BREAKING: Remove
qrClickMessage
.
- Add custom google translate translations.
- Use
oidc.state
from previous exchange on creating new one. - Remove OIDC requirements in config.
- Add Translations using
vue-i18n
and config values. - Add audit feature for VP tokens presented in the past.
redirectUrl
can be included as a variable in exchange.- Bearer
accessToken
can create exchanges. - Create new exchange for same device flow.
- Save cookies to redirect users to proper exchange after presentation.
- Entra can be used as an exchange backend.
- Display OAuth validation errors in UI as appropriate.
- Resized video and added close button.
- Add explainer video.
- Add separate link for home.
- Rename logos and links.
- Update Bedrock Quasar dependencies.
@bedrock/quasar@10
.
- Unpin
quasar
. - Use quasar
platform.is.mobile
instead of userAgent regex. - Update lint tooling and fix lint issues.
- Handle both expected x5c claim formats.
- Require x5c claim if CA Store in config.
- Add second header image and link.
- Add new link to config for home.
- Temporarily disable translate button.
- Ensure challenge is being included in verification.
- Use Bedrock packages.
- BREAKING: Move config location to
/etc/bedrock-config/combined.yaml
. - BREAKING: Remove
opencred.dbConnectionUri
configuration. MongoDB options should be specified viaconfig.mongodb
. - BREAKING: Remove
opencred.domain
configuration. HTTP Server options should be specified viaconfig.server
andconfig.express
. - Move OID4VP login pages into single page.
- Pin quasar to version 2.14.5.
- Add explicit return to all responses.
- Use
@digitalbazaar/vdl-context@1
. - Use
@digitalbazaar/vdl-aamva-context@1
. - Use
@digitalbazaar/did-method-web
fordid:web
resolution.
- Improve error handling in HTTP handlers.
- Clear credential status lookup interval after redirect.
- Add optional config for customizing UI exchangeProtocols order.
- File size limit on url encoded content increased from 100kb to 200kb.
- Use
@digitalbazaar/did-method-jwk@1
. - File size limit on json increased from 100kb to 200kb.
- Verification of x509 certificates in did:jwk x5c claim.
- Added load testing script.
- Added index on exchange id.
- Removed unnecessary imports.
- Verify VC within VC-JWT presentation.
- Fix
iat
andexp
claim inid_token
.
- Fix bug with nonce value in OID4VP request.
- Fix aud claim in id_token.
- Add support for loading the config from a Base64 encoded environmental variable: OPENCRED_CONFIG.
- Add RS256 signing key.
- Revert to
node:20-alpine
in Dockerfile.
- Native OID4VP flow works with VC-JWT.
- Fix database test data generation and workflow-client connection.
- Fix token endpoint code query.
- Redirect to client
redirect_uri
after exchange is complete. - Generate TTL Index for Entra exchanger.
- Organize OIDC data in database into
oidc
document property. - Add database index for
oidc.code
(partial, on existing values).
- Fix
client_id
generation issue when behind certain load balancers.
- Improve Microsoft Entra Verified ID error handling.
- New config variables.
- Add
openid-configuration
and JWKS endpoints - Configure
prime256v1
EC keys for JWT signing - Sign
id_tokens
to complete OpenID Connect Login flow
- Fix Entra API verification and access token requests.
- BREAKING: Config change to use consistent property casing. Requires a config update.
- Optionally serve a
did:web
DID document. - Optionally serve a did-configuration document with DomainLinkageCredentials.
- Microsoft Entra Verified ID exchange type.
- New configFrom property to enable relying party inheritance.
- Use client-specific theme information in the UI to enable multiple clients to use the same install of OpenCred.
- Made ID Regex in endpoints less restrictive.
- Moved results into proper step.
- Removed unused 'custom' exchange type.
- Use the MongoDB database name specified in the URL connect string.
- Resolves an error with new npm installs related to an old version of
ky
.
- Native OID4VP exchanges
- Mongo database
- Document loader
- did:jwk support
- API endpoints
- API authentication
- API documentation with OpenAPI
- Pin to
node:20.8.0-alpine3.18
. - Revert to
ezcap@4
.
- Use debug branch of
ezcap
.
- Add error logging.
- Add logging.
- Adjust
CMD
in Dockerfile.
- Fix syntax error in Dockerfile.
- Add basic flows.
- Fix container image name.
- Initial release, see individual commits for history.