Please see OIDC SSO in the Mendix documentation for details.

Version: 4.0.0

Framework Version: 10.12.10

Release Notes: This version contains the following enhancements: - v.4.0.0 version for apps on Mx10.12.10 or higher - React Ready for apps This version contains the following fixes/Improvements: - Default role assigned to the user, combined with roles parsed from the access token - Improved efficiency during OIDC.ASU_OIDC_Startup in multi-instance environments (Ticket #230410) - Removed the OIDC.ACT_Account_RetrieveAccount microflow from the _USE ME folder.This microflow used to retrieve the user from the Administration module, and now it is handled within the module itself. - Code improvements, making it easier for customers to understand and customize the module if needed

Version: 3.2.0

Framework Version: 9.24.18

Release Notes: This version contains the following enhancements: - Support of Microflow URLs with Query Parameters for continuation after login redirection - Enhanced user login by preventing logins for inactive users - Supporting apps with subpath routing This version contains the following fixes/improvements: - Fixed Issue related to selected scope in deploytime Configuration (Ticket #224987) - Updated the UI heading for selected scopes to “Your app will request the following scopes at IdP” - Upgraded to Studio pro version 9.24.18 - Improved MxModelReflection handling by refreshing modules to ensure backward compatibility and during deploy-time configuration. Customers are advised to manually refresh modules in other cases. - New Cookie to clear cached session data during user login(Ticket #201728) - Fixed issue related to Progressive Web App offline(Ticket #229872) Library Upgrades: - com.nimbusds:nimbus-jose-jwt to version 9.41.2 (Ticket #224507,Ticket #224508,Ticket #224815,Ticket #229247 ) - com.auth0:jwks-rsa to version 0.22.1 Recommendation: After upgrading to the latest version ,there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old OIDC SSO module from the userlib folder of the project before upgrading to the latest version.

Version: 3.1.0

Framework Version: 9.24.2

Release Notes: This version contains the following enhancements: - The capability to use the module for API security is enhanced; the OIDC SSO module can now validate Access Tokens (a.k.a. OAuth bearer tokens, or JWT tokens) that have been issued via OAuth Client Credential grant The necessary configurations can be done from a CI/CD pipeline at deploy-time using Application Constants or via Admin configuration UI at runtime This version contains the following fixes/improvements: - Renamed OIDC.Startup microflow as OIDC.ASU_OIDC_Startup - Updated log level to "info" when the custom UserProvisioning microflow returns an empty user in handleAuthorizationCode(Ticket#220234)

Version: 3.0.1

Framework Version: 9.24.2

Release Notes: This version contains the following enhancements: - Enhanced security by resolving weak sha1 algorithm detection in package-lock.json.(Ticket#215455) This version contains the following fixes/improvements: - Fixed base64 decoding issue in AzureRoleParse to handle JWT payloads with underscores(Ticket#217222) - Fixed auto-commit issue in OIDC.CodeChallengeMethodsSet during Automated Deploy-time SSO Configuration(Ticket#217387) - We removed Snip_Login_Automatic snippet from module, and recommend to use Snip_Login_Button snippet instead.

Version: 3.0.0

Framework Version: 9.24.2

Release Notes: This version contains the following enhancements: - Users can be provisioned to Custom user entity without customizing the module. - When using Entra ID, the default attribute mapping can be used ; in the typical case there is no need to configure attribute mapping. - User provisioning can set the user_type (i.e. internal / external ) based on IdP-level configuration. This eliminates the need to build a customer microflow for accurate user counting. - User provisioning allows to set the user’s preferred language and timezone based on SSO response. - User provisioning can set a default userrole, regardless of the Access Token. - JIT user provisioning can be disabled, e.g. when users are provisioned only via Administration module. - Possible to select any custom microflow for user provisioning i.e prefixed with "OIDC_CustomUserParsing". This makes it possible for customers to share such microflows across multiple apps using OIDC SSO. - Forward-compatible with Upcoming SCIM Module. - Added UserCommons Module as a new dependency for OIDC SSO. - Mandatory to Set OIDC.Startup microflow as After Startup within settings. This version contains the following fixes/improvements: - Fixed issue related to access token parsing microflow (Ticket#177243). - Fixed issue related to Scope Value Attribute.

Version: 2.4.0

Framework Version: 9.24.2

Release Notes: This version contains the following fixes/improvements: - Support of Progressive Web App(PWA) - Support of Page and Microflow URLs - Support for Additional Scopes on deploytime Configuration - Fixed issue with Token expires_in attribute (Ticket#206386) Library Upgrades: - com.nimbusds:nimbus-jose-jwt to version 9.37.3 Recommendation: After upgrading to the latest version ,there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old OIDC SSO module from the userlib folder of the project before upgrading to the latest version.

Version: 2.3.2

Framework Version: 9.24.2

Release Notes: This version contains the following fixes/improvements: - Encoded the escaping special characters in URL for OIDC - Fixed issues related to Dutch Translation Library Upgrades: - com.fasterxml.jackson.core:jackson-databind to 2.16.0 - com.fasterxml.jackson.core:jackson-annotations to 2.16.0 - com.fasterxml.jackson.core:jackson-core to 2.16.0 Recommendation: After upgrading to the latest version ,there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old OIDC SSO module from the userlib folder of the project before upgrading to the latest version.

Version: 2.3.1

Framework Version: 9.24.2

Release Notes: This version contains the following fixes/improvements: - Fixed Java dependency issue in migration file for Mendix 10 compatibility. Library Upgrades: - org.json:json:20230227 to 20231013 Recommendation: After upgrading to the latest version ,there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old OIDC SSO module from the userlib folder of the project before upgrading to the latest version.

Version: 2.3.0

Framework Version: 9.24.2

Release Notes: This version contains the following enhancements: - Allows for automation of SSO configuration via Application Constants set in your CI/CD pipeline, i.e. at deploytime. - Influence authentication at your IDP using the ACR feature. - Added an out-of-the-box microflow for standardized access token parsing, which can – for example - be used when your app is interacts with OIDC Provider module in another app. - We included a migration file for the Java dependencies for Studio Pro 10 compatibility. This version contains the following fixes/improvements: - Enhanced the error handling messages for authorized API calls(Ticket#173297) - Dependency on “Native Mobile Resources” module has been removed.

Version: 2.2.0

Framework Version: 9.24.2

Release Notes: This version contains the following fixes/improvements: - Improvement for redirect URLs which may or may not have trailing slash ‘/’. - Fixed Mendix 10 compatibility issue.(Ticket#190175) - Upgraded to Studio pro v9.24.2 Library Upgrades: - com.nimbusds:nimbus-jose-jwt to version 9.31 Recommendation: After upgrading to the latest version ,there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old OIDC SSO module from the userlib folder of the project before upgrading to the latest version.