Version: 1.1.2

Framework Version: 9.24.2

Release Notes: This version contains the following fixes/improvements - Fixed issue related to lost SSO sessions caused new login Library Upgrades: - com.nimbusds:nimbus-jose-jwt to version 9.37.3 Recommendation: After upgrading to the latest version, there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old OIDC Provider module from the userlib folder of the project before upgrading to the latest version.

Version: 1.1.1

Framework Version: 9.24.2

Release Notes: This version contains the following fixes/improvements: - Fixed Java dependency issue in migration file for Mendix10 compatibility

Version: 1.1.0

Framework Version: 9.24.2

Release Notes: This version contains the following improvements: - Improved adherence to OIDC specifications for standard claims in the ID-token. ‘Sub’ claim now contains the user’s UUID and not the user’s username as was the case in previous versions. This is more adherent to OIDC specifications, which improves the interoperability of SSO connections. Note that the side effect is that the module is not fully backward compatible: existing implementations with OIDC provider that extract the username from the ‘sub’ claim should migrate the logic to extract the username from ‘username’ claim instead. - We’ve standardised the way userrole (UUID) can be communicated from the OIDC provider to a Mendix app using OIDC SSO module. We advise that the apps you want to connect with OIDC Provider use OIDC SSO version 2.3.0 or higher, since that includes standarised workflows for parsing tokens. - Supports ID-token with custom claims in JSONObject format This version contains the following fixes: - We included a migration file for the Java dependencies for Studio Pro 10 compatibility. - Upgraded to Studio pro v9.24.2 - Fixed Mendix 10 compatibility issue - Fixed issue related to cookies(Ticket#186871, Ticket#186082) - Library Removed: lang3-3.1.0.jar Recommendation: After upgrading to the latest version ,there could be a potential issue due to conflicting Java libraries of the old and the new version. Hence it is recommended that you delete all Java libraries used by the old OIDC Provider module from the userlib folder of the project before upgrading to the latest version.

Version: 1.0.0

Framework Version: 9.22.0

Release Notes: This version supports the following: -Allows registration of Mendix apps via the client registration endpoint -It works/integrates with the platform-supported OIDC SSO module -It supports responsive web applications, using the common OAuth Authorization Code grant. -Your apps can be registered as an OIDC client with the OIDC Provider using the client registration API or client configuration screen -It supports the OIDC ‘nonce’ parameter, PKCE, and multiple client authentication methods ( client_secret_post, client_secret_basic) as security features -It publishes a well-known endpoint to communicate other endpoints and other IdP characteristics to client applications URL: /oidc/.well-known/openid-configuration -Supports Custom claims -Supports “scope” approach to communicate the authorization decision made by the OIDC Provider module.