Skip to main content

FPX Rosebank

Released: 2024-11-29

Core Feature Updates

Configurable Authorization Steps for Resource Server Adapters

This enhancement allows for an administrators to customize which steps happen during an authorization flow in order to authenticate users. This change allows for the order and number of steps to be configurable in the RSAs to reduce code and make it clear to administrator how to use these flows.

General Improvements and Bug Fixes

  • General vulnerability fixes across Authorization Server, Wallet, RSA-OIDC and RSA-FHIR.
  • Resource Server Adaptors no longer return occasional 500 error bug in RSA when wallet server calls user info endpoint of RSA.
  • Resource Server Adaptors now return 4XX level http status when missing state or authorization code.
  • Allows specific Client authorization query parameters to propagate from the Authorization Server to the Wallet Server authorization request.
  • Implemented both none pseudonym and anonymous strategy for hmac and allowed configurable resource type and generated OAuth style access token in the Authorization Server.
  • Update ‘/enrolled_client/:id/permissions’ endpoint to accept query parameter flags to include/exclude expired or disabled permissions Endpoint.
  • The wallet server will scope subjects only relative to the Resource Server. This resolves an issue when two Resource Servers use the same subject value in their userinfo response.
  • OAuth Client avoids post token processing during callback where callback has an error.
  • Wallet Server now allows for wallet client to handle login flow during auto consent.
  • Authorization Server ensures nonces can be returned in the id_token for OIDC requests.
  • Allow use of same access token to get multiple resources at same resource server.
  • Fix exception during auto-consent policy execution caused by missing state.