v0.25.0

Changelog

Features

• afe42f0: feat(oidc): add Cache-Control header to discovery endpoint (#154) (@appleboy)
• aaa9241: feat(cache): add OAuth client cache with redis-aside support (#155) (@appleboy)
• 8c78cc0: feat(cache): add Prometheus metrics for cache hit/miss/error observability (#158) (@appleboy)

Bug fixes

• 86b2a46: fix(audit): populate missing actor and request metadata in audit logs (#159) (@appleboy)

Refactor

• 5643380: refactor(audit): add NoopAuditService to eliminate nil checks (#137) (@appleboy)

Others

• 4b475f0: perf(cache): add singleflight, memory reaper, and context propagation (#156) (@appleboy)

v0.24.0

Changelog

Features

• af2221c: feat(config): make JWT expiration configurable via environment variable (#135) (@appleboy)
• da187d0: feat(sessions): add status and token type filter tabs (#140) (@appleboy)
• d0f54fa: feat(ui): add copy-to-clipboard for Client ID and Secret fields (#147) (@appleboy)
• 3e94804: feat(admin): add user management dashboard (#148) (@appleboy)
• 9f13627: feat(admin): add dashboard and token management pages (#150) (@appleboy)
• 3ac68a0: feat(ui): add scope restriction notice for user app form (#152) (@appleboy)

Bug fixes

• 9111d1f: fix(cache): add missing token cache invalidation and access token expiry jitter (#136) (@appleboy)
• e2db1d3: fix(csrf): use constant-time comparison and hide internal errors (#138) (@appleboy)
• 067737d: fix(ui): disable auto-submit on search toolbar input (#145) (@appleboy)
• 1e272e7: fix(security): prevent content injection via URL query param flash messages (#153) (@appleboy)

Enhancements

• b747f41: chore(deps): upgrade testcontainers-go to v0.41.0 (#142) (@appleboy)
• cddda7a: chore(deps): update middleware and indirect dependencies (@appleboy)

Refactor

• f973f22: refactor(cache): add NoopCache to eliminate nil checks in token service (#134) (@appleboy)
• a88d1d4: refactor: harden security validations and simplify OAuth handlers (#139) (@appleboy)
• ab5a856: refactor(security): harden CSRF, PKCE, and consolidate OAuth error constants (#141) (@appleboy)
• 98ede36: refactor(ui): extract shared search & filter toolbar component (#144) (@appleboy)
• cd57b6a: refactor(security): fix info disclosure, TOCTOU race, and reduce parameter sprawl (#146) (@appleboy)

Build process updates

• 18c068e: ci: bump codecov-action from v5 to v6 (@appleboy)
• d7c4ac0: ci: bump codecov-action to v6 and trivy-action to v0.35.0 (@appleboy)

Others

• 98120b0: perf(store): consolidate user stats into single SQL query (#149) (@appleboy)
• 9824e5f: perf(store): add missing indexes and optimize token hash retrieval (#151) (@appleboy)

v0.23.0

Changelog

Features

• 0d8fc6d: feat(ui): improve UX with password toggle, accessibility, and inline style cleanup (#131) (@appleboy)
• a66bd42: feat(cache): add configurable token verification cache layer (#132) (@appleboy)

Refactor

• ae44992: refactor(store): split monolithic sqlite.go into domain-specific files (#124) (@appleboy)
• bec71c3: refactor(services): split token.go into domain-specific files (#125) (@appleboy)
• 833ce75: refactor(services): split client.go user methods into client_user.go (#126) (@appleboy)
• 55c69cb: refactor: extract shared helpers and fix resource leaks (#129) (@appleboy)

Documentation updates

• 090668a: docs(jwt): add JWT verification Excalidraw diagram (#130) (@appleboy)

Others

• b09e3ab: test(models): add unit tests for core and model packages (#127) (@appleboy)
• 06287d0: test(store): add comprehensive tests for store data access layer (#128) (@appleboy)

v0.22.0

Changelog

Features

• 70ae93c: feat(token): add RS256/ES256 JWT signing and JWKS endpoint (#109) (@appleboy)
• e0b7eb5: feat(ui): enable dark mode toggle for all users and fix mermaid diagrams (#113) (@appleboy)
• 67a7c48: feat(ui): redesign login page with brand identity (#115) (@appleboy)
• 821c21a: feat(login): add remember-me checkbox for 30-day sessions (#116) (@appleboy)
• dea632f: feat(ui): add secret regeneration page and client credentials flow for user apps (#121) (@appleboy)

Bug fixes

• 7f500d2: fix(auth): clear stale session to prevent redirect loop (#119) (@appleboy)

Enhancements

• 70183f4: chore(gitignore): ignore tmp directory in version control (@appleboy)

Refactor

• e24226a: refactor(handlers): use shared helpers and constants for OAuth error responses (@appleboy)
• 3b3b309: refactor(token): remove HTTP API token provider mode (#114) (@appleboy)

Documentation updates

• 30cabec: docs(jwt): add RS256/ES256 and JWKS documentation across all guides (@appleboy)
• 15076c7: docs(jwt): add JWT verification guide for resource servers (#118) (@appleboy)
• 04fff21: docs(jwt): replace ASCII diagrams with Mermaid (#120) (@appleboy)
• 5dca746: docs(jwt): enhance JWT verification guide with missing details (#123) (@appleboy)

v0.21.0

Changelog

Features

• d632434: feat(static): add browser cache-control for static files (#111) (@appleboy)
• 8a5802f: feat(templates): add dark mode, toast, modal, and responsive UI (@appleboy)

Bug fixes

• 4a571e5: fix(deps): update grpc to v1.79.3 for critical security patch (@appleboy)
• 0b6eed6: fix(css): improve admin navbar contrast in dark mode (@appleboy)
• 4e31a35: fix(css): resolve mobile navbar jumping from specificity and transition conflicts (@appleboy)

Enhancements

• 21199b0: chore(deps): update dependencies to latest patch versions (@appleboy)

Refactor

• f45aaa6: refactor(bootstrap): replace httptest.NewRecorder with streaming response wrapper (@appleboy)
• 71a90df: refactor(templates): fix dark mode detection and clean up dead code (@appleboy)

v0.20.0

Changelog

Features

• b5b8669: feat(oauth): add dynamic client registration endpoint (RFC 7591) (#103) (@appleboy)
• e8809d3: feat(oauth): add token introspection endpoint (RFC 7662) (#102) (@appleboy)
• 174feab: feat(oauth): add refresh token rotation replay detection (RFC 6819) (@appleboy)
• a3b10b4: feat(middleware): add HTTP security headers (#105) (@appleboy)
• cd65fdc: feat(middleware): add configurable CORS support for API endpoints (@appleboy)

Bug fixes

• d5acc1b: fix(oauth): use stable TokenFamilyID for complete family revocation (@appleboy)
• 6d0210f: fix(oauth): simplify replay detection metrics to single event (@appleboy)
• 0dc7320: fix(cors): move gin-contrib/cors to direct dependency and warn on empty origins (@appleboy)

Enhancements

• e8052aa: chore(deps): update golang.org/x dependencies (@appleboy)

Refactor

• 2e5d0ff: refactor(handlers): consolidate client display conversion and remove magic strings (#100) (@appleboy)
• 21e3aad: refactor: deduplicate cache, pagination, and OAuth error helpers (#101) (@appleboy)
• 94d0c58: refactor(store): extract Store interface from concrete struct (@appleboy)
• 6d26281: refactor(services): extract generateAndPersistTokenPair helper (@appleboy)
• 053138e: refactor(services): unify scope validation and extract UniqueKeys helper (@appleboy)
• a47a655: refactor(models): introduce typed aliases for status and category constants (@appleboy)

Documentation updates

• 555fe9b: docs(oauth): add RFC 7591 and RFC 7662 documentation (@appleboy)
• 656a79b: docs(oauth): add token vs introspect comparison diagram (@appleboy)
• 3648943: docs: add CORS configuration to .env.example, CONFIGURATION.md, and CLAUDE.md (@appleboy)

Others

• 45ce9be: Merge pull request #104 from go-authgate/worktree-new (@appleboy)
• 8b9543d: Merge pull request #106 from go-authgate/refactor/store-interface (@appleboy)
• fc2ea0c: test: improve test coverage for handlers, store, and middleware (@appleboy)
• ea71681: Merge pull request #107 from go-authgate/worktree-new (@appleboy)
• 850311d: Merge pull request #108 from go-authgate/worktree-new (@appleboy)

v0.19.0

Changelog

Bug fixes

• 820ad32: fix(security): enforce CSRF on secret regeneration and stop logging plaintext credentials (#98) (@appleboy)
• 5a263a5: fix(security): prevent OAuth account takeover via unverified email auto-linking (#99) (@appleboy)

Enhancements

• 42e55d1: chore(deps): update Go dependencies and modernize openapi/swag modules (@appleboy)

Refactor

• 13472f2: refactor(handlers): deduplicate session, fingerprint, and template helpers (#92) (@appleboy)

Build process updates

• ffa1e60: ci(workflows): bump GitHub Actions dependencies to latest versions (@appleboy)
• f954f91: build(deps): bump docker/build-push-action from 6 to 7 (#94) (@dependabot[bot])

v0.18.0

Changelog

Bug fixes

• 6e1d1ed: fix: refactor authentication and audit logging internals (#77) (@appleboy)
• be95bea: fix: refactor auth, token, and audit logging (#78) (@appleboy)
• 585fc75: fix(store): handle Count errors in seedData to fail fast on DB issues (#90) (@appleboy)

Refactor

• af3d83d: refactor: standardize authentication constants and defaults (@appleboy)
• 88c7030: refactor: refactor cache implementations with shared utilities (#79) (@appleboy)
• fa9a51e: refactor(cache): extract shared redis base and fetch-through helper (#84) (@appleboy)
• 4c7238a: refactor(util): simplify CryptoRandomBytes parameter and improve test coverage (#86) (@appleboy)
• c23e6a9: refactor(auth): simplify OAuth providers and extract shared utilities (#85) (@appleboy)
• c4f5003: refactor(token): simplify JWT validation and enforce token type checks (#87) (@appleboy)
• 2943f7e: refactor(core): remove redundant fields and unused interface methods (#88) (@appleboy)
• e3bd48e: refactor(store): fix audit log stats query mutation and remove dead code (#89) (@appleboy)

Build process updates

• ee3b074: build: introduce esbuild asset bundling pipeline (#80) (@appleboy)
• 04ce3b6: build(tools): separate dev tools into go.tools.mod (#83) (@appleboy)

Documentation updates

• fc6aa9d: docs: document OAuth 2.0 flows with detailed diagrams (@appleboy)
• 4abfc60: docs: document and demonstrate OAuth Device Code Flow (@appleboy)
• dd498e7: docs: document OAuth 2.0 device authorization flow (@appleboy)
• 20759b6: docs(oauth): document Client Credentials OAuth flow (#82) (@appleboy)

v0.17.0

Changelog

Features

• 16a673e: feat: add self-service OAuth app management with admin approval (#74) (@appleboy)
• 859e91d: feat: replace is_active flags with status-based client model (#75) (@appleboy)
• 0073b43: feat: refactor auth token handling and cleanup infrastructure (@appleboy)
• a20da42: feat: add configurable caching for pending client count (#76) (@appleboy)

Bug fixes

• 143b507: fix: harden OAuth application migration robustness (@appleboy)

Refactor

• eae2110: refactor: improve encapsulation of service initialization (@appleboy)
• c369f34: refactor: refactor retry client to use centralized configuration (@appleboy)
• 1c5970c: refactor: centralize cryptographic utilities usage (@appleboy)

Documentation updates

• b9a1c17: docs: document enterprise authentication use cases for AuthGate (@appleboy)

Others

• 50a2086: style: refactor error formatting for improved readability (@appleboy)

v0.16.0

Changelog

Features

• ec56c15: feat: refresh UI branding and footer versioning (@appleboy)
• a2b8193: feat: redirect authentication flows to account sessions page (@appleboy)
• 3b1fcae: feat: add first-class documentation site with rendered Markdown (#66) (@appleboy)
• 1b74c8d: feat: refactor authentication and add optional auth middleware (@appleboy)
• 1c8f183: feat: support displaying user full names across the app (@appleboy)
• 59f597c: feat: refactor OAuth providers and add Microsoft support (#69) (@appleboy)
• 3533740: feat: add and standardize OAuth provider support (#70) (@appleboy)
• 7b74037: feat: update default OAuth scopes and admin scope management (#72) (@appleboy)

Bug fixes

• a55e2c8: fix: fix docs navbar to highlight individual active pages (@appleboy)

Refactor

• 0a669ad: refactor: refactor auth and handlers to use shared utilities (#68) (@appleboy)
• 81d4089: refactor: refactor dependency wiring with unified service sets (#71) (@appleboy)

Build process updates

• 3f459d2: build: streamline build targets and defaults (@appleboy)
• 688c914: build(deps): bump aquasecurity/trivy-action from 0.34.1 to 0.34.2 (#67) (@dependabot[bot])

Documentation updates

• bbf7f78: docs: improve documentation formatting and navigation (@appleboy)
• 33e544c: docs: update OAuth docs to use email and profile scopes (@appleboy)