v0.0.12

Changelog

• 9dfe889 .github,Dockerfile,go.mod,flake: update go version and tsidp version (#152)

v0.0.11

Changelog

• 4c2b5ae go.mod: Updated to use newer go as identified by govulncheck. (#150)

v0.0.10

Changelog

• cb5b628 go.mod: update to 1.24.12 (#148)
• 14b5267 flake.{lock,nix}: resolve Nix eval warnings (#145)
• 554ca6c README.md: Minor edits (#139)
• 28327c0 tsidp-server.go: remove TAILSCALE_USE_WIP_CODE env var check (#100)

v0.0.9

Changelog

• ed98891 .github,Dockerfile: pin alpine container to fix build issues (#138)
• 052a9b1 examples/mcp-gateway: fix issues and update README (#137)

v0.0.8

Changelog

• cf5a875 go.mod: update go to 1.24.11 (#135)
• b90df6c .gitignore: ignore .direnv and .envrc files (#130)
• af98275 Only print funnel message when funnelOn is true (#124)

v0.0.7

Changelog

• 2a1b4d6 server: remove old migration hint comments (#129)
• 93a50a3 Dockerfile: fix permission denied errors (#128)
• 335dc10 cmd/verifier: add -client_id and -client_secret flags (#110)
• 96c869d .github/workflows/govulnchecks: post to a different channel (#107)
• c8621fd go.mod: bump to 1.24.9 (#108)
• ba0cc85 server: constant time code verifier comparisons (#103)

v0.0.6

Changelog

• c6deaa8 .github/flake/go.mod.sri/update-flake.sh: update Nix dependencies (#93)
• 42a70c4 go.mod: update to 1.24.8 (#98)

v0.0.5

Changelog

• 08d296d server: changes from external security review (#89)
• 0203816 examples/mcp-server: fix wrong resource metadata url (#90)
• a83dfa2 README: replace docker run with a docker compose yaml file
• 3877b43 flake.nix: fix broken flake (#85)
• a6646a0 flake: fixes nixos module options and ExecStart script creation (#81)
• 24192a3 server: add app cap grant checking for /clients/ endpoint (#79)
• 14f057f .github/workflows: safe env var parsing (#77)
• a2e4baf flake: update nixos module to match upstream nixpkgs (#75)
• 8b48d68 server: make nbf < iat to account for client clock skew (#76)
• d89f3c8 server: move os.Exit() and panic() out of request handling paths (#72)

v0.0.4

In this release:

• "emailish" emails like user@github and user@keypass now have your tsidp's fully qualified domain name (FQDN) appended to them to make them more realish: e.g: user@github -> user@github.idp.foo.ts.net (ref #58)
• an email_verified: true claim can be set using application capabilities grants for applications that require it (ref #62)

Changelog

• 5fc3240 server: add support for bool type in extraClaims (#68)
• 3926c53 server/token.go: change emailish emails into realish looking ones (#69)
• 2b9bb90 README: fixes duplicate table entries (#65)
• 968604f docs: Add Proxmox instructions

v0.0.3

New Feature

• Support for mobile scheme in redirect_uri. eg: app.myapp:///oauth-callback

Breaking Changes:

This release changes and improves how logging is configured.

Removed CLI flags and Docker env vars:

• -verbose, TSIDP_VERBOSE=1
• -enable-debug, TSIDP_ENABLE_VERBOSE=1

New CLI flags and Docker env vars:

• -log <level>, TSIDP_LOG=<level>. Level must be debug, info, warn or error
• -debug-tsnet, TSIDP_DEBUG_TSNET=1. Replaces -verbose. Useful for troubleshooting issues connecting tsidp to a tailnet
• -debug-all-requests, TSIDP_DEBUG_ALL_REQUESTS=1. Replaces -enable-debug. Prints out all requests and responses, useful during dev and troubleshooting OAuth flows.

Changelog

• 75fb0e0 server: add support for mobile URI schemes (#61)
• a6a430d server: unify and improve logging (#56)