ljr/wcmtools/openid/perl/Net-OpenID-Consumer/ChangeLog

0.12:
	* required_root in constructor/method/validated_identity

	* allow https identities

	* version 1.1 of the protocol

	* expand entities in link rel

	* reject cached association validation if expiry is in past

0.11:
	* document common error codes from claimed_identity, and
	  cleanup some error handling/codes

	* support openid.mode=cancel

	* respect replace_after and expiry.  do clock compensation
	  between local clock and server.

	* invalidate_handle support

0.10:
        * handle openid.delegate properly (was losing state because I'd
	  put a URL parameter onto the wrong URL)

	* copy all signed parameters into POST args in dumb mode,
	  not a static set (to be future-proof)

0.09:
        * switch to DH/HMAC protocol, not DSA protocol

0.08:
	* more openssl-binary temp file changes.  on second failure (which
	  was previously missing a new method), it also propogates up the
	  error message now, instead of dying, to be more consistent with
	  the other DSA checkers, which never die

0.07:
	* bugfix: use URI::Fetch 0.02, not "0.02" in quotes

	* bugfix: don't set cache if no cache

0.06:
	* wrap Crypt::OpenSSL::DSA verify in eval {} as it can croak

	* use URI::Fetch, which does caching and proper HTTP behavior

	* let user get/set cache, which is then propogated down to URI::Fetch

	* optionally use new pure-perl version of Crypt::DSA which now
	  does ASN.1 serialization/deserialization in both signatures and
	  public keys.  brings total options of DSA verify techniques up
	  to 3.

	* tmpdir option (and smart auto-configuration) for people using
  	  OpenSSL binaries to verify signatures.

	* security fix when doing DSA checks with system openssl binary
	  (was previously parsing the wrong status)

	* misc reported bugfixes

0.05:
        * stupid push_url_arg bugfix

	* doc fix in example code (no post_grant in check_url)

0.04:
        * tons more docs:  in both ClaimedIdentity and VerifiedIdentity

	* Consumer now observes atom/rss/foaf/foafmaker at the same time
	  as openid.server, and passes it along to VerifiedIdentity,
	  where it's accessible, and VerifiedIdentity knows whether or
	  not those urls are under the trusted one or not, and makes them
	  differently available to callers

	* bug fixes, doc fixes

	* post_grant moved to user_setup_url, not check_url

	* delayed_return added to check_url

0.03:
        * setting args in constructor was broken

        * renamed get_claimed_identity to just claimed_identity to be
          consistent

	* all methods now croak if called with too many arguments

	* added ClaimedIdentity->identity_server to get just one,
	  as selected by plugin, instead of array of them all

0.02:
	* POD docs for Net/OpenID/Consumer.pm

	* accepts CGI, Apache, Apache::Request, and CODE arguments now for
	GET argument retrievers, in addition to just HASH references

	* openid.server auto-discovery only happens within first <head> tag

	* if using Crypt::OpenSSL::DSA, now requires 0.12 due to bugs found
	  in 0.11.

	* DSA verification using OpenSSL binary no longer spews "Verification OK"
	  to stdout

0.01:
	* fetching of page (with configurable user agent object; I
	  recommend you use LWPx::ParanoidAgent, now available on CPAN)
	  and returning a "ClaimedIdentity" object of what the user claims
	  they are, but is not verified yet

	* auto-discovery of openid servers

	* hook to let you provide your subref to do openid server
	  selection, given multiple options

        * generation of "check" URL to send user to to get redirect

	* reading of response parameters, returning either a
	  user_setup_url or a VerifiedIdentity object (doing DSA
	  validation with either Crypt::OpenSSL::DSA or your openssl
	  binary)

	 * start of JSON responses for javascript UI
init 2019-02-05 21:49:12 +00:00			`0.12:`
			`* required_root in constructor/method/validated_identity`

			`* allow https identities`

			`* version 1.1 of the protocol`

			`* expand entities in link rel`

			`* reject cached association validation if expiry is in past`

			`0.11:`
			`* document common error codes from claimed_identity, and`
			`cleanup some error handling/codes`

			`* support openid.mode=cancel`

			`* respect replace_after and expiry. do clock compensation`
			`between local clock and server.`

			`* invalidate_handle support`

			`0.10:`
			`* handle openid.delegate properly (was losing state because I'd`
			`put a URL parameter onto the wrong URL)`

			`* copy all signed parameters into POST args in dumb mode,`
			`not a static set (to be future-proof)`

			`0.09:`
			`* switch to DH/HMAC protocol, not DSA protocol`

			`0.08:`
			`* more openssl-binary temp file changes. on second failure (which`
			`was previously missing a new method), it also propogates up the`
			`error message now, instead of dying, to be more consistent with`
			`the other DSA checkers, which never die`

			`0.07:`
			`* bugfix: use URI::Fetch 0.02, not "0.02" in quotes`

			`* bugfix: don't set cache if no cache`

			`0.06:`
			`* wrap Crypt::OpenSSL::DSA verify in eval {} as it can croak`

			`* use URI::Fetch, which does caching and proper HTTP behavior`

			`* let user get/set cache, which is then propogated down to URI::Fetch`

			`* optionally use new pure-perl version of Crypt::DSA which now`
			`does ASN.1 serialization/deserialization in both signatures and`
			`public keys. brings total options of DSA verify techniques up`
			`to 3.`

			`* tmpdir option (and smart auto-configuration) for people using`
			`OpenSSL binaries to verify signatures.`

			`* security fix when doing DSA checks with system openssl binary`
			`(was previously parsing the wrong status)`

			`* misc reported bugfixes`

			`0.05:`
			`* stupid push_url_arg bugfix`

			`* doc fix in example code (no post_grant in check_url)`

			`0.04:`
			`* tons more docs: in both ClaimedIdentity and VerifiedIdentity`

			`* Consumer now observes atom/rss/foaf/foafmaker at the same time`
			`as openid.server, and passes it along to VerifiedIdentity,`
			`where it's accessible, and VerifiedIdentity knows whether or`
			`not those urls are under the trusted one or not, and makes them`
			`differently available to callers`

			`* bug fixes, doc fixes`

			`* post_grant moved to user_setup_url, not check_url`

			`* delayed_return added to check_url`

			`0.03:`
			`* setting args in constructor was broken`

			`* renamed get_claimed_identity to just claimed_identity to be`
			`consistent`

			`* all methods now croak if called with too many arguments`

			`* added ClaimedIdentity->identity_server to get just one,`
			`as selected by plugin, instead of array of them all`

			`0.02:`
			`* POD docs for Net/OpenID/Consumer.pm`

			`* accepts CGI, Apache, Apache::Request, and CODE arguments now for`
			`GET argument retrievers, in addition to just HASH references`

			`* openid.server auto-discovery only happens within first <head> tag`

			`* if using Crypt::OpenSSL::DSA, now requires 0.12 due to bugs found`
			`in 0.11.`

			`* DSA verification using OpenSSL binary no longer spews "Verification OK"`
			`to stdout`

			`0.01:`
			`* fetching of page (with configurable user agent object; I`
			`recommend you use LWPx::ParanoidAgent, now available on CPAN)`
			`and returning a "ClaimedIdentity" object of what the user claims`
			`they are, but is not verified yet`

			`* auto-discovery of openid servers`

			`* hook to let you provide your subref to do openid server`
			`selection, given multiple options`

			`* generation of "check" URL to send user to to get redirect`

			`* reading of response parameters, returning either a`
			`user_setup_url or a VerifiedIdentity object (doing DSA`
			`validation with either Crypt::OpenSSL::DSA or your openssl`
			`binary)`

			`* start of JSON responses for javascript UI`