128 lines
3.7 KiB
Plaintext
128 lines
3.7 KiB
Plaintext
|
0.12:
|
||
|
* required_root in constructor/method/validated_identity
|
||
|
|
||
|
* allow https identities
|
||
|
|
||
|
* version 1.1 of the protocol
|
||
|
|
||
|
* expand entities in link rel
|
||
|
|
||
|
* reject cached association validation if expiry is in past
|
||
|
|
||
|
0.11:
|
||
|
* document common error codes from claimed_identity, and
|
||
|
cleanup some error handling/codes
|
||
|
|
||
|
* support openid.mode=cancel
|
||
|
|
||
|
* respect replace_after and expiry. do clock compensation
|
||
|
between local clock and server.
|
||
|
|
||
|
* invalidate_handle support
|
||
|
|
||
|
0.10:
|
||
|
* handle openid.delegate properly (was losing state because I'd
|
||
|
put a URL parameter onto the wrong URL)
|
||
|
|
||
|
* copy all signed parameters into POST args in dumb mode,
|
||
|
not a static set (to be future-proof)
|
||
|
|
||
|
0.09:
|
||
|
* switch to DH/HMAC protocol, not DSA protocol
|
||
|
|
||
|
0.08:
|
||
|
* more openssl-binary temp file changes. on second failure (which
|
||
|
was previously missing a new method), it also propogates up the
|
||
|
error message now, instead of dying, to be more consistent with
|
||
|
the other DSA checkers, which never die
|
||
|
|
||
|
0.07:
|
||
|
* bugfix: use URI::Fetch 0.02, not "0.02" in quotes
|
||
|
|
||
|
* bugfix: don't set cache if no cache
|
||
|
|
||
|
0.06:
|
||
|
* wrap Crypt::OpenSSL::DSA verify in eval {} as it can croak
|
||
|
|
||
|
* use URI::Fetch, which does caching and proper HTTP behavior
|
||
|
|
||
|
* let user get/set cache, which is then propogated down to URI::Fetch
|
||
|
|
||
|
* optionally use new pure-perl version of Crypt::DSA which now
|
||
|
does ASN.1 serialization/deserialization in both signatures and
|
||
|
public keys. brings total options of DSA verify techniques up
|
||
|
to 3.
|
||
|
|
||
|
* tmpdir option (and smart auto-configuration) for people using
|
||
|
OpenSSL binaries to verify signatures.
|
||
|
|
||
|
* security fix when doing DSA checks with system openssl binary
|
||
|
(was previously parsing the wrong status)
|
||
|
|
||
|
* misc reported bugfixes
|
||
|
|
||
|
0.05:
|
||
|
* stupid push_url_arg bugfix
|
||
|
|
||
|
* doc fix in example code (no post_grant in check_url)
|
||
|
|
||
|
0.04:
|
||
|
* tons more docs: in both ClaimedIdentity and VerifiedIdentity
|
||
|
|
||
|
* Consumer now observes atom/rss/foaf/foafmaker at the same time
|
||
|
as openid.server, and passes it along to VerifiedIdentity,
|
||
|
where it's accessible, and VerifiedIdentity knows whether or
|
||
|
not those urls are under the trusted one or not, and makes them
|
||
|
differently available to callers
|
||
|
|
||
|
* bug fixes, doc fixes
|
||
|
|
||
|
* post_grant moved to user_setup_url, not check_url
|
||
|
|
||
|
* delayed_return added to check_url
|
||
|
|
||
|
0.03:
|
||
|
* setting args in constructor was broken
|
||
|
|
||
|
* renamed get_claimed_identity to just claimed_identity to be
|
||
|
consistent
|
||
|
|
||
|
* all methods now croak if called with too many arguments
|
||
|
|
||
|
* added ClaimedIdentity->identity_server to get just one,
|
||
|
as selected by plugin, instead of array of them all
|
||
|
|
||
|
0.02:
|
||
|
* POD docs for Net/OpenID/Consumer.pm
|
||
|
|
||
|
* accepts CGI, Apache, Apache::Request, and CODE arguments now for
|
||
|
GET argument retrievers, in addition to just HASH references
|
||
|
|
||
|
* openid.server auto-discovery only happens within first <head> tag
|
||
|
|
||
|
* if using Crypt::OpenSSL::DSA, now requires 0.12 due to bugs found
|
||
|
in 0.11.
|
||
|
|
||
|
* DSA verification using OpenSSL binary no longer spews "Verification OK"
|
||
|
to stdout
|
||
|
|
||
|
0.01:
|
||
|
* fetching of page (with configurable user agent object; I
|
||
|
recommend you use LWPx::ParanoidAgent, now available on CPAN)
|
||
|
and returning a "ClaimedIdentity" object of what the user claims
|
||
|
they are, but is not verified yet
|
||
|
|
||
|
* auto-discovery of openid servers
|
||
|
|
||
|
* hook to let you provide your subref to do openid server
|
||
|
selection, given multiple options
|
||
|
|
||
|
* generation of "check" URL to send user to to get redirect
|
||
|
|
||
|
* reading of response parameters, returning either a
|
||
|
user_setup_url or a VerifiedIdentity object (doing DSA
|
||
|
validation with either Crypt::OpenSSL::DSA or your openssl
|
||
|
binary)
|
||
|
|
||
|
* start of JSON responses for javascript UI
|