Issues

Make retainCacheOnErrorDuration configurable and/or give it a default value

Make subjectRoles ENTITY_TYPE constant available in API

Roles provided by the SubjectRoleEntityProvider can be used for for another application

AuthorizationService is unpredictable when there are multiple EntityProviders for the same entity

Create multiple cookies when the token size becomes larger then 4k

Support for Same-site cookie attribute

Support for federated logout via token_id_hint remenbering the id_token

OpenIdConnectProviderConfig.m_extraAuthParams Map should be returned as a copy

Token remains invalid after renewal causing lots of renewals

Auto renewal of token does not work as expected

Copy request headers to the subjectAttributes provided by the AuthorizationRequestInterceptor

Allow for a refresh of the authentication token cookie and custom attributes of the token

Support state and id_token_hint for openconnectid endsession endpoint

AuthenticationResource: use 'X-Forwarded-For' when logging

OpenIdConnectConfigTest fails on expected values from the google oauth wellknown endpoint

Openid provider fails often with Steam

Add a configurable logout redirect URL

Sliding expiration on authenticated web session

LocalIdProvider#getTokenAttributesFromRequest could return empty Optional when accountId is null

Password change fails with default web resources from org.amdatu.security.account.admin.rest.resource

IdProviders return wrong error when there is a replay attack or state timeout

When refreshing an accesstoken, the (new) refresh token is not returned

openidconnect provider does not return the accestokens' expiry time

Support `client_secret_post` method in OIDC IdProvider