| | Call to /logout always throws an IllegalArgumentException | | | | | Fixed | May 11, 2021 | May 18, 2021 | | |
| | Extend the Action interface with an applies(Action) method to allow authorization policies to match a set of actions with a single policy. | | | | | Fixed | Mar 30, 2021 | May 4, 2021 | | |
| | Unclear exception message from LocalIdProvider when credentials not found | | | | | Unresolved | Nov 2, 2020 | Nov 2, 2020 | | |
| | Make the token available as request attribute after successful login | | | | | Fixed | Sep 22, 2020 | Oct 1, 2020 | | |
| | Make retainCacheOnErrorDuration configurable and/or give it a default value | | | | | Unresolved | Sep 17, 2020 | Sep 17, 2020 | | |
| | Make subjectRoles ENTITY_TYPE constant available in API | | | | | Unresolved | Sep 2, 2020 | Sep 2, 2020 | | |
| | Roles provided by the SubjectRoleEntityProvider can be used for for another application | | | | | Fixed | Jun 29, 2020 | Jul 13, 2020 | | |
| | AuthorizationService is unpredictable when there are multiple EntityProviders for the same entity | | | | | Fixed | Jun 25, 2020 | Jun 26, 2020 | | |
| | Create multiple cookies when the token size becomes larger then 4k | | | | | Fixed | Apr 21, 2020 | May 22, 2020 | | |
| | Support for Same-site cookie attribute | | | | | Fixed | Apr 20, 2020 | Sep 22, 2020 | | |
| | Support for federated logout via token_id_hint remenbering the id_token | | | | | Fixed | Mar 23, 2020 | Apr 6, 2020 | | |
| | OpenIdConnectProviderConfig.m_extraAuthParams Map should be returned as a copy | | | | | Fixed | Jun 7, 2019 | Jun 11, 2019 | | |
| | Token remains invalid after renewal causing lots of renewals | | | | | Unresolved | Jan 30, 2019 | Jan 30, 2019 | | |
| | Auto renewal of token does not work as expected | | | | | Fixed | Jan 14, 2019 | Jan 22, 2019 | | |
| | Copy request headers to the subjectAttributes provided by the AuthorizationRequestInterceptor | | | | | Unresolved | Nov 28, 2018 | Nov 28, 2018 | | |
| | Allow for a refresh of the authentication token cookie and custom attributes of the token | | | | | Unresolved | Nov 28, 2018 | Nov 28, 2018 | | |
| | Support state and id_token_hint for openconnectid endsession endpoint | | | | | Fixed | Nov 27, 2018 | Mar 23, 2020 | | |
| | AuthenticationResource: use 'X-Forwarded-For' when logging | | | | | Won't Fix | Oct 22, 2018 | Oct 22, 2018 | | |
| | OpenIdConnectConfigTest fails on expected values from the google oauth wellknown endpoint | | | | | Fixed | Sep 12, 2018 | Sep 12, 2018 | | |
| | Openid provider fails often with Steam | | | | | Fixed | Sep 10, 2018 | Sep 14, 2018 | | |
| | Add a configurable logout redirect URL | | | | | Fixed | Aug 30, 2018 | Aug 30, 2018 | | |
| | Sliding expiration on authenticated web session | | | | | Unresolved | Aug 13, 2018 | Aug 13, 2018 | | |
| | LocalIdProvider#getTokenAttributesFromRequest could return empty Optional when accountId is null | | | | | Unresolved | May 1, 2018 | May 1, 2018 | | |
| | Password change fails with default web resources from org.amdatu.security.account.admin.rest.resource | | | | | Unresolved | Jan 16, 2018 | Jan 16, 2018 | | |
| | IdProviders return wrong error when there is a replay attack or state timeout | | | | | Unresolved | Dec 20, 2017 | Dec 20, 2017 | | |
| | When refreshing an accesstoken, the (new) refresh token is not returned | | | | | Fixed | Dec 5, 2017 | Apr 6, 2018 | | |
| | openidconnect provider does not return the accestokens' expiry time | | | | | Fixed | Dec 4, 2017 | Jun 7, 2018 | | |
| | Support `client_secret_post` method in OIDC IdProvider | | | | | Fixed | Dec 1, 2017 | Dec 1, 2017 | | |
| | TokenProvider sometimes throws NPE when handling an invalid JWT | | | | | Fixed | Nov 14, 2017 | Dec 1, 2017 | | |
| | Support authorization requests for third-party providers | | | | | Unresolved | Oct 30, 2017 | Oct 30, 2017 | | |
| | Support JAX-RS 2.0 api | | | | | Fixed | Aug 18, 2017 | Aug 18, 2017 | | |
| | Return Unauthorized statuscode in RejectInfo | | | | | Fixed | Aug 16, 2017 | Dec 1, 2017 | | |
| | LocalIdProvider uses TOTP as salt | | | | | Fixed | Aug 15, 2017 | Dec 5, 2017 | | |
| | NPE on updating the serviceProperties in ConfigUtil | | | | | Won't Fix | Aug 10, 2017 | Dec 5, 2017 | | |
| | LocalIdProvider gives nullpointer when state cannot be decrypted | | | | | Fixed | Aug 4, 2017 | Dec 1, 2017 | | |
| | double encoding response type | | | | | Fixed | Jul 26, 2017 | Dec 1, 2017 | | |
| | Update ScribeJava to latest version | | | | | Fixed | Jul 25, 2017 | Dec 1, 2017 | | |
| | With OpenId a hybrid flow response type gives an illegalargument exception | | | | | Fixed | Jul 13, 2017 | Dec 1, 2017 | | |
| | Support authentication and logout callbacks | | | | | Fixed | Jul 12, 2017 | Jul 25, 2017 | | |
| | Possible NPE in OpenID provider | | | | | Won't Fix | Jun 30, 2017 | Sep 28, 2018 | | |
| | Provide easier access to attributes added to a token | | | | | Unresolved | Jun 27, 2017 | Dec 1, 2017 | | |
| | Support HTTP headers in AuthenticationResource#handleSecurity | | | | | Unresolved | Jun 19, 2017 | Jun 19, 2017 | | |
| | OpenID connect endpoint discovery can fail | | | | | Won't Fix | Jun 14, 2017 | Dec 1, 2017 | | |
| | Account admin does not use checked credentials from configuration | | | | | Done | Jun 14, 2017 | Jun 16, 2017 | | |
| | Support OpenID 1/2 identity providers | | | | | Done | Jun 14, 2017 | Jun 16, 2017 | | |
| | OpenID connect redirect URI mismatch | | | | | Done | Jun 14, 2017 | Jun 16, 2017 | | |
| | Provide access to the account id used for local login. | | | | | Done | Jun 13, 2017 | Jun 16, 2017 | | |
| | Allow alternative SecureRandom instances to be created | | | | | Done | May 23, 2017 | Jun 16, 2017 | | |
| | Split authentication service and ID providers | | | | | Done | Feb 27, 2017 | Jun 16, 2017 | | |
| | Fix Bnd warnings in authorization project | | | | | Done | Feb 20, 2017 | Jun 16, 2017 | | |
