v2.3.6

This release introduces a few new features:

• VC-AuthN is now shipped by default with support for WebVH, and can verify WebVH credentials.
• Ability for VC-AuthN to respond to proof-requests with pre-loaded credentials. This is useful for scenarios that require verify-the-verifier capabilities.
• Extended support for integrating with multi-tenant ACA-Py instances, and Traction tenants.
• Added the capability to expose a UserInfo endpoint for enhanced compatibility with OIDC relying parties that require access to this endpoint.
• Dependency updates and bugfixes.

What's Changed

• feat(core): support configurable proof format for anoncreds by @MonolithicMonk in #904
• Feat/manage script testing by @MonolithicMonk in #906
• Replace UAParser.js with my-ua-parser.min.js by @Gavinok in #911
• Test: add regression coverage for OIDC client lookup keys by @MonolithicMonk in #909
• Feat: robust multi-tenant webhook registration by @MonolithicMonk in #915
• feat: allow configurable branch or SHA for deployment in workflow by @i5okie in #920
• Bugfix: ensure proof-request claims are in the id_token by @esune in #919
• Dependency updates by @loneil in #921
• fix: handle missing optional nonce in issue_token_service by @MonolithicMonk in #907
• Fix: add auth headers and body to multitenancy token request by @MonolithicMonk in #908
• Fix release workflow by @esune in #922
• Ensure user_id is not null for in-memory userinfo storage by @esune in #925
• Add Bootstrap script to store a credential in the vc-auth agent by @Gavinok in #917
• Bugfix: id_token claims missing when sub is not consistent by @esune in #931
• Feat: add traction tenant mode for secure webhook registration by @MonolithicMonk in #926
• feat: implement OIDC UserInfo endpoint for Firebase compatibility by @MonolithicMonk in #941
• Webvh Support by @Gavinok in #937
• Fix docker setup by @esune in #947
• Fix env precedence by @Gavinok in #948
• Hotfix/record cleanup as thread by @Gavinok in #951
• Bump Acapy Version by @Gavinok in #949
• Logging for prover role by @Gavinok in #928
• Dependency updates by @esune in #954
• Bump version for release by @esune in #955

New Contributors

• @MonolithicMonk made their first contribution in #904

Full Changelog: v2.3.5...v2.3.6

v2.3.5

This release addresses an edge case that would cause id_token claims to not be correctly added when the proof-request configuration did not specify a VC attribute to be used as sub, or to generate a consistent identifier for the proof.

What's Changed

• Hotfix/v2.3.4 by @esune in #930

Full Changelog: v2.3.4...v2.3.5

v2.3.4

This release is a further improvement on 2.3.3, ensuring that both redis-backed and in-memory user info storage will work consistently and provide the right claims to generate id tokens.

What's Changed

• v2.3.3 hotfix: ensure user_id is not null for in-memory userinfo storage by @esune in #924

Full Changelog: v2.3.3...v2.3.4

v2.3.3

This release addresses an issue introduced in 2.3.2 that caused claims and attributes derived from the proof-request to not be added to the id_token generated by VC-AuthN.

What's Changed

• Bugfix: ensure proof-request claims are in the id_token by @esune in #916

Full Changelog: v2.3.2...v2.3.3

v2.3.2

This release of VC-AuthN adds support for newer versions of ACA-Py (1.3.2 and later) that use terse webhooks that do not have all the information required to drive the verification logic. It additionally includes bugfixes and dependency updates.

Upgrading from previous versions

This release resolves an issue that caused AuthSession to be persisted in the VC-AuthN datatabase even if a TTL index was set, causing the growth of the database storage volume. While the upgrade from previous versions does not have special requirements, a one-time database update or clean-up must be performed to ensure old records are purged. It is therefore recommended that, after upgrading the code to this release, one of the following tasks is completed:

• Execute the provided script to populate the attribute used by the TTL index by executing the command python -m api.db.migrations.add_missing_proof_status in the shell of a running pod. This will allow the TTL to be calculated for the records that get updated, and they should get purged after its expiration.
• Delete old documents manually from the auth_sessions colelction in the VC-AuthN database

Breaking Changes

The Helm chart for VC-Authn is not in this repository anymore: it can be found in the OWF Helm Charts repository.

What's Changed

• [chart] fix: restart triggering annotation should be a pod annotation by @i5okie in #841
• Add Redis for websocket management across multiple pods by @Gavinok in #825
• Default to disabling Redis by @Gavinok in #853
• [chart] Update Acapy sub-chart to version 0.2.1 to use new secrets values by @i5okie in #855
• Chore(chart): delete chart files and add chart relocation notice by @i5okie in #864
• Manually handle deletion of exchange records by @Gavinok in #834
• Handle Redis Connection Failure by @Gavinok in #856
• Redis based PyOP wrapper implementation by @Gavinok in #878
• Dependency updates by @esune in #890
• Ensure proof_status is populated in AuthSession records by @esune in #892
• Dependency updates by @esune in #896

Full Changelog: v2.3.1...v2.3.2

v.2.3.1

This is a patch release with bugfixes and small improvements.

What's Changed

• [chart] Add annotation to controller pods to force rollout on deploy by @i5okie in #839
• [workflow] Add owf helm repo, and perform repo update by @i5okie in #838
• [chart] hot-fix: deployment annotation by @i5okie in #840

Full Changelog: v2.3.0...v2.3.1

vc-authn-oidc-0.4.1

A Helm chart to deploy ACAPy VC-AuthN on OpenShift

vc-authn-oidc-0.4.0

A Helm chart to deploy ACAPy VC-AuthN on OpenShift

v2.3.0

This release of VC-AuthN updates dependencies - including ACA-Py - and introduces a couple of new features for deploying the service as well as performing verifications.

New Features

• The Helm chart was refactored to use the official ACA-Py chart as a dependency, rather than defining custom deployment templates.
• VC-AuthN now supports the use of ephemeral short-lived connections. Connection-less presentations are still supported.

What's Changed

• Update chart values, docs by @esune in #745
• Support masking QR in darkmode browser extensions by @Gavinok in #744
• Enable PKCE for KC IdP integration by @esune in #749
• Basic browser detection and setting as query param in deeplink by @Gavinok in #746
• Dependency updates by @loneil in #753
• Remove legacy configuration options by @loneil in #752
• Use ACA-Py 1.3.0 by @loneil in #763
• Corrected dependabot path to pyproject.toml by @Gavinok in #774
• Upgrade VCAuthN to ACA-Py 1.3.1 by @loneil in #795
• Use BC showcase person credential for demo by @esune in #800
• build(vue.js): Update Keycloak proof id and configuration by @Gavinok in #801
• Connection based verification by @Gavinok in #802
• Chart for USE_CONNECTION_BASED_VERIFICATION variable by @loneil in #810
• Jul 25 Dependency updates by @loneil in #811
• Implement socket ID management in AuthSession for High Availability by @Gavinok in #813
• Refactor the helm chart to use Acapy helm chart as a dependency by @i5okie in #814
• Handle restarted controller during authentication by @Gavinok in #816
• Bump actions/checkout from 4 to 5 in the all-actions group by @dependabot[bot] in #822
• Small tweaks to pyproject.toml by @esune in #826
• [chart] Update helm chart, fix resource reference naming by @i5okie in #835
• Make all created and expired timestamps rather than strings by @Gavinok in #828
• Bump app version to 2.3.0 by @esune in #837

Full Changelog: v2.2.3...v2.3.0

v2.2.3

This release of VC-AuthN is the first release from the new home of the project at the OpenWallet Foundation.

Changes focused on updating dependencies, improving the configuration capabilities of the service and modernizing dependency management by using Poetry.

It is now possible to define custom variable substitution functions to be used when templating proof-request configurations.
Additional metadata can now be added to proof-request configurations: it will be displayed on the QR code page, providing users with human-readable information about what is being requested, before scanning the QR code.

Upgrading from releases where chart version is <= 0.3.1

The chart dependencies have been updated:

• PostgreSQL was updated to version 16, when upgrading from a previous version of the chart, manual intervention to upgrade the instance from an older version may be required. See the documentation.
• MongoDB was updated to version 8, when upgrading from a previous version of the chart, manual intervention to upgrade the instance from an older version may be required. See the documentation.

Breaking Changes

There are no breaking changes in this release.

What's Changed

• Update subchart version in trust-over-ip-configurations repo by @i5okie in #674
• Depdendency updates by @loneil in #673
• Add User Definable Variable Substitution by @Gavinok in #675
• Library updates by @loneil in #679
• Human readable QR by @Gavinok in #678
• Reorg config files by @loneil in #685
• OWF migration prep by @esune in #690
• Bump nanoid from 3.3.7 to 3.3.8 in /demo/vue/app/frontend by @dependabot in #694
• Fix build breaking due to unpinned poetry by @loneil in #702
• Library updates by @loneil in #698
• Acapy 1.2.1 update by @loneil in #711
• Helm: remove default resource limits, dependency updates by @esune in #707
• [Helm] Update dependency: PostgreSQL 14 to PostgreSQL 16 by @i5okie in #714
• ACA-Py 1.2.2 update by @loneil in #718
• Migrate to Poetry 2.0 by @Gavinok in #720
• Coveralls badge tweaks by @esune in #726
• User defined templates by @Gavinok in #715
• Update QR to pending when phone camera is used to scan QR by @Gavinok in #727
• Migrate from /etc for configuration into /app by @Gavinok in #729
• ACA-Py 1.2.3 update + dependencies by @loneil in #736
• Use well known goal code for proof-request by @esune in #730
• Update ACA-Py to 1.2.4 by @loneil in #741
• Tweaks to image publishing flow by @esune in #742
• Prepare 2.2.3 release by @esune in #743

Full Changelog: v2.2.2...v2.2.3