Firely Auth release notes

Release 3.2.0, June 20th, 2023

Configuration

Attention

To make it easier to understand, some configuration sections are renamed or reorganized. Please check the bullets below for a summary of changes. For the details, please check page Firely Auth Settings.

  1. Section KeyManagementConfig is renamed to KeyManagement.

  2. Section FhirServerConfig is renamed to FhirServer.

  3. Section ClientRegistrationConfig is renamed to ClientRegistration.

  4. Section TokenConfig is removed, the AccessTokenType for each client is moved to the registration of the specific client.

  5. Section TokenIntrospectionConfig is removed, the secret of a token introspection end point can be configured using setting IntrospectionSecret within section FhirServer.

  6. For registering a specific client, the LaunchIds setting is removed. A dynamic Smart on Fhir launch context can be requested via the LaunchContext endpoint. See LaunchContext endpoint for details about how to request launch context dynamically.

Feature

  1. Users now can change their own passwords after login.

  2. A user account will be blocked temporarily after 5 unsuccessful authentication attempts and it will be unblocked in 5 minutes.

  3. Added a setting KeySize to adjust the RSA key size generated by Firely Auth. By default, it is set to 2048.

  4. Added a setting PasswordHashIterations to adjust the password hashing iterations in case of different security considerations. By default it is set to 600000. See User store for more details.

  5. Introduced LaunchContext endpoint for requesting Smart on Fhir launch context dynamically. See LaunchContext endpoint for more details.

  6. Added security attributes to session cookies.

Fix

  1. Disabled Client Initiated Backchannel Authentication (CIBA).

Attention

The aud used in an access token is updated to the FHIR_BASE_URL instead of the name of FHIR server.

Release 3.1.0, March 9th, 2023

Feature

  1. Added a setting to configure CORS support for only a limited set of origins. See AllowedOrigins for more details.

Release 3.0.0, December 2022

This is the first public release of Firely Auth, providing support for SMART on FHIR v1 and v2 and a SQL Server user store.