.. _firely_auth_releasenotes: Release notes ============= .. _firelyauth_releasenotes_3.3.1: Release 3.3.1, April 22nd, 2024 ------------------------------- Fix ^^^ #. Fixed an issue were Firely Auth running in docker was unable to connect to a SQL server user store. .. _firelyauth_releasenotes_3.3.0: Release 3.3.0, March 20th, 2024 ------------------------------- Security ^^^^^^^^ #. Disabling 2FA authentication for a client will now require a 2FA token from the user as an additional security step #. Added 'Require2fa' to the default appsettings. This replaces the current 'RequireMfa' setting. Feature ^^^^^^^ #. Firely Auth will now warn about invalid key/value pairs submitted to the launchContext API #. Values in the form of '/' submitted to the launchContext API will now be automatically translate to id-only values .. _firelyauth_releasenotes_3.3.0-rc3: Release 3.3.0-rc3, February 1st, 2024 ------------------------------------- Configuration ^^^^^^^^^^^^^ #. ``EnableLegacyFhirContext`` is added to switch the syntax of ``fhirContext`` between SoF v2.1 and v2.0. See :ref:`firely_auth_settings` for details. #. ``ClientClaims`` and ``ClientClaimPrefix`` are added to help a client to define custom claims in the client credential flow. See :ref:`firely_auth_settings` for details. Feature ^^^^^^^ #. Harmonized Serilog sinks with Firely Server. See :ref:`configure_log_sinks` for details of all supported sinks. #. Enabled clients to add static custom claims in the client credential flow. See :ref:`firely_auth_settings` for details. Fix ^^^ #. Fixed the EHR launch context in case of a user login via an external identity provider. #. Improved the validation of setting ``AllowedResourceTypes``. Any invalid FHIR resource types will be rejected now. #. Improved the validation of setting ``AllowFirelySpecialScopes``. Firely special scopes can now only be requested if an registered client has the setting set to ``true``. #. In case of the EHR launch, no ``System.ArgumentException`` is thrown if both ``launch`` and ``launch/patient`` scopes are present in the request for the access token. .. _firelyauth_releasenotes_3.3.0-rc2: Release 3.3.0-rc2, November 23nd, 2023 -------------------------------------- Feature ^^^^^^^ #. You can restrict a :term:`client` to specific FHIR resource types, using the setting ``AllowedResourceTypes`` in the :ref:`firely_auth_settings_clients`. If the client requests SMART scopes for other resource types, the request will be denied. .. _firelyauth_releasenotes_3.2.0: Release 3.2.0, June 20th, 2023 ------------------------------ Configuration ^^^^^^^^^^^^^ .. attention:: To make it easier to understand, some configuration sections are renamed or reorganized. Please check the bullets below for a summary of changes. For the details, please check page :ref:`firely_auth_settings`. #. Section ``KeyManagementConfig`` is renamed to ``KeyManagement``. #. Section ``FhirServerConfig`` is renamed to ``FhirServer``. #. Section ``ClientRegistrationConfig`` is renamed to ``ClientRegistration``. #. Section ``TokenConfig`` is removed, the ``AccessTokenType`` for each client is moved to the registration of the specific client. #. Section ``TokenIntrospectionConfig`` is removed, the secret of a token introspection end point can be configured using setting ``IntrospectionSecret`` within section ``FhirServer``. #. For registering a specific client, the ``LaunchIds`` setting is removed. A dynamic Smart on Fhir launch context can be requested via the ``LaunchContext`` endpoint. See :ref:`firely_auth_endpoints_launchcontext` for details about how to request launch context dynamically. Feature ^^^^^^^ #. Users now can change their own passwords after login. #. A user account will be blocked temporarily after 5 unsuccessful authentication attempts and it will be unblocked in 5 minutes. #. Added a setting ``KeySize`` to adjust the RSA key size generated by Firely Auth. By default, it is set to 2048. #. Added a setting ``PasswordHashIterations`` to adjust the password hashing iterations in case of different security considerations. By default it is set to 600000. See :ref:`firely_auth_settings_userstore` for more details. #. Introduced ``LaunchContext`` endpoint for requesting Smart on Fhir launch context dynamically. See :ref:`firely_auth_endpoints_launchcontext` for more details. #. Added security attributes to session cookies. Fix ^^^ #. Disabled Client Initiated Backchannel Authentication (CIBA). .. attention:: The ``aud`` used in an access token is updated to the ``FHIR_BASE_URL`` instead of the name of FHIR server. .. _firelyauth_releasenotes_3.1.0: Release 3.1.0, March 9th, 2023 ------------------------------ Feature ^^^^^^^ #. Added a setting to configure CORS support for only a limited set of origins. See :ref:`firely_auth_settings_allowedorigins` for more details. .. _firelyauth_releasenotes_3.0.0: Release 3.0.0, December 2022 ---------------------------- This is the first public release of Firely Auth, providing support for SMART on FHIR v1 and v2 and a SQL Server user store.