# CHANGELOG

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

## [0.6.0] - 2022-03-20

### Changed

- [`Plugoid`] RFC9207 is supported. As a consequence, redirect URI no longer contains the
issuer when generated by the `plugoid_redirect_uri` function (see [`Plugoid.RedirectURI`])

## [0.5.1] - 2022-03-20

### Added

- [`Plugoid`] `Plugoid.authenticate/2` is now public

### Changed

- [`Plugoid`] GET request parameters are now stored in a cookie unless `:preserve_initial_request`
is set to `true`, in which case it is sotred in local storage in the browser

## [0.5.0] - 2021-11-16

### Changed

- [`Plugoid.Redirect`] **Breaking change** The token callback now takes a `Plug.Conn.t()`
as an additional parameter and returns it

### Fixed

- [`Plugoid.Session.StateSession`] Set `secure: true` to state session cookie (#14)

## [0.4.3] - 2021-10-25

### Fixed

- [`Plugoid`] Relaxed requirements for the `phoenix_html` dependency

## [0.4.2] - 2021-09-22

### Fixed

- [`Plugoid`] Fixed a bug with token hash validation in imported library

## [0.4.1] - 2020-10-16

### Fixed

- [`Plugoid`] Fixed erroneous handling of custom OP metadata

## [0.4.0] - 2020-09-26

### Added

- [`Plugoid.RedirectURI`] Mix-up attack protection. Redirect URIs are generated with an `iss`
parameter, which is verified when receiving the answer from the OP