Releases: tinyauthapp/tinyauth
v3.3.0
Tinyauth v3.3.0
Hello everyone! The release almost everybody has been waiting for just dropped.
Tinyauth can now act as a simple middleware between your OIDC server and your apps. It automatically maps OIDC claims like prefered_username, name and groups into Remote-User, Remote-Email, Remote-Name and Remote-Groups so as you can easily authenticate to your favorite apps using your existing OIDC server. Additionally you can easily manage access controls with your existing user groups and filter which group can access which app by using the tinyauth.oauth.groups header.
Furthermore, both the OAuth whitelist and the user whitelist support regex (regex cannot be used simultaneously with the comma list) for easier user matching. Last but not least a lot of security improvements and refactors have took place. Documentation for all of the changes and new features will come in the following days.
A big thank you to our new sponsors @jmadden91 and @tribor.
New features
- Added warning login screen when the redirect URI does not match the configured domain
- Regex support for both OAuth and user whitelist
- New forgot password screen with the ability to change the text using markdown
- Map information from OIDC claims to headers
- Support for auto redirecting to your favorite OAuth provider
Improvements
- Add dependabot for dependency updates @gurukulkarni
- Add CSRF cookie for protection against cross-site request forgery
- Log actual errors alongside the information message
Fixes
- Disable basic authentication for TOTP users
- Move the redirect URI back to a separate cookie
Technical
- Ensure the dist directory exists during development
- Bump dependencies
If you encounter any issues please let me know so I can fix them as soon as possible.
Contributors
Assets 4
v3.3.0-alpha.3
chore(deps-dev): bump vite from 6.0.7 to 6.3.4 in /frontend (#129) Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.0.7 to 6.3.4. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.3.4/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.3.4 dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v3.3.0-alpha.2
chore(deps): bump react-router from 7.5.0 to 7.5.2 in /frontend (#119) Bumps [react-router](https://github.com/remix-run/react-router/tree/HEAD/packages/react-router) from 7.5.0 to 7.5.2. - [Release notes](https://github.com/remix-run/react-router/releases) - [Changelog](https://github.com/remix-run/react-router/blob/main/packages/react-router/CHANGELOG.md) - [Commits](https://github.com/remix-run/react-router/commits/react-router@7.5.2/packages/react-router) --- updated-dependencies: - dependency-name: react-router dependency-version: 7.5.2 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
v3.3.0-alpha.1
chore: bump version
v3.2.1
Tinyauth v3.2.1
Hello everyone, just a small patch fix release that parses the secret files correctly (removing new lines and whitespaces). Additionally I had to remove the Tailsale OAuth provider (for now) due to their OAuth API not working as intended and basically allowing everyone to click the Tailscale button to login without being logged in to any Tailscale account. As always, below is the list of all the changes.
Fixes
- Ignore whitespaces and new lines in the secret files
- Remove Tailscale OAuth provider for security reasons
If you encounter any issues please let me know so I can fix them as soon as possible.
v3.2.1-beta.1
chore: bump version
v3.2.0
Tinyauth v3.2.0
Hello everyone!
Before talking about the new release I would like to thank everyone for the 1k stars! It is an amazing achievement I never thought I would reach with any of my projects but with your support we managed to hit that milestone and I am grateful for that!
Anyway back to the release stuff. It's been quite a long since the last release but since this one includes internalization I had to wait a bit for the app to get translated with some languages before releasing. Most of the languages are not translated yet but you can help translate tinyauth through Crowdin. Additionally basic brute force protection and rate limiting was added to the app and also the ability to tell tinyauth to add custom headers to your app. Lastly a ton of refactors took place ensuring the code is easily extendable and maintainable. As always, below is the full list of changes.
New features
- Internalization through Crowdin and the tinyauth CDN
- Healthcheck in Dockerfile to ensure the app runs smoothly
- Ability to tell tinyauth to add additional headers to the authentication response (needed for future OIDC provider support)
- Brute force protection/Rate limiting by @DragonStuff
- Light mode
- Amd64 and arm64 binaries are now available for download if you prefer bare metal over docker
Improvements
- Split API to server and handles for better code readability
- Refactor error handling to not initialize new variables for every error
- All services now use a single config struct for all of the configuration options for better code readability and extensibility
- Removed dependency on GIN sessions as the app now uses gorilla sessions directly
- The redirect URI is now stored inside the
tinyauthsession cookie
If you encounter any issues please let me know so I can fix them as soon as possible.
Contributors
Assets 4
v3.2.0-beta.6
New Crowdin updates (#67) * New translations en.json (Romanian) * New translations en.json (French) * New translations en.json (Spanish) * New translations en.json (Afrikaans) * New translations en.json (Arabic) * New translations en.json (Catalan) * New translations en.json (Czech) * New translations en.json (Danish) * New translations en.json (German) * New translations en.json (Greek) * New translations en.json (Finnish) * New translations en.json (Hebrew) * New translations en.json (Hungarian) * New translations en.json (Italian) * New translations en.json (Japanese) * New translations en.json (Korean) * New translations en.json (Dutch) * New translations en.json (Norwegian) * New translations en.json (Polish) * New translations en.json (Portuguese) * New translations en.json (Russian) * New translations en.json (Serbian (Cyrillic)) * New translations en.json (Swedish) * New translations en.json (Turkish) * New translations en.json (Ukrainian) * New translations en.json (Chinese Simplified) * New translations en.json (Chinese Traditional) * New translations en.json (English) * New translations en.json (Vietnamese) * New translations en.json (Portuguese, Brazilian) * New translations en.json (French) * New translations en.json (Greek) * New translations en.json (Polish)
v3.2.0-beta.5
fix: use arm runner
v3.2.0-beta.4
fix: download binaries correctly