v4.2.5

4.2.5 - 2026-04-25

this patch fixes an issue in the authorization_code flow where the access token issued for an authenticated user did not include the allowed audiences configured on the requesting client. this created a mismatch between the client context that initiated authorization and the resulting user token.

starting in 4.2.5, when a client obtains an authorization code and exchanges it for an access token, the generated user access token now includes all allowed audiences configured for that client. in the same flow, the authorization code is also bound to the client context to ensure exchange consistency.

v4.2.0

4.2.0 - 2026-04-24

this release introduces a fluent builder api to the sdk, making it more intuitive and expressive to construct filter parameters for client calls. previously, using parameter models required manual object initialization and explicit property assignment, which could become verbose as the number of filters grew. with the new fluent approach, developers can chain builder methods in a readable and intention-driven way, improving both usability and discoverability of the api.

for example, instead of manually initializing a parameter object, you can now use a builder pattern and pass the result directly to the client method. this pattern is consistent across all filter types exposed by the sdk.

var filters = PermissionsFilters.AsBuilder()
    .WithName("orders:create")
    .Build();

var permissions = await _permissionsClient.GetPermissionsAsync(filters);

v4.1.0

4.1.0 - 2026-04-24

this release introduces per-realm key rotation, allowing each realm to manage and rotate its own signing keys independently.

we also made all .well-known endpoints realm-specific. Accessing these endpoints now requires a realm name as part of the request, ensuring configuration and discovery metadata are resolved within the correct realm context.

v4.0.0

4.0.0 - 2026-04-20

this release introduces full multi-client support per realm. In previous versions, a realm (tenant) was effectively treated as a single client, but starting in 4.0.0 each realm can manage multiple clients with their own credentials, permissions, flows, redirect uris, and audiences. We also added dedicated client management capabilities and support for multiple token audiences during issuance and validation.

this is a breaking change for users upgrading from 3.1.1 and earlier, because integrations that assumed a 1:1 mapping between realm and client must now be updated to work with explicit clients and their configured audiences.

v.3.1.1

this release includes internal improvements and performance optimizations to enhance the overall system efficiency. We removed unused experimental scope-related code that is no longer required and introduced new database indexes to improve query performance. These changes help ensure faster and more reliable data access while maintaining existing functionality without breaking changes.

v3.0.0

3.0.0 - 2026-03-29

In version 3.0.0 of the Docker image, we fixed a security vulnerability in the backend authentication flow affecting protected administrative endpoints. This release strengthens issuer and token validation across different hosting contexts, ensuring safer token acceptance and clearer authentication error tracking.