Skip to content

Releases: matthewhartstonge/storage

v0.38.0

20 Nov 04:39
@github-actions github-actions
v0.38.0
0d1173b

Choose a tag to compare

View all tags
v0.38.0 Latest
Latest

0.38.0 (2025-11-20)

Features

Assets 2
Loading

v0.37.0

07 Aug 22:19
@matthewhartstonge matthewhartstonge
v0.37.0
767bc70
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.37.0

v0.37.0 (2025-08-07)

Features

  • client: adds support for fosite.ClientWithSecretRotation. (6760715)
  • client: adds support for fosite.ResponseModeClient. (e80fdb6)
Loading

v0.36.0

29 Jul 05:58
@matthewhartstonge matthewhartstonge
v0.36.0
8eb91ec
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.36.0

v0.36.0 - 2025-07-28

This jumps from [email protected] => [email protected] and with it comes a number of breaking changes.

Breaking Changes

Also mentioned in the sections below, but highlighted here with relevant migration information:

  • Requires >[email protected].
  • fosite.Hasher has been removed from the individual entity managers (ClientManager, UserManager) in favour of using the hasher provided by the shared DB instance. You will need to reroute usage to the top level hasher (store.Hasher), or via the manager's DB shared instance:
    • store.ClientManager.Hasher.* => store.ClientManager.DB.Hasher.*
    • store.UserManager.Hasher.* => store.UserManager.DB.Hasher.*
  • mongo: normalized time.Now() usage throughout to UTC. Traditionally, Go will use time.Local() which may not be useful working with external systems.
  • mongo: The interface for fosite.RefreshTokenStorage has been updated and now requires the access token signature which MUST be hashed with storage.SignatureHash(signature string) string:
- func (r *RequestManager) CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)
+ func (r *RequestManager) CreateRefreshTokenSession(ctx context.Context, refreshSignature string, accessSignature string, request fosite.Requester) (err error)
  • mongo: A number of changes have been made to all indices, therefore, all storage indices will require manual removal, but on service startup the indices will be recreated as required across all collections.
    • sparse indexing has been removed.
    • The hashed idxSignatureId index has been removed in favour of performing internal hashing of access token signatures.
    • The unique requirement has been relaxed on the idxSessionID index and as such will need to be removed.

Use the following mongosh script for quick index removal:

// Connect to your database if you haven't already
// For example:
// use myFositeDatabase;

const indexesToDrop = [
    // AccessTokens Collection
    { collection: "accessTokens", index: "idxSignatureId" },
    { collection: "accessTokens", index: "idxSessionId" },
    { collection: "accessTokens", index: "idxCompoundRequester" },
    { collection: "accessTokens", index: "idxExpiryRequestedAt" },
    // AuthorizationCodes Collection
    { collection: "authorizationCodes", index: "idxSignatureId" },
    { collection: "authorizationCodes", index: "idxSessionId" },
    { collection: "authorizationCodes", index: "idxCompoundRequester" },
    { collection: "authorizationCodes", index: "idxExpiryRequestedAt" },
    // Clients Collection
    { collection: "clients", index: "idxClientId" },
    // JtiDenylist Collection
    { collection: "jtiDenylist", index: "idxSignatureId" },
    { collection: "jtiDenylist", index: "idxExpires" },
    { collection: "jtiDenylist", index: "idxExpiryRequestedAt" },
    // OpenIDConnectSessions Collection
    { collection: "openIDConnectSessions", index: "idxSignatureId" },
    { collection: "openIDConnectSessions", index: "idxSessionId" },
    { collection: "openIDConnectSessions", index: "idxCompoundRequester" },
    { collection: "openIDConnectSessions", index: "idxExpiryRequestedAt" },
    // PkceSessions Collection
    { collection: "pkceSessions", index: "idxSignatureId" },
    { collection: "pkceSessions", index: "idxSessionId" },
    { collection: "pkceSessions", index: "idxCompoundRequester" },
    { collection: "pkceSessions", index: "idxExpiryRequestedAt" },
    // RefreshTokens Collection
    { collection: "refreshTokens", index: "idxSignatureId" },
    { collection: "refreshTokens", index: "idxSessionId" },
    { collection: "refreshTokens", index: "idxCompoundRequester" },
    { collection: "refreshTokens", index: "idxExpiryRequestedAt" },
    // Users Collection
    { collection: "users", index: "idxUserId" },
    { collection: "users", index: "idxUsername" }
];

function dropIndex(collectionName, indexName) {
    try {
        print(`Attempting to drop index '${indexName}' from collection '${collectionName}'...`);
        const result = db.getCollection(collectionName).dropIndex(indexName);
        if (result.ok === 1) {
            print(`Successfully dropped index '${indexName}' from collection '${collectionName}'.`);
        } else {
            print(`Failed to drop index '${indexName}' from collection '${collectionName}'. Result: ${JSON.stringify(result)}`);
        }
    } catch (e) {
        if (e.code === 27) { // 27 is the error code for IndexNotFound
            print(`Index '${indexName}' not found on collection '${collectionName}'. Skipping.`);
        } else {
            print(`Error dropping index '${indexName}' from collection '${collectionName}': ${e}`);
        }
    }
}

// Iterate through the array and drop each index
indexesToDrop.forEach(item => {
    if (item.collection && item.index) {
        dropIndex(item.collection, item.index);
    } else {
        print(`Skipping invalid entry in indexesToDrop array: ${JSON.stringify(item)}. Missing 'collection' or 'index' property.`);
    }
});

print("\nIndex removal script complete.");

Added

  • config: CONNECTIONS_MONGO_REFRESH_TOKEN_GRACE_PERIOD can be configured to set a multiple-use graceful token refresh window. Beneficial when working with web-based clients with multiple open tabs. Default: 0 == Not Enabled.
  • config: CONNECTIONS_MONGO_REFRESH_TOKEN_MAX_USAGE can be configured to enforce the maximum number of times a refresh token can be used. Default: 0 == unlimited.
  • storage.SignatureHash(signature string) string for hashing access token signatures to keep indexes small.
  • store.RequestManager.DeleteAll(ctx context.Context, entityName string, requestID string) (err error): to handle removing all records based on requestID (a given session) at once to cater for graceful token refreshing.
  • store.RequestManager.RotateRefreshToken(ctx context.Context, requestID string, refreshTokenSignature string) (err error): to support the latest fosite.RefreshTokenStorage interface definition.
  • user.Data enables persisting custom data in a user record.
  • client.Data enables persisting custom data in a client record.

Changed

  • deps!: upgrades to [email protected].
  • mongo!: the SessionID index has been relaxed and is no longer unique to allow for graceful token refreshes.
  • mongo!: routes fosite.Hasher through the shared singleton DB instance to simplify hasher plumbing.
  • mongo!: access token signatures are now being directly hashed via storage.SignatureHash internally so we no longer need the hashed #signature index.
  • mongo!: sparse indexes have been removed. The indexes built always had the specific properties required, so never required being sparse.
  • mongo!: The interface for fosite.RefreshTokenStorage has been updated and now requires the access token signature which MUST be hashed with storage.SignatureHash(signature string) string:
- func (r *RequestManager) CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)
+ func (r *RequestManager) CreateRefreshTokenSession(ctx context.Context, refreshSignature string, accessSignature string, request fosite.Requester) (err error)

Fixed

  • mongo!: normalized time.Now() usage throughout to UTC.
  • mongo: fixes hashee assignment ordering. There was a potential that the default hasher could have been nil.

Removed

  • deps: removed dependency on github.com/pkg/errors.
  • mongo: as mentioned above, the #signature index has been removed in favour of internally hashing the signature before commiting to storage.
  • mongo: internal function configureExpiry as no longer used.

Full Changelog: v0.35.0...v0.36.0

Loading

v0.35.0

21 Jul 00:11
@matthewhartstonge matthewhartstonge
v0.35.0
e1a610a
This commit was signed with the committer’s verified signature.
matthewhartstonge Matthew Hartstonge
GPG key ID: AAC22DD466AF51A1
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.35.0

v0.35.0 - 2025-07-21

Changed

Full Changelog: v0.34.0...v0.35.0

Loading

v0.34.0

21 Feb 23:38
@matthewhartstonge matthewhartstonge
v0.34.0
e2f3fb2
This commit was signed with the committer’s verified signature.
matthewhartstonge Matthew Hartstonge
GPG key ID: AAC22DD466AF51A1
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.34.0

v0.34.0 - 2024-02-22

Added

  • user: adds support for regions.

Changed

Full Changelog: v0.33.0...v0.34.0

Loading

v0.33.0

25 Aug 00:47
@matthewhartstonge matthewhartstonge
v0.33.0
1c7db6a
This commit was signed with the committer’s verified signature.
matthewhartstonge Matthew Hartstonge
GPG key ID: AAC22DD466AF51A1
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.33.0

v0.33.0 - 2023-08-25

Fixed

  • user: aligns bson, json and xml marshalling to the name of the mfaFactors property.
Loading

v0.32.0

18 Jul 04:42
@matthewhartstonge matthewhartstonge
v0.32.0
dc6b990
This commit was signed with the committer’s verified signature.
matthewhartstonge Matthew Hartstonge
GPG key ID: AAC22DD466AF51A1
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.32.0

v0.32.0 - 2023-07-18

Added

  • user: Adds support for MFA factors.

Changed

Loading

v0.31.0

09 Jan 11:43
@matthewhartstonge matthewhartstonge
v0.31.0
7e9c30f
This commit was signed with the committer’s verified signature.
matthewhartstonge Matthew Hartstonge
GPG key ID: AAC22DD466AF51A1
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.31.0

🚢 v0.31.0 - 2023-01-10

Changed

Fixed

  • examples/mongo/authorizationserver: sets session subject and username. fixes #65.
  • examples/mongo/authorizationserver: properly logs out the generated user id.
  • mongo/mongo: reduces read errors occurring in a mongo replica set. fixes #68. Thanks to @qkrgksqkr for the original reports, debugging and solution!

Changes: v0.30.1...v0.31.0

Contributors

qkrgksqkr
Loading

v0.30.1

08 Aug 03:19
@matthewhartstonge matthewhartstonge
v0.30.1
fe22a27
This commit was signed with the committer’s verified signature.
matthewhartstonge Matthew Hartstonge
GPG key ID: AAC22DD466AF51A1
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.30.1 Pre-release
Pre-release

🚢 v0.30.1 - 2022-08-08

Added

  • user_manager: adds support for filtering users given a list of people ids.
  • mongo/user_manager: adds support for filtering users given a list of people ids.

Changed

Changes: v0.30.0...v0.30.1

Loading

v0.30.0

08 Aug 03:17
@matthewhartstonge matthewhartstonge
v0.30.0
fc8bd03
This commit was signed with the committer’s verified signature.
matthewhartstonge Matthew Hartstonge
GPG key ID: AAC22DD466AF51A1
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v0.30.0 Pre-release
Pre-release

🚢 v0.30.0 - 2022-07-28

Changed

Changes: v0.29.0...v0.30.0

Loading