v0.5.3

What's Changed

• fix: enumerate all permissions for system-admin and admin roles by @The127 in #275
• fix(login): use system identity in ResetTemporaryPassword mediator call by @The127 in #276

Full Changelog: v0.5.2...v0.5.3

v0.5.2

Full Changelog: v0.5.1...v0.5.2

v0.5.1

What's Changed

• feat: expose service-user key management over HTTP by @The127 in #274

Full Changelog: v0.5.0...v0.5.1

v0.5.0

What's Changed

• feat: add UserClient.Create to API client by @The127 in #273

Full Changelog: v0.4.0...v0.5.0

v0.4.0

What's new

Multi-algorithm signing keys per virtual server

Virtual servers now support a primarySigningAlgorithm plus an optional list of additionalSigningAlgorithms. Keys are generated for all configured algorithms and served via JWKS. Orphaned keys (for algorithms removed from the VS config) are cleaned up by the key rotation job.

Per-application signing algorithm override

Each application can now declare a signingAlgorithm field. When set, all tokens issued to that application (access token + ID token) are signed with that algorithm instead of the VS primary. This unblocks clients that only support RSA (e.g. older Java applications) on VSes whose primary algorithm is EdDSA.

Removing an algorithm from a VS is rejected if any application still references it.

Go client

The signingAlgorithm field is exposed on application create/patch/get, and primarySigningAlgorithm/additionalSigningAlgorithms are exposed on virtual server patch/get.

What's Changed

• feat: per-application signing algorithm + multi-algorithm VS support by @The127 in #272

Full Changelog: v0.3.14...v0.4.0

v0.3.14

What's Changed

• fix: use *bool for EmailVerified in CreateUserRequestDto by @The127 in #270
• fix: propagate DB errors before HTTP response via SaveChangesBehaviour by @The127 in #271

Full Changelog: v0.3.12...v0.3.14

v0.3.13

What's Changed

• fix: use *bool for EmailVerified in CreateUserRequestDto by @The127 in #270

Full Changelog: v0.3.12...v0.3.13

v0.3.12

What's Changed

Bug Fixes

• Honor system:system-admin tokens from the initial virtual server across all virtual servers (#268)

  Previously, tokens signed by the initial VS were validated against the requested VS's signing key, causing 401 errors whenever a system-admin used their token on any non-initial VS endpoint. The authentication middleware now falls back to the initial VS's signing key when validation fails.

Tests

• Add e2e tests for system:system-admin cross-VS token authentication (#269)

  Covers: VS creation, cross-VS endpoint authentication, admin creating apps in a new VS, and negative test for unprivileged users.

What's Changed

• feat: honor system:system-admin tokens from the initial VS across all virtual servers by @The127 in #268
• test: add e2e tests for system:system-admin cross-VS token authentication by @The127 in #269

Full Changelog: v0.3.10...v0.3.12

v0.3.11

Full Changelog: v0.3.10...v0.3.11

v0.3.10

What's Changed

• feat: add role client, PatchRole and DeleteRole endpoints by @The127 in #266

Full Changelog: v0.3.9...v0.3.10