v2.5.0

Support for optional OPs. Granular HTTP timeouts configurations per-OP. Renamed configurationDocumentUrl option to shorter configUrl.

v2.4.0

Introduced "validateIssPattern" config attribute.
Reduced cached documents expiration gap to 5 seconds (was 60).

v2.3.2

Inner classes used in overridable methods made public.

v2.3.1

This release includes the following changes:

• The authentication object stored in the HTTP session under org.bsworks.oidc.authorization is now serializable.
• RSA keys in JWK sets without "use" attribute can now be used for JWT signature verifications (just as if the "use" attribute is "sig").
• RSA keys in JWK sets without "kid" attribute can now be used as default keys when the JWT header does not include the "kid".

v2.3.0: Merge pull request #26 from boylesoftware/issue-25

This release includes support for newer generate of Tomcat versions 9.0 and 8.5 and addresses internal tomcat API and protocols changes. This version of the authenticator works with Tomcat 9.0 versions 9.0.30 and higher and Tomcat 8.5 versions 8.5.50 and higher. Also, support for Tomcat 8.0 has been removed.

v2.2.4

Added support for application/jwk-set+json when requesting key sets f…