Skip to content

Tags: bodaay/SimpleAuth

Tags

v1.0.3

Toggle v1.0.3's commit message 
Release v1.0.3

v1.0.2

Toggle v1.0.2's commit message 
v1.0.2: AI-proof documentation overhaul

README: Complete integration guide explaining JWT, redirect URIs, CORS,
base path, admin key from scratch. Three login flows with full curl
examples. Token refresh, verification, JWT structure, common mistakes.

DEPLOYMENT-GUIDE.md (NEW): Real-world scenarios — first-login user
provisioning pattern, nginx/reverse proxy setup, why wildcards are
dangerous, Kerberos SSO flow explained, token lifecycle diagram,
production checklist.

SDK READMEs: Important box on every SDK (15-min TTL, /sauth base path,
AdminKey required). Fixed GitHub links.

SDK-GUIDE: Fixed Go install command, added Important box.

Examples: All use env var with fallback URL, /sauth base path.

API.md: Full URLs with /sauth base path in examples.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

v1.0.1

Toggle v1.0.1's commit message 
Bump to v1.0.1 — CSRF cookie fix for TLS-disabled deployments

Includes fixes from aec4017 and 36817b8:
CSRF Secure flag now driven by TLSDisabled config. SameSite relaxed
to Lax when running plain HTTP behind reverse proxy.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

v1.0.0

Toggle v1.0.0's commit message 
SimpleAuth v1.0.0

The simplest way to add authentication to any app.

v1.0.0 is a complete rewrite of documentation and cleanup of the codebase:

- OIDC is first-class — standard OpenID Connect provider, not "Keycloak-compatible"
- Removed ClientID/ClientSecret/Realm from all SDKs (hardcoded internally)
- README completely rewritten — clean, compelling, developer-focused
- All docs updated — no deprecated language, no backward compat noise
- All examples updated — clean v1.0 code
- Account page aligned with branding guide
- Health endpoint returns version
- Stale files removed (PENDING-CHANGES.md, encrypt.key)
- encrypt.key added to .gitignore

Single binary. 10MB. Zero dependencies. Full Kerberos SSO. Standard OIDC.
BoltDB or PostgreSQL. Admin UI for everything. Embeddable as a Go library.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

v0.8.1

Toggle v0.8.1's commit message 
Bump to v0.8.1

v0.8.0

Toggle v0.8.0's commit message 
Document AUTH_AUTO_SSO_DELAY, bump to v0.8.0

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

v0.7.6

Toggle v0.7.6's commit message 
Bump to v0.7.6

v0.7.5

Toggle v0.7.5's commit message 
Document /logout endpoint, bump to v0.7.5

Documented in API.md, README, SDK-GUIDE, QUICKSTART, JS SDK README.
Updated nextjs-auth.ts example to use /logout.

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

v0.7.4

Toggle v0.7.4's commit message 
Fix input visibility (inline styles → CSS classes), fix auto-SSO loop

Input fields:
- All Settings/Database page inputs now use form-input/form-textarea
  CSS classes instead of inline styles with wrong var(--border)/var(--card)
- Inputs are now clearly visible with Sand border and distinct background

Auto-SSO loop fix:
- __sso_attempted cookie (5 min TTL) prevents auto-SSO from looping
  when SSO fails and user is redirected back to login page
- Cookie set when SSO handler is called, cleared on success
- Works across redirect_uri flows (app callback → login → no auto-retry)

Co-Authored-By: Claude Opus 4.6 (1M context) <[email protected]>

v0.7.3

Toggle v0.7.3's commit message 
Bump to v0.7.3