- New subcomand
mairu showdumps informations about 'auto' role.
- debian: Debian package was missing
setcapcall on post installation, which results into mlockall failure onmairu agent.
mairu loginuses$MAIRU_LOCAL_PORTenvironment variable for a port number when listening to callback. Takes precedence over a server configuration.
- Support OAuth 2.0 Authorization Code Grant without client secret; It's safe because we always use PKCE, and expects your authorization server to enforce PKCE.
.oauth.code_grantserver configuration gainsuse_localhostflag, which forces redirect_uri to behttp://localhost:.../oauth2callbackinstead ofhttp://127.0.0.1:.../oauth2callback. This is required for some authorization servers, e.g. Microsoft + Mairu as a public client.mairu list-sessionscommand now indicates sessions with an OAuth refresh token.mairu list-sessionscommand now shows expiry in a local time by default. It also gains--utcto revert to the previous behaviour which shows expiry in UTC.
- AWS SSO: fix failure on device code flow. This requires re-registration of OAuth 2.0 dynamic client (which is performed automatically).
- agent: Ensure runtime_dir (to create a socket) is only writable by owner (0700) #19
- Agent socket location is changed to state_dir
~/.local/state/mairu/runon platforms without XDG_RUNTIME_DIR (e.g. macOS)
- Fix crash on macOS #14
- Support generic OAuth 2.0 Device Authorization Grant (RFC 8628) #15
- Support generic token refresh using refresh_token grant type #16
- AWS SSO: Support OAuth 2.0 Authorization Code Grant #17 #18
- Initial release