v2025.11.6

  • 1 minute(s) read
Prev Next

Released on 2025.11.19

New Features

OIDC Provider

  • Access Token Minting

    • OPA policies now supported in the following grant types

      • Implicit/Hybrid

      • Resource Owner Password Credentials ROPC - (not recommended)

    • New Parameters can be evaluated when defining a OPA policy

      • Client ID input.request.oauth.client_id == "test.api"

      • Grant Type input.request.oauth.grant_type == "authorization_code"

      • Scope input.request.oauth.scope == "openid offline_access tickets:read"

      • Audience input.request.oauth.audience == "https://orchestrator.local:8443"

      • Claims input.request.oauth.response.access_token.claims == "openid profile"

      • Token expiration input.request.oauth.response.expires_in == 3600

    • Improved logging for token generation

LDAP Provider

In a LDAP Provider service extension you can now get the BindDN (active user)

Related articles
  • v0.106.0
    Release Notes > Orchestrator Release Notes
  • v2025.07.3
    Release Notes > Orchestrator Release Notes
  • OIDC (Local development)
    Local development resources > Configuration (Local development) > Applications (Local development)