release 1.7.5

Features

• added id_token and the token endpoint response as additional arguments to the on_authenticated lifecycle hook; see #413
• added opts.discovery_expires_in in order to make cache expiry of OpenID Connect Discovery responses configurable.
• added public functions that allow tokens to be revoked without destroying the current session; see #402; thanks to @thorstenfleischmann
• authenticate's last parameter can now be an existing session rather than options for starting a new one: see #405; thanks to @thorstenfleischmann
• added opts.cache_segment as option to shard the cache used by token introspection or JWT verification; see #399
• made jwt_verify() and bearer_jwt_verify() use a separate cache named "jwt_verification" and introduced opts.jwt_verification_cache_ignore to disable caching completely; see #399

Bugfixes

• when the x5c claim of a JWK is an empty array it will be ignored rather than cause an error; see #406
• if lifecyle handlers return truthy values they cause the operation they are handlers of to fail; see #384; thanks to @arcivanov
• fixed a session leak in access_token() and for a very unlikely code-path in authenticate(); authenticate will still normally not close the session as users may want to use it after the method returns; see https://github.com/zmartzone/lua-resty-openidc#sessions-and-locking; see #374