v1.15.0

• 4a08475 Add OAuth 2.0 PKCE support (#176) (thanks @bartse)
• 0c582e9 Add --grant-type option and username prompt for ROPC (#178) (thanks @KKlapper)
• 4683a00 Add authorization code flow with keyboard interactive (#182) (thanks @julien69740)

v1.14.5

• 581284c Suppress success log to prevent screen disturbance (#165) (thanks @JrCs)
• fccef52 Bump to Go 1.13.3 (#166)

v1.14.4

• 8c640f6 Add setup command (#157)
• 8a5efac Add deprecation message of standalone mode (#155)
• 7a0ca20 Bump Go 1.13 and dependencies (#162)
• b5922f9 Refactor: fix error handling and improve stability (#163)

v1.14.3

• 25c7c1e Add snapcraft.yaml (#147) (not available yet)
• 53e8284 Move to k8s.io/klog (#139)
• 6b1e11f Refactor: use channel to wait for opening browser (#143)
• 9242b19 Refactor: Bump github.com/coreos/go-oidc (#136)

v1.14.2

• 1ff03fd Skip verification of cached token to reduce time (#132) (thanks @aperullo)
• 5e0fc7f Save token cache for each issuer and client ID (#131)
• 315d615 Refactor debug log messages and etc (#133)

Breaking change

Default token cache has been moved to ~/.kube/cache/oidc-login. You may need to remove the old cache file ~/.kube/oidc-login.token-cache.

v1.14.1

• 5158159 Fix stdout of browser launcher breaks credential json (#126) (thanks @aperullo)
• 3a2aa0c Fix TLS certificate on refreshing token (#125) (thanks @aperullo)
• 56b17ef Remove wrap kubectl feature (#120)

v1.14.0

• dc88948 Run as a client-go credential plugin (#118)
• 31609a3 Move to k8s.io/client-go@v12.0.0 (#119)

v1.13.0

• 79d8056 Check nonce of ID token in the authorization code flow (#112)
• ce61e09 Refresh the ID token if it has expired (#108)
• 391754e Cache oidc.Provider to reduce discovery requests (#107)

v1.12.0

• 5063550 Add resource owner password credentials grant support (#87) (thanks @heikoettelbruecksap, @evgenyidf)
• f0cff5a Add password prompt (#91)
• ebe5fea Add transparently login feature (#95) (experimental)

v1.11.0

• 93bb1d3 Add fallback ports for local server (#79)
• f2de8dd Refactor log messages and etc. (#77)
• 915fb35 Raise error on invalid certificate (as kubectl) (#73)
• 45f83b0 Add multiple kubeconfig support (#70) (thanks @creation-shin-chan)
• 83f85a9 Dump all claims of ID token to debug log (#68) (thanks @sstarcher)
• 072bee6 Add --certificate-authority option (#67)
• 5c07850 Add --user option (#66)
• 5c8c80f Add --context option (#65)

Breaking changes

• Port 18000 will be used instead if port 8000 is not available. You may need to add http://localhost:18000 to redirect URIs on the OIDC provider.
• Environment variables $KUBELOGIN_LISTEN_PORT, $KUBELOGIN_INSECURE_SKIP_TLS_VERIFY and $KUBELOGIN_SKIP_OPEN_BROWSER are no longer supported. Use the corresponding options instead.
• Invalid certificates are rejected now. This is same as kubectl.