Tyk Identity Broker Release Notes
Last updated:
Open Source (Mozilla Public License)
This page contains all release notes for Tyk Identity Broker displayed in a reverse chronological order
Support Lifetime
Our minor releases are supported until our next minor comes out.
1.7 Release Notes
1.7.0 Release Notes
Release Date 28 March 2025
Release Highlights
This release introduces enhancements to TIB, improving group-based permission mapping, adding support for proxy settings from environment variables, and allowing dynamic state values in the OAuth2 flow.
For a comprehensive list of changes, please refer to the detailed changelog below.
Breaking Changes
This release has no breaking changes.
Dependencies
3rd Party Dependencies & Tools
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
|---|---|---|---|
| GoLang | 1.21 | 1.21 | All our binaries |
| MongoDB | 5.x, 6.x, 7.0 | 4.4.x, 5.x, 6.x and 7.0.x | Used by Tyk Identity Broker |
| Redis | 6.x - 7.0 | 6.x - 7.0 | Used by Tyk Identity Broker |
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
Deprecations
There are no deprecations in this release.
Upgrade instructions
For users currently on v1.6.0, we strongly recommend promptly upgrading to the latest release. If you are working with an older version (lower major), it is advisable to bypass version 1.6.0 and proceed directly to this latest patch release.
Go to the Upgrading Tyk section for detailed upgrade Instructions.
Downloads
- Docker image to pull
docker pull tykio/tyk-identity-broker:v1.7.0 - source code tarball for oss projects - TIB v1.7.0
Changelog
Added
-
Load Proxy Settings from Environment Variables
TIB now respects
HTTP_PROXY,HTTPS_PROXY, andNO_PROXYenvironment variables when making outbound connections. This change ensures compatibility with air-gapped Kubernetes environments where external services can only be accessed via an HTTP proxy. -
Dynamic State Query Support in OAuth2 Flow
The OAuth2 “state” field can now be dynamically set via the URL or form-encoded body. This improvement allows integration with external APIs that require custom state values, ensuring compliance with various regulatory and enterprise authentication requirements.
-
Improved Multi-Group Permission Mapping for Identity Providers
Previously, TIB assigned a user to the last matched group when multiple groups were mapped, regardless of the identity provider (SAML, LDAP, OAuth, OIDC, etc.). The new functionality introduces support for multi-group mapping, allowing permissions to be merged. This update is backward compatible and ensures that multi-group rights (combined permissions) are only applied if the user does not have a
groupIdassigned via the Dashboard.
Security Fixes
-
Fixed the following CVE
1.6 Release Notes
1.6.1 Release Notes
Release Date 5 Nov 2024
Release Highlights
Enhanced Security with JWE Support for OIDC SSO
This release introduces JSON Web Encryption (JWE) support for OpenID Connect (OIDC) Single Sign-On (SSO) in the Tyk Identity Broker (TIB). With this enhancement, organizations can achieve greater security for token handling during authentication flows. JWE token validation and processing are now seamlessly integrated, offering configurable private key support for decryption.
Breaking Changes
This release has no breaking changes.
Dependencies
3rd Party Dependencies & Tools
| Third Party Dependency | Tested Versions | Compatible Versions | Comments |
|---|---|---|---|
| GoLang | 1.21 | 1.21 | All our binaries |
| MongoDB | 5.x, 6.x, 7.0 | 4.4.x, 5.x, 6.x and 7.0.x | Used by Tyk Identity Broker |
| Redis | 6.x - 7.0 | 6.x - 7.0 | Used by Tyk Identity Broker |
Given the time difference between your upgrade and the release of this version, we recommend customers verify the ongoing support of third-party dependencies they install, as their status may have changed since the release.
Deprecations
There are no deprecations in this release.
Upgrade instructions
For users currently on v1.6.0, we strongly recommend promptly upgrading to the latest release. If you are working with an older version (lower major), it is advisable to bypass version 1.6.0 and proceed directly to this latest patch release.
Go to the Upgrading Tyk section for detailed upgrade Instructions.
Downloads
- Docker image to pull
docker pull tykio/tyk-identity-broker:v1.6.1 - source code tarball for oss projects - TIB v1.6.1
Changelog
Added
-
Support for JSON Web Encryption (JWE) in OIDC SSO with TIB
This release adds support for JSON Web Encryption (JWE) in OIDC Single Sign-On (SSO) with TIB, providing enhanced security for token handling in authentication flows. This feature enables processing and validation of JWE tokens, with configuration options for setting the private key required for decryption.
For more details, refer to the OIDC SSO with JWE documentation.
Further Information
Upgrading Tyk
Please refer to the upgrading Tyk page for further guidance on the upgrade strategy.
FAQ
Please visit our Developer Support page for further information relating to reporting bugs, upgrading Tyk, technical support and how to contribute.