release 1.4.0

Features

• support RFC7662-style token introspection by default
• apply iat_slack also to openidc.jwt_verify; thanks @nielsole
• adding option to add id_token_hint to op logout request; thanks @pgp44
• add force_reauthorize option that forces the auth flow to be executed; thanks @bodewig

Bugfixes

• properly deal with ngx.redirect's return value; thanks @bodewig
• fix access token cache ttl; closes #76
• fix openidc_call_token_endpoint when token validation fails; thanks @dereknex
• make sure openidc_discover is called before refreshing the access token; thanks @gonzalad