release 1.7.2

Features

• added unauth_action=deny to reject unauthenticated requests rather than start the authorization code grant flow; see #271; based on suggested change by @nmaniwa
• read introspection_endpoint from discovery document when present; see #255
• allow to tap into authentication workflow by providing an option to specify lifecycle hooks via opts.lifecycle
  • added another lifecycle hook that is called when the session is regenerated after a token refresh

Bugfixes

• improved error handling when starting session; see #264; thanks @vershnik
• fixed accidental use of global variable err in revoke_tokens_on_logout; see #253, #254; thanks @arcivanov
• made the checks for certain HTTP headers handle the case where multiple headers exist; thanks @ci42
• don't overwrite opts.discovery when an error occurs calling the discovery endpoint; see #250

Other

• performance enhancement by caching the result of ngx.req.get_headers during the authenticate call.
• fixed a few additional cases of using global symbols detected by lualint