Scope must be a space-delimited string per RFC 6749 §3.3, not a JSON
array. Adds [] and ["openid","profile"] cases to the existing invalid
sub-test with a comment explaining the likely root cause: an issuer
using []string instead of SpaceDelimited in its claims struct.
Go 1.23+ changed Windows target naming so x86_64 builds now carry a
micro-architecture suffix (e.g. _v2). Update the goreleaser YAML
generator and monorel's own .goreleaser.yaml to match:
- Remove windows from defaultGoos/almostAllGoos; emit a dedicated
<name>-windows build entry per binary. Windows is kept in a separate
build because it does not support ARM v6/v7, so it cannot share the
same goarch matrix as non-Windows builds.
- Add defaultWindowsGoarch [amd64, arm64] and almostAllWindowsGoarch
[386, amd64, arm64] for the Windows-specific architecture lists.
- Promote defaultGoamd64 from [v1, v2] to [v1, v2, v3, v4] so the
full amd64 micro-architecture matrix is always generated.
- Update the archive name_template to include
{{ if .Amd64 }}_{{ .Amd64 }}{{ end }} after x86_64.
- Include both <name> and <name>-windows in archive ids.
- Regenerate tools/monorel/.goreleaser.yaml and
cmd/sql-migrate/.goreleaser.yaml with the new format.
Adds `sql-migrate sync` which outputs a shell script that refreshes
the local migrations.log from the DB by running _migrations.sql.
Uses `|| true` so a fresh DB with no _migrations table yields an
empty log (all migrations pending) rather than an error.
Usage:
sql-migrate -d ./db/migrations sync | sh
sql-migrate -d ./db/migrations up | sh
Add a TokenCookies []string field checked after query params (step 5).
Each named cookie's value is passed directly to Authenticator.Authenticate
as a token, enabling cookie-based token flows alongside Bearer and query params.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
