A new /cron endpoint has been introduced, which triggers a cleanup routine.
The cleanup routine loops over all existing clients and deletes all that are
older than the value configured in config.ini.
Periodically calling the cron endpoint is the responsibility of the server admin.
The UserInfo endpoint is for fetching the users profile (name, email, phone number, picture, and so on). Token introspection is for inspecting the access token and determining the authorities the user has (subject (principal), entitlements, and scopes granted).
The information is sent via the cookie 'server_settings'. The value is a
base64-encoded json object containing the data necessary
for site-specific customization.
Also fixed a bug that was preventing the 'add new client' button from being
disabled when the client limit is reached.
If configured, anyone missing the required entitlement will now be denied
access to the application and its api endpoints. If unset, any authenticated
user is accepted.
