Django-digid-eherkenning

===================

Bugfix release

* Fixed invalid key/certificate pairs not being skipped in the certificate selection
process.

===================

Small bugfix to make sure ``CertificateProblem`` can be pickled.

===================

**💥⚠️ Breaking changes**

* Removed the ``generate_digid_metadata``, ``generate_eherkenning_metadata`` and
``generate_eherkenning_dienstcatalogus`` management commands. This metadata is
available through the admin interface and existing URLs/views.

**Features**

* [75] The metadata XML pages now force the download of the XML file rather than
letting the browser display it.
* [74] Added support for "future" SAML certificates. When your current signing
certificate is close to expiry, you can prepare the new certificate and generate +
exchange the new metadata with the identity provider for a seamless transition once
the old certificate expires.

**Other changes**

* Support for encrypted private keys is moved to the certificate management
application. You can enter the passphrase there instead of in the DigiD/eHerkenning
configuration forms.

===================

Small iteration on OIDC integration.

* Removed the ``oidc_exempt_urls`` fields from the configuration models, following the
change in ``mozilla-django-oidc-db``.

===================

Further iteration on the OIDC integration.

* 💥⚠️ Renamed the ``OpenIDConnectBaseConfig`` base model to ``BaseConfig``
* Added "level of assurance" claim configuration
* Added ability to specify a fallback LOA value
* Added ability to map claim values to their standard values
* Added ``digid_eherkenning.oidc.claims.process_claims`` helper to normalize received
claims from the OIDC provider for further processing. See the tests for the intended
behaviour.
* Added Dutch translations.

===================

Feature and Maintenance release

**💥⚠️ Breaking changes**

* Dropped support for Django versions older than 4.2 (LTS).
* Dropped support for Python versions older than 3.10.

**Features**

* Added optional dependency group for OIDC support. Install with
``django-digid-eherkenning[oidc]``.
* Ported Open Forms' ``digid_eherkenning_oidc_generics`` into the
``digid_eherkenning.oidc`` sub-package, which is opt-in.
* Extended OpenID Connect configuration models to be able to capture all relevant
authentication context data.

The OpenID Connect features are currently considered to be in "preview" mode until we've
battle-tested them in Open Forms and Open Inwoner.