v1.0.0

• Finally! Curveball v1. Only took 6 years.
• CommonJS support has been dropped. The previous version of this library supported both CommonJS and ESM. The effort of this no longer feels worth it. ESM is the future, so we're dropping CommonJS.
• Now requires Node 18.
• Upgraded to Typescript 5.3.

v0.5.0

• This package now supports ESM and CommonJS modules.
• No longer supports Node 14. Please use Node 16 or higher.

v0.4.3

• Throw a better error when session data is missing.

v0.4.2

• Actually honor the 'scope' option.

v0.4.1

v0.4.0 wasn't correctly released. This is a re-release that should make its way to npmjs.org, and also increases the minimum version for the @curveball/session peerDependency.

v0.4.0

Switch from curveball/core to curveball/kernel

v0.3.5

This is the version stable 0.3 release, and is backwards compatibility breaking.

Both this package and the @curveball/oauth2 now use the @badgateway/oauth2-client library for OAuth2 plumbing.
Setting up this middleware now requires an instance of the OAuth2Client class to be provided, instead of providing all the individual settings.

One advantage is that it can piggyback on all of oauth2-client features, in particular this adds support for:

1. PKCE
2. Endpoint discovery

The publicUri setting is also gone. Instead you should set the CURVEBALL_ORIGIN environment variable.

v0.2.1

• Storing oauth2 tokens was completely broken.

v0.2.0

• Now supports submitting HTML form. This was blocked due to CSRF problems,
  but we now validate CSRF tokens.
• This is considered a BC break, as this package requires curveball/session
  0.6, which itself has introduced a BC breka.

v0.1.4

• When redirecting to the OAuth2 authorize endpoint, this library will now
  use the full path to allow a user to be redirected back to the original
  page. Before this change the query parameters were stripped.
• Typescript target is now es2019 instead of esnext to ensure that Node v10
  is supported.
• Switch from tslint to eslint.