Releases: jasonraimondi/ts-oauth2-server
Releases · jasonraimondi/ts-oauth2-server
v4.0.2
d3f1d8d
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
v4.0.1
8850215
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
- fix: express adapter status method causing build errors
Full Changelog: v4.0.0...v4.0.1
v4.0.0
cfe994b
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
Changes
There is one small breaking change for users implementing /revoke or /introspect`. And one minor, not technically breaking, but change in defaults.
(breaking) - The /revoke and /introspect endpoints will now authenticate via client_credentials by default
Before (v3.x):
new AuthorizationServer(..., {
authenticateIntrospect: false, // default was false in 3.x
authenticateRevoke: false, // default was false in 3.x
})After (v4.x):
const auth = new AuthorizationServer(..., {
authenticateIntrospect: true, // set to false to match 3.x
authenticateRevoke: true, // set to false to match 3.x
})(not-breaking, but a change) - The AuthorizationServer now enables by "client_credentials" and "refresh_token" by default.
Before (v3.x):
authorizationServer.enableGrant("client_credentials")
authorizationServer.enableGrant("revoke_token")After (v4.x):
authorizationServer.enableGrant("client_credentials") // no longer necessary
authorizationServer.enableGrant("revoke_token") // no longer necessary
// but if you want to tweak the token length of either of these grants, you can
authorizationServer.enableGrant(["client_credentials", new DateInterval("6h")])Full Changelog: v3.6.0...v4.0.0
v4.0.0-alpha.1
5e04419
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
Full Changelog: v3.6.0...v4.0.0-alpha.1
v3.6.0
036e5e4
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
- feat: support token introspection by @jasonraimondi in #148
- feat: token introspection add client credentials auth by @jasonraimondi in #150
- tests: improve adapter test suite and improve responseFromVanilla by @jasonraimondi in #153
- fix: revocation inconsistencies and match oauth spec rfc7009 by @jasonraimondi in #152
- fix: introspect and revoke to spec and return falsey instead of throwing by @jasonraimondi in #154
Whats New
- RFC7662 "OAuth 2.0 Token Introspection" - https://tsoauth2server.com/docs/endpoints/introspect
- RFC7009 "OAuth 2.0 Token Revocation" - https://tsoauth2server.com/docs/endpoints/revoke
new AuthorizationServer(..., {
authenticateIntrospect: false, // Default: false (v3.x), true (v4.x)
authenticateRevoke: false, // Default: false (v3.x), true (v4.x)
})- Default
falsevalues maintain v3.x compatibility, and you must implement your own authentication. - Setting to
trueenables client credentials authentication (v4.x behavior).
Full Changelog: v3.4.1...v3.6.0
Contributors
jasonraimondi
Assets 2
v3.6.0-alpha.5
ddf3d16
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- feat: add support for RFC7662 "OAuth 2.0 Token Introspection"
- add configuration options to control client credentials authentication for
/introspectand/revokeendpoints.
new AuthorizationServer({
authenticateIntrospect: false, // Default: false (v3.x), true (v4.x)
authenticateRevoke: false, // Default: false (v3.x), true (v4.x)
})- Default
falsevalues maintain v3.x compatibility, and you must implement your own authentication. - Setting to
trueenables client credentials authentication (v4.x behavior).
Important Notes
- If set to
false, you must implement your own authentication:- Use middleware or similar to authenticate requests before they reach these endpoints.
- Implement according to specifications:
- Introspection: RFC 7662 Section 2.1
- Revocation: RFC 7009 Section 2.1
Full Changelog: v3.6.0-alpha.1...v3.6.0-alpha.5
v3.6.0-alpha.1
d70e038
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- fix: introspect and revoke to spec and return falsey instead of throwing by @jasonraimondi in #154
Full Changelog: v3.6.0-alpha.0...v3.6.0-alpha.1
Contributors
jasonraimondi
Assets 2
v3.6.0-alpha.0
def4f83
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- fix(break): support readable streams in response to vanilla by @jasonraimondi in #149
- feat: support token introspection by @jasonraimondi in #148 #150
- tests: improve adapter test suite by @jasonraimondi in #153
- fix: revocation inconsistencies and match oauth spec rfc7009 by @jasonraimondi in #152
- docs: improve documentation
Full Changelog: v3.4.1...v3.6.0-alpha.0
Contributors
jasonraimondi
Assets 2
v3.4.1 - patch express/fastify adapters handle errors
e078a6c
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- fix: swallowed exceptions from improper exports by @jasonraimondi in #146
- docs: fix adapter error signature to match implementation by @jasonraimondi in #147
Thanks
- @noru - finding and reporting in detail the exact problem
Full Changelog: v3.4.0...v3.4.1
Contributors
jasonraimondi and noru
Assets 2
v3.4.0 - Vanilla Request/Response Adapter, new documentation site
6eabfef
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
Description
New Docs site - https://tsoauth2server.com
New VanillaJS Adapter - https://tsoauth2server.com/docs/adapters/vanilla/
What's Changed
- docs: improve documentation site by @jasonraimondi in #143
- feat: vanilla adapter (prerelease v3.4.0) by @jasonraimondi in #144
Full Changelog: v3.3.1...v3.4.0
Contributors
jasonraimondi