Skip to content

Releases: panva/node-oidc-provider

v2.9.1

03 Jan 10:30
Compare
Choose a tag to compare
  • fixed useRequest to be a static method as documented

v2.9.0

03 Jan 10:30
Compare
Choose a tag to compare
  • added and documented the optional use of request instead of got
    for deployments requiring http(s) proxies to reach out to the internet wilderness

v2.8.3

03 Jan 10:31
Compare
Choose a tag to compare
  • fixed token expires_in to be based off an overloadable BaseToken expiration() instance method
  • fixed token introspection response for consumed tokens

v2.8.2

03 Jan 10:31
Compare
Choose a tag to compare
  • changed grant_type requires to resolve oidc-provider loading through webpack

v2.8.0

03 Jan 10:31
Compare
Choose a tag to compare
  • added provider clockTolerance option
  • fixed clients with jwks_uri failing to be fetched blocking the initialize call
  • fixed successful client keystore refresh after failed verification to pass
  • bumped node-jose dependency

v2.7.2

03 Jan 10:32
Compare
Choose a tag to compare
  • adjusted the client schema to ignore extra properties for disabled features
  • fixed encrypted ID Tokens without a used alg (json payload) to have cty (content-type) json
  • fixed unsigned ID Tokens missing *_hash properties
  • request_uri response caching now also handles expires response headers

Note: 2.7.0 and 2.7.1 yanked for the bugs they introduced

v2.6.0

03 Jan 10:32
Compare
Choose a tag to compare
  • added scope to successful token (authorization_code, refresh_token) responses
  • updated dependencies (got@8.x, removed deprecated buffer-equals-constant)

v2.5.1

03 Jan 10:32
Compare
Choose a tag to compare
  • fixed already authorized application_type=native prompt=none authorizations to be able to check
    if the authorization is still present
  • bumped session management jsSHA cdn dependency version

v2.5.0

03 Jan 10:32
Compare
Choose a tag to compare
  • added an option to return metadata alongside with interaction results, this metadata is then
    retrievable i.e. during the interactionCheck call. #164, #165
  • added an option to return error instead of the standard interaction results, the provider
    will take this error (and error_description when provided) and resolve the authorization request
    with it. #167, #168
  • fixed Token#find() swallowing adapter#find errors
  • fixed introspection swallowing rethrown adapter#find errors

v2.4.1

03 Jan 10:32
Compare
Choose a tag to compare
  • fixed token upsert expiration to respect token's instance expiration