node-openid-client

Bug Fixes

• ensure minimal got version handles upcoming node version changes (fd737a3)

⚠ BREAKING CHANGES

• the deprecated issuer.key() method was removed
• due to added ESM module support Node.js version with ESM implementation bugs are no longer supported, this only affects early v13.x versions. The resulting Node.js semver range is ^10.19.0 || >=12.0.0 < 13 || >=13.7.0 (also taking into account the got dependency update)
• upgraded got http request library dependency from v9.x to v11.x. If you override some of the http request options you will most certainly have to accomodate them.
• Signed Request Object "typ" changed from JWT to oauth.authz.req+jwt
• Encrypted Request Object "cty" changed from JWT to oauth.authz.req+jwt
• PKCE is now used by default in the passport strategy
• client.userinfo() verb parameter was renamed to method
• the deprecated client.resource() method was removed

Features

• added support for ESM (ECMAScript modules) (3ac37e8)
• passport strategy will now use PKCE by default where applicable (56f9fe7)

Bug Fixes

• request object type changed from 'JWT' to 'oauth.authz.req+jwt' (641a42f)

Refactor

• remove deprecated client.resource() (c0ec865)
• remove deprecated issuer.key() (5cd1ecf)
• rename client.userinfo() verb parameter to method (4cb21a4)
• upgrade got from v9.x to v11.x (c72b5e8)

Bug Fixes

• typescript: add missing types (#284) (49e0ff0)

Bug Fixes

• typescript: max_age in AuthorizationParameters is a number (5ce2a73), closes #279

Bug Fixes

• allow AAD appid including discovery URLs to be multi-tenant (c27caab)

Chores

• dependency updates

Refactor

• fixup for removed lodash dependency (13a05fd), closes #272

Bug Fixes

• merge helper returns modified object, leftovers removed (2e3339b)

Bug Fixes

• regression from #272 (9bff960)

Refactor

• removes lodash dependency (7bc9b91), closes #272

Bug Fixes

• give AAD v1 common same treatment as v2 common (2344e00), closes #269

Bug Fixes

• allow any JSON numeric value for timestamp values (a24a759), closes #263

Bug Fixes

• A192CBC-HS384 and A256CBC-HS512 direct encryption key derivation (c356bbe)

Features

• add RPError indicators for unix timestamp comparison failures (fe3db5c), closes #250

Bug Fixes

• typescript: add options arg to TypeOfGenericClient (b97b028)

Bug Fixes

• assert refresh_token grant ID Token sub to equal previous (23f3f9f)

Features

• support additional authorized parties (c9268ce), closes #231

Features

• add support for RSA-OAEP-384 and RSA-OAEP-512 JWE algorithms (6c696e9)

Bug Fixes

• ensure jose version that handles ECDH-ES for larger key sizes right (e91001a)

Bug Fixes

• allow multiple keys to match when selecting encryption key for request object (fa3fa67)

Bug Fixes

• allow omitting the *_enc attributes (default 'A128CBC-HS256') (6567c73)

Features

• new API for fetching arbitrary resources with the access token (c981ed6), closes #222