oauth4webapi

Features

• add a hook for decrypting JWE assertions (62795a6)
• allow to modify issued JWT headers and payloads before signing (30931ba)

Documentation

• update docs on useMtlsAlias (006db55)

Features

• support generic token endpoint grant requests (2f454b5)

Features

• add non-repudiation signature validation methods (0916de2)

Documentation

• update JSDoc to use more link syntax (d78f090)
• update various comments and documentation (9c3f1ed)

Features

• build: add jsr.io distribution (dc6157f)

Refactor

• error msg when ID Token aud is an array and azp is missing (68e0338)
• remove redundant checks (763b3d0)

Documentation

• remove non-described parameter JSDoc tags (b1507b9)
• update README.md (9d1377b)

Fixes

• use correct "htm" in DPoP Proof via protectedResourceRequest (3ce3be2), closes #132

Features

• graduate jwksCache to stable API (0e0e1d2)

Documentation

• move clockSkew and clockTolerance docs to the symbol (3b5d2ea)
• update clockSkew and clockTolerance docs (c97313a)

Fixes

• allow ID Token auth_time to be present even if client.require_auth_time is false (caa9ab3)

Features

• add experimental support for edge compute runtimes JWKS caching (15b7aff)

Refactor

• update maxAge option type check error message (7fe3454)

Documentation

• clarify documentation is more an API Reference (c96c8e0)
• update example import (651e8ea)
• updates for readability and consistency (b1b8b7d)

Refactor

• types: add explicit type to all exported functions (76e8d19)
• types: add explicit type to all exported symbols (c66c595)
• types: protectedResourceRequest method argument is just a string (a15d76c)

Documentation

• mention RFC 6750 in validateJwtAccessToken (f61b68e), closes #115

Refactor

• make protectedResourceRequest headers argument optional (bcbc872)

Documentation

• update all examples (cdcbbde)

Fixes

• normalize authorization_details and max_age in issueRequestObject (f8d267e)

Features

• types: add interfaces for RFC 9396 (Rich Authorization Requests) (1c606ea)

Refactor

• some biome identified smells and less non-null assertions (bc508f6)

Documentation

• update customFetch and useMtlsAlias a bit (627e716)

Fixes

• types: add missing and optional scope to interfaces (5dc6d17)

Features

• graduate recently added experimental features to stable API (94da0c9)

Fixes

• check that DPoP Proof iat is recent enough (a6159e3)

Features

• add experimental support for validating JWT Access Tokens (f65deae)

Features

• allow fragment response as URL in validateDetachedSignatureResponse (bcbe2f5)

Features

• add experimental support for FAPI 1.0 (6b6b496)

Refactor

• reorganize experimental features (c8479b4)

Documentation

• update examples (779cf60)

Features

• add experimental customize fetch option (e98c1aa), closes #94
• add experimental support for mtls_endpoint_aliases (f1cb365)
• allow all of HeadersInit for HttpRequestOptions.headers (a5fe73c)

Refactor

• fetch url resolution and validation (b2e62a6)

Documentation

• fix ToC anchors to symbol properties (ed01dcf)
• return hierarchy to markdown docs (7d3b414)

Fixes

• DPoP: clockSkew in ProtectedResourceRequestOptions is a unique Symbol (1708f21)

Documentation

• expose clock skew and tolerance documentation (2d90c49)