Skip to content

v2.0.0
Compare
Choose a tag to compare
@panva panva released this 03 Jan 10:34
· 2029 commits to main since this release
v2.0.0
86b9c95

Breaking Changes

  • oidc-provider now requires node v8.0.0 or higher for ES2015, async function and utils.promisify support
  • internal koa (and related) dependencies updated to their respective 'next' or koa2 middleware
    compatible versions
  • adapter must now be passed into #initialize()
  • helper functions which returned or accepted generators will no longer work, use async functions
  • helper functions no longer have koa ctx bound to this, instead their signature is changed
  • interactionUrl helper signature changed to (ctx, interaction) and is now awaited
  • renderError helper signature changed to (ctx, error) and is now awaited
  • uniqueness helper signature changed to (ctx, jti, expiresAt)
  • interactionCheck helper signature changed to (ctx)
  • default interactionCheck helper requires all native application client authorizations to pass
    through interactions
  • findById helper signature changed to (ctx, accountId)
  • postLogoutRedirectUri configuration option is now a helper function and is awaited to
  • default acrValues configuration option is now empty, if you used the old values ['0', '1', '2'],
    you must configure the value explicitly
  • ctx.prompted renamed to more descriptive ctx.promptPending
  • default refreshTokenRotation changed from 'none' to 'rotateAndConsume'
  • pkce.skipClientAuth removed, native clients not willing to submit secrets should be registered
    with method none
  • features.requestUri enabled by default with requireRequestUriRegistration
  • features.oauthNativeApps enabled by default
  • features.oauthNativeApps automatically enables features.pkce with { forcedForNative: true }
  • interaction details no longer utilize cookies to store the details and request parameters,
    short lived sessions are created and maintained via the adapter instead
  • Integrity keystore is no longer used, random strings are used to generate a lengthy token,
    a none signed JWT is used to store the metadata, keeping the datasets the same as 1.x
  • interaction helper provider#interactionDetails now returns a Promise, it reads the short lived
    session id and loads the details using your adapter
  • interaction helper provider.interactionFinished now returns a Promise, it reads the short lived
    session id and stores the interaction results there
  • default token TTLs shortened
  • Request Object iss (issuer) and aud (audience) values are now being validated to be equal to
    Client's identifier (iss) and the OP Issuer identifier (aud) when present in a Request Object

New features

  • static function named connect can now be present on an Adapter prototype, this will be awaited
    during initialization, use to establish the necessary adapter connections
  • introspection and revocation endpoint authentication now has dedicated settings and properties,
    unless specific settings for those are provided they default to what's provided for token_endpoint
    equivalents, this allows for fine-tuning while not disrupting existing behavior
  • new client metadata supported:
    • introspection_endpoint_auth_method
    • introspection_endpoint_auth_signing_alg
    • revocation_endpoint_auth_method
    • revocation_endpoint_auth_signing_alg
  • new configuration properties:
    • introspectionEndpointAuthMethods
    • introspectionEndpointAuthSigningAlgValues
    • unsupported.introspectionEndpointAuthSigningAlgValues
    • revocationEndpointAuthMethods
    • revocationEndpointAuthSigningAlgValues
    • unsupported.revocationEndpointAuthSigningAlgValues
  • new discovery properties:
    • introspection_endpoint_auth_methods_supported
    • introspection_endpoint_auth_signing_alg_values_supported
    • revocation_endpoint_auth_methods_supported
    • revocation_endpoint_auth_signing_alg_values_supported
Assets 2
Loading