Skip to content

v7.4.0
Compare
Choose a tag to compare
@panva panva released this 28 May 08:08
· 480 commits to main since this release
v7.4.0
d7a5ba5

⚠ BREAKING CHANGES

  • fapi: Draft feature fapiRW was replaced by a stable fapi feature.
  • fapi: The default profile for the new fapi feature is Financial-grade API Security Profile 1.0 - Part 2: Advanced (Final) rather than Financial-grade API - Part 2: Read and Write API Security Profile (ID2). ID2 albeit being an Implementer's Draft remains a possible features.fapi.profile option

Features

  • fapi: FAPI (Final and ID2) is now a stable feature (4f52a4c)
  • resourceIndicators: allow omitting resource parameter at the token endpoint (0309ec0), closes #989
  • Client Initiated Backchannel Authentication (CIBA) and FAPI-CIBA-ID1 (a217484)

Bug Fixes

  • deviceFlow: ensure pairwise device flow clients prove ownership of their jwks_uri (ec99201)
  • remove default got user-agent (d65187c)
  • skip validating client redirect_uris presence when not required (90965bb)

Note: Updates to draft specification versions are released as MINOR library versions, if you utilize these specification implementations consider using the tilde ~ operator in your package.json since breaking changes may be introduced as part of these version updates. Alternatively, acknowledge the version and be notified of breaking changes as part of your CI.

Assets 2
Loading