Releases: panva/node-oidc-provider
Releases · panva/node-oidc-provider
v6.11.1
Bug Fixes
- typescript: provider.callback getter type regression fixed (5cea116), closes #534
v6.11.0
Bug Fixes
- token TTL being a helper function is now accepted (a930355)
Features
- default refresh token TTL policy for SPAs follows the updated BCP (d6a2a34)
- update JWT Response for OAuth Token Introspection to draft 08 (5f917e2)
v6.10.0
Bug Fixes
Features
- update FAPI RW behaviours (a7ed27a)
- update pushed authorization requests draft (aaf5740)
v6.8.0
Features
- update fapiRW draft feature (8b927fc)
- update pushed request objects to b6cd952 (43fa8aa)
v6.7.0
Bug Fixes
- correct ssl offloading proxy documentation url in console warning (b871e99)
- handle server_error on expired unsigned request objects (7172a85)
- ignore secret and expiration timestamp on dynamic create (edge case) (d532fb2)
Features
- allow authorization requests with only a Request Object (e3fa143)
- allow structured access token customizations (4be3bb2), closes #520
- experimental support for pushed request objects (4ac3905)
- strategies for parameter merging Request Object <> OAuth 2.0 (3ad1744)
- support non-0 expiring client secrets (client_secret_expires_at) (02877f6)
v6.6.2
Bug Fixes
- do not use mounted app's ctx.cookies (ce0c06d), closes #517
v6.6.1
Bug Fixes
- extend interactionDetails to allow (req, res) (e1d69cf), closes #517
v6.6.0
Bug Fixes
- properly apply samesite=none for non-webkit browsers (ec2ffc6)
Features
- added Node.js lts/dubnium support (52e914c)
v6.5.0
Bug Fixes
- empty params are handled as if they were not provided at all (a9e0f8c)
Features
- basic and post client auth methods are now interchangeable (a019fc9)
- enable RSA-OAEP-256 when node runtime supports it (cfada87)
- new experimental support for FAPI RW Security Profile added (0c69553)
- RFC8628 has been published, device flow is now a stable feature (98a3bd4)
