All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog.
7.2.0 — 2024-11-25
- Include scope in token for authorization_code and refresh_token grants (by PetrasJaug)
- Add PKCE support (by tanettrimas)
- Update dependencies
7.1.2 — 2024-05-21
- Add support for Node.js 22 (by sheinbergon)
7.1.1 — 2023-10-24
- Be a better citizen in an ECMAScript modules world
7.1.0 — 2023-10-23
- Add support for "aud" claim in "client_credentials" grants (by kadams54)
- Update dependencies
7.0.0 — 2023-10-04
- Breaking: No longer support Node.js 16
6.0.1 — 2023-10-03
- Update dependencies to fix:
6.0.0 — 2023-06-19
- Breaking: No longer support Node.js 14
- Fix authorize endpoint compliance (remove scope requirement, make state optional) (by jirutka)
- Add support for Node.js 20
- Update dependencies
5.0.2 — 2023-02-20
- Update dependencies to fix:
5.0.1 — 2022-10-04
- Update dependencies to fix:
5.0.0 — 2022-06-27
- Breaking: No longer support Node.js 12
- Add support for Node.js 18
4.3.2 — 2022-06-27
- Update dependencies
4.3.1 — 2022-03-29
- Update dependencies to fix:
4.3.0 — 2022-02-01
- Support the token introspection endpoint (by cfman)
4.2.0 — 2022-01-28
- Add support for custom endpoint pathnames (by roskh)
- Teach
/token
endpoint to support JSON content type (by roskh)
4.1.1 — 2021-11-18
- Fix regression: Prevent unhandled rejected promises when incorrectly invoking the /token endpoint
4.1.0 — 2021-11-15
- HTTPS support (by lbestftr)
4.0.0 — 2021-10-25
- Add
/endsession
endpoint (by AndTem) - Support
EdDSA
algorithm
- Breaking: Drop support for Node.js 10
- No longer accepts PEM encoded keys
- No longer supports generating unsigned JWTs
- Breaking: Reworked exposed API. Please refer to the migration guide for more information.
- Add support for Node.js 16
3.2.0 — 2021-08-03
- Add
subject_types_supported
OpenID Provider Metadata field (by jjbooth74)
3.1.0 — 2020-11-30
- Add authorize redirect event (by markwallsgrove)
3.0.3 — 2020-11-12
- Fix regression: When adding a key to the KeyStore, do not normalize key "use" value to "sig" when already defined
3.0.2 — 2020-10-29
- Support Nodejs 14.15 LTS
3.0.1 — 2020-10-23
- Include missing files on pack/publish
3.0.0 — 2020-10-22
- TypeScript type definitions (#48)
- Straightened definitions of optional parameters:
null
is no longer considered as a non valued parameter value;undefined
bears that meaning.
2.0.0 — 2020-10-01
- Honor OpenID Connect
nonce
(#34 by @HASHIMOTO-Takafumi)
- No longer support Node 8
1.5.1 — 2020-04-06
- Update
npm
dependencies to fix:
1.5.0 — 2020-01-23
- Add HTTP request object to
OAuth2Service
's events - Add
beforeTokenSigning
event toOAuth2Service
1.4.0 — 2020-01-15
- Update
npm
dependencies to fix:
- Add missing
aud
claim under Authorization Code Flow
- Add CORS support
1.3.3 — 2019-09-25
- Update
npm
dependencies to fix:
- Update license's legal entity.
1.3.2 — 2019-08-09
- Update
npm
dependencies to fix:
1.3.1 — 2019-06-07
- Update
npm
dependencies to fix:
1.3.0 — 2019-06-03
- Add revocation endpoint
1.2.0 — 2019-03-19
- Add Authorization code grant
- Add Refresh token grant
- Add Userinfo endpoint
- Update
npm
dependencies to fix CVE-2018-16469
1.1.0 — 2018-08-02
- Add Resource Owner Password Credentials grant
- Add missing cache control headers on
/token
responses
Initial release.