Changelog
All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
2.5.0 (2024-01-10)
Features
- add experimental customize fetch option (e98c1aa), closes #94
- add experimental support for mtls_endpoint_aliases (f1cb365)
- allow all of HeadersInit for HttpRequestOptions.headers (a5fe73c)
Refactor
- fetch url resolution and validation (b2e62a6)
Documentation
2.4.5 (2024-01-09)
Fixes
- DPoP: clockSkew in ProtectedResourceRequestOptions is a unique Symbol (1708f21)
Documentation
- expose clock skew and tolerance documentation (2d90c49)
2.4.4 (2024-01-09)
Fixes
- handle Response objects with empty string url in processDpopNonce (f2c9415)
2.4.3 (2024-01-06)
2.4.2 (2024-01-05)
Documentation
- add distribution links to README.md (29bb947)
Fixes
- encode client_secret_basic - _ . ! ~ * ’ ( ) characters (f926175)
2.4.1 (2024-01-03)
Refactor
- create Request instances before passing them to fetch (02ab110)
- types: mark always lowercased values and keys as Lowercase (89e7a77)
Documentation
- categorize APIs in docs/README.md (c28efda)
- expose Indexed Access Types (54c4393)
- update EdDSA description (9765e7a)
2.4.0 (2023-11-15)
Features
- add the cause property to errors where possible (07c95f7)
Refactor
- use AlgorithmIdentifier instead of Algorithm where possible (e2ae2f3)
Fixes
- base64url decode errors are OperationProcessingError (7f4a878)
2.3.0 (2023-04-26)
Features
- allow Record and string[][] as parameter arguments (021b85f)
2.2.4 (2023-04-24)
Refactor
- brand URLSearchParams instead of extending URLSearchParams (8e62c8a)
2.2.3 (2023-04-21)
2.2.2 (2023-04-21)
Refactor
- types: enforce flat interfaces (c958d61)
2.2.1 (2023-04-13)
Fixes
- return undefined from getValidatedIdTokenClaims as documented (678b12d)
2.2.0 (2023-03-10)
Features
- allow the client’s assumed current time to be adjusted (5051a5d), closes #49 #50
- allow the client’s DateTime claims tolerance to be adjusted (3936a56), closes #49 #50
2.1.0 (2023-02-09)
Features
- add more asymmetric JWS algorithms (af43ec7)
2.0.6 (2022-12-16)
Fixes
- build: fixup user agent version after version bump (e1c3ed8)
2.0.5 (2022-12-11)
2.0.4 (2022-11-27)
Refactor
- weak maps instead of symbols (e551edc)
2.0.3 (2022-11-25)
Fixes
2.0.1 (2022-11-21)
Fixes
- claims parameter encoding in issued request objects (3eb165a)
Performance
- cache public DPoP CryptoKey’s JWK representation for re-use (2858d06)
2.0.0 (2022-11-20)
⚠ BREAKING CHANGES
- Use the TLS server validation in
processAuthorizationCodeOpenIDResponse
to validate the issuer instead of checking the ID Token’s signature. The function’soptions
argument was removed. - Use the TLS server validation in
processDeviceCodeResponse
to validate the issuer instead of checking the optional ID Token’s signature. The function’soptions
argument was removed. - Use the TLS server validation in
processIntrospectionResponse
to validate the issuer instead of checking the optional JWT Introspection Response signature. The function’soptions
argument was removed. - Use the TLS server validation in
processRefreshTokenResponse
to validate the issuer instead of checking the optional ID Token’s signature. The function’soptions
argument was removed. - Use the TLS server validation in
processUserInfoResponse
to validate the issuer instead of checking the optional JWT UserInfo Response signature. The function’soptions
argument was removed. - PAR w/ DPoP no longer automatically adds
dpop_jkt
to the authorization request. - Removed
calculateJwkThumbprint
function export. - Removed
jwksRequest
function export. - Removed
processJwksResponse
function export.
Refactor
- remove ignored and unused exports (4a545df)
- use TLS server validation instead of jwt signature validations (f728110)
1.4.1 (2022-11-20)
Refactor
- deno: add mod.ts to deno.land/x (0778278)
- use RsaHashedKeyAlgorithm in checkRsaKeyAlgorithm (94aa31c)
1.4.0 (2022-11-08)
Features
- add bun as a supported runtime (707efd1)
1.3.0 (2022-10-31)
Features
- allow to skip JWT signature validation on select responses (44d9114)
1.2.2 (2022-10-20)
Refactor
- add a type check on AbortSignal (b013fef)
- align argument and function names in assert functions (8ea65f6)
- update “as” error messages (3e894f5)
1.2.1 (2022-10-10)
1.2.0 (2022-09-14)
Features
- add experimental EdDSA (Ed25519) JWS algorithm support (f70d4d5)
1.1.4 (2022-08-26)
Fixes
- typescript: resolve ts4.8 issue (572c6de)
1.1.3 (2022-07-20)
1.1.2 (2022-07-12)
1.1.1 (2022-07-04)
Fixes
- processing pure oauth2 code response ignores invalid ID tokens (282705a)
1.1.0 (2022-06-28)
Features
- allow AbortSignal-returning function as well as an instance (90d21b8)
1.0.5 (2022-06-17)
Fixes
1.0.4 (2022-06-09)
Fixes
1.0.3 (2022-05-23)
Fixes
- skip recalculating dpop_jkt in PAR if already set (9499ccd)
1.0.2 (2022-05-19)
1.0.1 (2022-05-18)
Fixes
- reject unsupported token_type values (3d2cc0c)
1.0.0 (2022-05-13)
0.9.0 (2022-05-13)
⚠ BREAKING CHANGES
- types: rename TokenEndpointAuthMethod type to ClientAuthenticationMethod
Refactor
- types: rename TokenEndpointAuthMethod type to ClientAuthenticationMethod (6028fd8)
0.8.0 (2022-05-06)
⚠ BREAKING CHANGES
- getValidatedIdTokenClaims throws if ref isnt weak referenced
- remove client_secret_jwt
Refactor
- getValidatedIdTokenClaims throws if ref isnt weak referenced (1ee5485)
- remove client_secret_jwt (7611169)
0.7.0 (2022-05-05)
⚠ BREAKING CHANGES
- ensure supported key in calculateJwkThumbprint
- clientCredentialsGrantRequest now requires parameters
Features
- explicitly add dpop_jkt to par request when using dpop (e6acd99)
Refactor
- clientCredentialsGrantRequest now requires parameters (76e4fea)
- ensure supported key in calculateJwkThumbprint (540f6cf)
0.6.4 (2022-05-04)
Features
- add utility for calculating dpop_jkt from a crypto key (045dd10)
0.6.3 (2022-05-04)
0.6.2 (2022-05-03)
Features
- add utility for generating crypto key pairs (d8f3e90)
0.6.1 (2022-05-02)
Fixes
- types: validateJwtAuthResponse expectedState is optional (e618089)
0.6.0 (2022-04-28)
⚠ BREAKING CHANGES
- remove encrypted JAR support
Refactor
- remove encrypted JAR support (4352049)
Fixes
0.5.2 (2022-04-27)
Features
- force jwks refetch every 10 minutes (ae35bae)
Fixes
- correct jwks refetch minimal interval (8af6f85)
0.5.1 (2022-04-27)
Fixes
- assert no client private key is provided unless needed (ac6be64)
- assert no client secret is provided unless needed (604d8f3)
- ensure issueRequestObject does not mutate input parameters (7b62b82)
0.5.0 (2022-04-27)
⚠ BREAKING CHANGES
- deno: support deno ^1.21.0 (removed 1.20.x from CI)
- types: rename SignalledRequestOptions interface to HttpRequestOptions
Features
- option to add headers to http requests (94a2ecb)
Refactor
- deno: support deno ^1.21.0 (removed 1.20.x from CI) (764db58)
- types: rename SignalledRequestOptions interface to HttpRequestOptions (e4058d8)
0.4.0 (2022-04-25)
⚠ BREAKING CHANGES
- trim down the supported JOSE algorithms
Refactor
- trim down the supported JOSE algorithms (3a9e9a5)
0.3.3 (2022-04-14)
0.3.2 (2022-04-11)
Features
- allow all key inputs to be CryptoKey instances (f405719)
0.3.1 (2022-04-10)
0.3.0 (2022-04-10)
⚠ BREAKING CHANGES
- types: force types without string defaults
Refactor
- types: force types without string defaults (188b252)
0.2.2 (2022-04-07)
Features
0.2.1 (2022-04-05)
0.2.0 (2022-04-01)
⚠ BREAKING CHANGES
- ensure 2048 RSA keys are used for RSA-OAEP too
Fixes
- ensure 2048 RSA keys are used for RSA-OAEP too (f4eda79)
0.1.0 (2022-04-01)
⚠ BREAKING CHANGES
- ensure 2048 RSA keys are used
Fixes
- ensure 2048 RSA keys are used (ad707c0)
0.0.11 (2022-04-01)
0.0.10 (2022-03-29)
Fixes
- remove off-spec “default optional JWT typ” checks (34e524a)
0.0.9 (2022-03-28)
Fixes
- normalize jwt typ when one is expected (e161ee3)
0.0.8 (2022-03-28)
0.0.7 (2022-03-23)
0.0.6 (2022-03-18)
0.0.5 (2022-03-17)
Fixes
- jarm: correct message when jarm response is passed to validateAuthResponse (9ef7ce8)
0.0.4 (2022-03-17)
0.0.3 (2022-03-16)
Features
- client_secret_jwt authentication method (93fc723)
Fixes
- typescript: allow any string into “alg” and “enc” client fields (e6a8649)
0.0.2 (2022-03-16)
Fixes
- set a proper user-agent string (1fbb173)