Skip to content

Latest commit

 

History

History
340 lines (229 loc) · 21.8 KB

CHANGELOG.md

File metadata and controls

340 lines (229 loc) · 21.8 KB

Change Log

v2.17.1 (2023-11-02)

Full Changelog

Fixed

v2.17.0 (2023-09-15)

Full Changelog

Added

v2.16.0 (2023-05-05)

Full Changelog

Added

v2.15.0 (2023-04-19)

Full Changelog

Added

v2.14.0 (2023-04-13)

Full Changelog

Added

v2.13.0 (2023-03-28)

Full Changelog

Added

v2.12.1 (2023-03-10)

Full Changelog

Fixed

v2.12.0 (2023-01-24)

Full Changelog

Added

  • [SDK-3911] Add support for providing a custom callback route #438 (ewanharris)

Fixed

v2.11.0 (2022-12-08)

Full Changelog

Added

Fixed

v2.10.0 (2022-11-11)

Full Changelog

Added

v2.9.0 (2022-10-17)

Full Changelog

Added

  • [SDK-3717] Add cookie prop to support more express-session stores #395 (adamjmcgrath)

v2.8.0 (2022-07-20)

Full Changelog

Added

v2.7.3 (2022-06-29)

Full Changelog

Fixed

v2.7.2 (2022-03-29)

Full Changelog

Security

  • URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect GHSA-7p99-3798-f85c

v2.7.1 (2022-02-24)

Full Changelog

Fixed

  • transactionCookie configuration should be optional #338 (BitPatty)

v2.7.0 (2022-02-17)

Full Changelog

Added

  • [SDK-3109] Add ability to pass custom logout params #329 (adamjmcgrath)
  • [SDK-3111] Add Oauth error props to http error when available #328 (adamjmcgrath)
  • [SDK-3110] Allow customising the UA header in client reqs #327 (adamjmcgrath)
  • allow configuration of same site attribute on auth_verification cookie #323 (BitPatty)

Changed

v2.6.0 (2022-01-31)

Full Changelog

Added

v2.5.2 (2021-12-09)

Full Changelog

Security

Fixed

v2.5.1 (2021-09-28)

Full Changelog

Fixed

2.5.0 (2021-07-14)

Full Changelog

Added

Fixed

2.4.0 (2021-05-11)

Full Changelog

Added

2.3.1 (2021-04-09)

Full Changelog

Fixed

2.3.0 (2021-03-10)

Full Changelog

Added

2.3.0-beta.0 (2021-02-23)

Full Changelog

To install: npm install express-openid-connect@beta

Added

2.2.1 (2021-01-25)

Full Changelog

Fixed

2.2.0 (2021-01-14)

Full Changelog

Added

Changed

2.1.0 (2020-12-15)

Full Changelog

Changed

Fixed

2.0.0-beta.0 (2020-08-31)

Full Changelog

For a full list of breaking changes and migration guide, checkout https://github.com/auth0/express-openid-connect/blob/master/V2_MIGRATION_GUIDE.md

Breaking Changes

Added

v1.0.2 (2020-05-12)

Full Changelog

Fixed

v1.0.1 (2020-04-17)

Full Changelog

Fixed

  • Fix issue where authz header was overridden in code exchange #86 (adamjmcgrath)

v1.0.0 (2020-03-30)

Full Changelog

Added

Changed

Fixed

v0.8.1 (2020-03-02)

Full Changelog

Fixed

v0.8.0 (2020-02-26)

Full Changelog

This release contains a breaking change for all applications. Please see the PR below for migration info.

Changed

v0.7.0 (2020-02-18)

Full Changelog

Added

Changed

Fixed

v0.6.0 (2020-01-14)

Full Changelog

Breaking changes in this release:

This release includes important changes to user session and token handling which will require an update for all applications.

First, a new, required configuration key - appSessionSecret (changed to appSession.secret in v0.8.0) - has been added. The value here will be used to generate keys which are in turn used to encrypt the user identity returned from the identity provider. This encrypted and signed identity is stored in a cookie and used to populate the req.openid.user property, as before. This key should be set to either a secure, random value to use this built-in session or false to provide your own custom application session handling. A value for this can be generated with openssl like so:

❯ openssl rand -hex 32
f334eb9ee5898101f90047ec46f18c2f4c082f5eeef109920d6b0fc5b79b6f29

As part of these changes, a session middleware is no longer required for this library. One can be added and used for application session and tokens (see above and below, respectively) but initialization will no longer fail if one is not present.

Additionally, tokens returned from the identity provider will no longer be stored in a session middleware automatically. If your application requires access, refresh, or ID tokens to be retrieved and stored (not just the user identity), you will need to provide a method for that storage in version 0.6.0 and beyond. See our examples page for guidance.

Closed issues

  • "legacySameSiteCookie" for auth config params is not yet available in the typings file. #44
  • Validate configured routes #21

Added

Changed

v0.5.0 (2019-10-17)

Full Changelog

Closed issues

  • Removal of automatic refresh #11

Added

Changed

  • Update default leeway and re-write API documentation #30 (joshcanhelp)

v0.4.0 (2019-09-26)

Full Changelog

Important note: This release bumps the minimum Node version required to ^10.13.0.

Closed issues

  • GetUser #10
  • Thoughts on user info endpoint? #7

Changed

Removed