Skip to content

Releases: panva/node-oidc-provider

v2.14.1

13 Mar 17:22
Compare
Choose a tag to compare
  • bumped minimal debug dependency version due to its found vulnerability in lesser versions
  • adjusted documentation on refreshTokenRotation configuration option
  • adjusted documentation on TLS offloading

v2.14.0

05 Mar 08:26
Compare
Choose a tag to compare
  • added current account id from OP session to interaction sessions
  • added provider.setSessionAccountId(req, id, [ts]) helper for setting OP session from other contexts, such as interrupted interactions or password reset flows.

v2.13.1

15 Feb 12:01
Compare
Choose a tag to compare
  • clientCacheDuration no longer has any effect on static clients passed through the #provider.initialize() call

v2.13.0

29 Jan 13:01
Compare
Choose a tag to compare
  • #provider.Client.cacheClear([id]) can now optionally drop just one specific client from provider cache when provided its client_id

v2.12.0

24 Jan 15:39
Compare
Choose a tag to compare
  • findById returned struct's #claims() method will is now called with two parameters (use and scope) allowing to fine-tune the returned claims depending on the intended place for these claims.

v2.11.2

21 Jan 21:20
Compare
Choose a tag to compare
  • aligned oidc-provider:token DEBUG format
  • exposed client validation schema prototype under provider.Client.Schema

v2.11.1

17 Jan 14:38
Compare
Choose a tag to compare
  • fixed a bug where non global logouts would not trigger back and front-channel logout features for the one client that gets logged out
  • added missing backchannel.success and backchannel.error events

v2.11.0

16 Jan 20:20
Compare
Choose a tag to compare
  • added optional support for draft02 of Front-Channel Logout 1.0
    • enable with configuration features.frontchannelLogout = true;
    • adds new client properties frontchannel_logout_uri and frontchannel_logout_session_required
    • adds new discovery properties frontchannel_logout_supported and frontchannel_logout_session_supported
    • added frontchannelLogoutPendingSource helper for customizing the pending frontchannel web page HTML source
  • added no-cache headers to userinfo responses

v2.10.0

15 Jan 08:37
Compare
Choose a tag to compare
  • added audiences helper function to allow for pushing additional audiences to issued ID Tokens, this will additionally push an azp claim with the client_id value as per Core 1.0 spec defined ID Token validations.

v2.9.2

03 Jan 10:28
Compare
Choose a tag to compare
  • added used http verb to error debug messages
  • added a descriptive "method not allowed" error message