Releases: panva/node-oidc-provider
Releases · panva/node-oidc-provider
v2.14.1
- bumped minimal
debug
dependency version due to its found vulnerability in lesser versions
- adjusted documentation on
refreshTokenRotation
configuration option
- adjusted documentation on TLS offloading
v2.14.0
- added current account id from OP session to interaction sessions
- added
provider.setSessionAccountId(req, id, [ts])
helper for setting OP session from other contexts, such as interrupted interactions or password reset flows.
v2.13.1
clientCacheDuration
no longer has any effect on static clients passed through the #provider.initialize()
call
v2.13.0
#provider.Client.cacheClear([id])
can now optionally drop just one specific client from provider cache when provided its client_id
v2.12.0
findById
returned struct's #claims()
method will is now called with two parameters (use and scope) allowing to fine-tune the returned claims depending on the intended place for these claims.
v2.11.2
- aligned
oidc-provider:token
DEBUG format
- exposed client validation schema prototype under
provider.Client.Schema
v2.11.1
- fixed a bug where non global logouts would not trigger back and front-channel logout features for the one client that gets logged out
- added missing
backchannel.success
and backchannel.error
events
v2.11.0
- added optional support for draft02 of Front-Channel Logout 1.0
- enable with configuration
features.frontchannelLogout = true
;
- adds new client properties
frontchannel_logout_uri
and frontchannel_logout_session_required
- adds new discovery properties
frontchannel_logout_supported
and frontchannel_logout_session_supported
- added
frontchannelLogoutPendingSource
helper for customizing the pending frontchannel web page HTML source
- added no-cache headers to userinfo responses
v2.10.0
- added
audiences
helper function to allow for pushing additional audiences to issued ID Tokens, this will additionally push an azp
claim with the client_id
value as per Core 1.0 spec defined ID Token validations.
v2.9.2
- added used http verb to error debug messages
- added a descriptive "method not allowed" error message