Releases: panva/oauth4webapi
Releases · panva/oauth4webapi
v2.10.0
Features
- types: add interfaces for RFC 9396 (Rich Authorization Requests) (1c606ea)
Refactor
- some biome identified smells and less non-null assertions (bc508f6)
Documentation
- update customFetch and useMtlsAlias a bit (627e716)
Fixes
- types: add missing and optional scope to interfaces (5dc6d17)
v2.9.0
Features
- graduate recently added experimental features to stable API (94da0c9)
v2.8.1
Fixes
- check that DPoP Proof iat is recent enough (a6159e3)
v2.8.0
Features
- add experimental support for validating JWT Access Tokens (f65deae)
v2.7.0
Features
- allow fragment response as URL in validateDetachedSignatureResponse (bcbe2f5)
v2.6.0
Features
- add experimental support for FAPI 1.0 (6b6b496)
Refactor
- reorganize experimental features (c8479b4)
Documentation
v2.5.0
Features
- add experimental customize fetch option (e98c1aa), closes #94
- add experimental support for mtls_endpoint_aliases (f1cb365)
- allow all of HeadersInit for HttpRequestOptions.headers (a5fe73c)
Refactor
- fetch url resolution and validation (b2e62a6)
Documentation
- fix ToC anchors to symbol properties (ed01dcf)
- return hierarchy to markdown docs (7d3b414)
v2.4.5
Fixes
- DPoP: clockSkew in ProtectedResourceRequestOptions is a unique Symbol (1708f21)
Documentation
- expose clock skew and tolerance documentation (2d90c49)
v2.4.4
Fixes
- handle Response objects with empty string url in processDpopNonce (f2c9415)
v2.4.3
Revert "fix: encode client_secret_basic - _ . ! ~ * ' ( ) characters"
This reverts commit f926175, even though it is the correct implementation some of the most widely used identity providers don't follow the specification.
