Releases: panva/openid-client
Releases · panva/openid-client
v5.0.1
v5.0.0
⚠ BREAKING CHANGES
- The 'query' way of passing access token to userinfo was removed.
- Access Token is now asserted to be present for userinfo and requestResource calls.
- The registry export was removed.
- FAPIClient is renamed to FAPI1Client
- FAPI1Client has default algorithms set to PS256 rather than RS256
- FAPI1Client has default tls_client_certificate_bound_access_tokens set to true
- FAPI1Client has default response_types set to
id_token code
and grant_types accordingly - FAPI1Client has no token_endpoint_auth_method set, one must be set explicitly
- Client methods
unpackAggregatedClaims
andfetchDistributedClaims
were removed with no replacement. - DPoP option inputs must be a private crypto.KeyObject or a valid crypto.createPrivateKey input.
- Issuer.prototype.keystore is now private API
- HTTP(S) request customization now only recognizes the following options 'agent', 'ca', 'cert', 'crl', 'headers', 'key', 'lookup', 'passphrase', 'pfx', and 'timeout'. These are standard node http/https module request options, got-library specific options such as 'followRedirect', 'retry', or 'throwHttpErrors' are no longer recognized.
- The arguments inside individual HTTP request customization changed, first argument is now an instance of URL, the http request options object is passed in as a second argument.
- The
response
property attached to some RPError or OPError instances is now an instance of http.IncomingMessage. Its body is available on itsbody
property as either JSON if it could be parsed, or a Buffer if it failed to pass as JSON. - Drop support for Node.js v10.x
- Only Node.js LTS releases Codename Erbium (^12.19.0) and newer are supported. Currently this means ^12.19.0 (Erbium), ^14.15.0 (Fermium), and ^16.13.0 (Gallium).
- Issuer.discover will no longer attempt to load
/.well-known/oauth-authorization-server
. To load such discovery documents pass full well-known URL to Issuer.discover.
Refactor
- DPoP input must be a private KeyObject or valid crypto.createPrivateKey input (d69af6f)
- FAPIClient is renamed to FAPI1Client (59a4e73)
- Issuer.prototype.keystore is now private API (0c23248)
- only use the native http(s) client (83376ac)
- remove automatic lookup of /.well-known/oauth-authorization-server (fc87d2b)
- remove client.unpackAggregatedClaims and client.fetchDistributedClaims (b7f261f)
- remove Registry public API export (6b91d58)
- remove the 'query' option for userinfo, assert access token (eb9d139)
- update Node.js semver support matrix (8b3044e)