Releases: panva/oauth4webapi
Releases · panva/oauth4webapi
v2.11.1
Fixes
- allow ID Token auth_time to be present even if client.require_auth_time is false (caa9ab3)
v2.11.0
Features
- add experimental support for edge compute runtimes JWKS caching (15b7aff)
Refactor
- update maxAge option type check error message (7fe3454)
Documentation
- clarify documentation is more an API Reference (c96c8e0)
- update example import (651e8ea)
- updates for readability and consistency (b1b8b7d)
v2.10.4
Refactor
- types: add explicit type to all exported functions (76e8d19)
- types: add explicit type to all exported symbols (c66c595)
- types: protectedResourceRequest method argument is just a string (a15d76c)
Documentation
- mention RFC 6750 in validateJwtAccessToken (f61b68e), closes #115
v2.10.3
Refactor
- make protectedResourceRequest headers argument optional (bcbc872)
Documentation
v2.10.2
Fixes
- normalize authorization_details and max_age in issueRequestObject (f8d267e)
v2.10.0
Features
- types: add interfaces for RFC 9396 (Rich Authorization Requests) (1c606ea)
Refactor
- some biome identified smells and less non-null assertions (bc508f6)
Documentation
- update customFetch and useMtlsAlias a bit (627e716)
Fixes
- types: add missing and optional scope to interfaces (5dc6d17)
v2.9.0
Features
- graduate recently added experimental features to stable API (94da0c9)
v2.8.1
Fixes
- check that DPoP Proof iat is recent enough (a6159e3)
v2.8.0
Features
- add experimental support for validating JWT Access Tokens (f65deae)
v2.7.0
Features
- allow fragment response as URL in validateDetachedSignatureResponse (bcbe2f5)