Skip to content

Latest commit

 

History

History
109 lines (88 loc) · 4.65 KB

CHANGELOG.md

File metadata and controls

109 lines (88 loc) · 4.65 KB
Raw

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

Unreleased

Changed

  • Renamed http://i.authnomicon.org/prompts/http/Prompt interface to module:@authnomicon/prompts.RequestHandler.

[0.0.8] - 2024-02-08

Changed

  • Moved http/service, and associated files, to service.
  • Updated passport-openidconnect dependency from 0.1.1 to 0.1.2.

0.0.7 - 2024-01-12

Added

  • Exposed prompt component which implements http://i.authnomicon.org/prompts/http/Prompt, for decoupling single-sign on prompts from underlying HTTP semantics.

0.0.6 - 2023-11-22

Added

  • Exposed http/handlers/terminate component which implements module:@authnomicon/federated.SessionTerminationHandler interface. @authnomicon/logout has a weak dependency on this interface in order to terminate login sessions at the IDP.
  • Exposed slofactory component which implements module:@authnomicon/federated.SLOProviderFactory interface. Used by http/handlers/terminate to initiate single logout at the IDP.
  • Initial implementation of post-logout redirect endpoint used in RP-initiated logout.
  • Exported openidconnect.RPInitiatedLogoutService constructor from package.

Changed

  • IDProviderFactory component no longer requires a component implementing module:@authnomicon/session.InitiationScheme interface. Instead, a new OpenIDConnectStrategy will be created and configured using the OPENID_ISSUER and related environment variables.

0.0.5 - 2023-10-19

0.0.4 - 2021-12-02

Added

  • Support for prompt query parameter to '/login/federated' endpoint, which is passed as prompt option to federated authentication strategy.

0.0.3 - 2021-11-18

Added

  • FederatedIDService can yield false to indicate that an identity obtained via a federation protocol is not from a foreign domain. In this case, the user is logged in directly, rather than querying for the associated account or JIT provisioning a new account.

0.0.2 - 2021-11-17

Added

  • Support for login_hint query parameter to '/login/federated' endpoint, which is passed as loginHint option to federated authentication strategy.
  • Support for dispatching to multiple actions from OAuth 2.0 redirect endpoint.
  • Support for dispatching to multiple actions from OAuth callback endpoint.
  • Added authorize action for storing tokens authorized by users.
  • OAuth 2.0 redirect endpoint passes protocol from state as argument when constructing IDPs, useful for indicating layers on top of OAuth 2.0, such as OpenID Connect.
  • Added OpenID Connect StateStore component at openidconnect/http/statestore.

Changed

  • Login action no longer resumes state, instead calls next middleware in stack to support subsequent actions after login.
  • location, returnTo, and resumeState are no longer passed as state properties authenticate(), as they are handled automatically by state middleware.
  • location, returnTo, and resumeState are no longer passed as options to IDProviderFactory when creating IDP.
  • Updated middleware to use flowstate@0.5.x API.
  • OAuth 2.0 state store updated to use flowstate@0.5.x API, specifically req.pushState.
  • OAuth 2.0 state store errors, rather than fails, when state middleware is not in use.
  • Improved OAuth 2.0 state store failure messages for mix-up attack countermeasures.
  • OAuth request token store updated to use flowstate@0.5.x API, specifically req.pushState.
  • OAuth request token store errors, rather than fails, when state middleware is not in use.
  • Handle use to store OAuth state is generated by joining components with "_" rather than ":".
  • Moved oauth/http/statestore component to oauth/http/requesttokenstore.

Fixed

  • repository and bugs URLs in package.json pointed to correct GitHub repository.

0.0.1 - 2021-10-21

  • Initial release.