All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Renamed
http://i.authnomicon.org/prompts/http/Prompt
interface tomodule:@authnomicon/prompts.RequestHandler
.
- Moved
http/service
, and associated files, toservice
. - Updated
passport-openidconnect
dependency from 0.1.1 to 0.1.2.
0.0.7 - 2024-01-12
- Exposed
prompt
component which implementshttp://i.authnomicon.org/prompts/http/Prompt
, for decoupling single-sign on prompts from underlying HTTP semantics.
0.0.6 - 2023-11-22
- Exposed
http/handlers/terminate
component which implementsmodule:@authnomicon/federated.SessionTerminationHandler
interface.@authnomicon/logout
has a weak dependency on this interface in order to terminate login sessions at the IDP. - Exposed
slofactory
component which implementsmodule:@authnomicon/federated.SLOProviderFactory
interface. Used byhttp/handlers/terminate
to initiate single logout at the IDP. - Initial implementation of post-logout redirect endpoint used in RP-initiated logout.
- Exported
openidconnect.RPInitiatedLogoutService
constructor from package.
IDProviderFactory
component no longer requires a component implementingmodule:@authnomicon/session.InitiationScheme
interface. Instead, a newOpenIDConnectStrategy
will be created and configured using theOPENID_ISSUER
and related environment variables.
0.0.5 - 2023-10-19
0.0.4 - 2021-12-02
- Support for
prompt
query parameter to '/login/federated' endpoint, which is passed asprompt
option to federated authentication strategy.
0.0.3 - 2021-11-18
FederatedIDService
can yieldfalse
to indicate that an identity obtained via a federation protocol is not from a foreign domain. In this case, the user is logged in directly, rather than querying for the associated account or JIT provisioning a new account.
0.0.2 - 2021-11-17
- Support for
login_hint
query parameter to '/login/federated' endpoint, which is passed asloginHint
option to federated authentication strategy. - Support for dispatching to multiple actions from OAuth 2.0 redirect endpoint.
- Support for dispatching to multiple actions from OAuth callback endpoint.
- Added
authorize
action for storing tokens authorized by users. - OAuth 2.0 redirect endpoint passes protocol from state as argument when constructing IDPs, useful for indicating layers on top of OAuth 2.0, such as OpenID Connect.
- Added OpenID Connect
StateStore
component atopenidconnect/http/statestore
.
- Login action no longer resumes state, instead calls next middleware in stack to support subsequent actions after login.
location
,returnTo
, andresumeState
are no longer passed as state propertiesauthenticate()
, as they are handled automatically by state middleware.location
,returnTo
, andresumeState
are no longer passed as options toIDProviderFactory
when creating IDP.- Updated middleware to use
flowstate@0.5.x
API. - OAuth 2.0 state store updated to use
flowstate@0.5.x
API, specificallyreq.pushState
. - OAuth 2.0 state store errors, rather than fails, when state middleware is not in use.
- Improved OAuth 2.0 state store failure messages for mix-up attack countermeasures.
- OAuth request token store updated to use
flowstate@0.5.x
API, specificallyreq.pushState
. - OAuth request token store errors, rather than fails, when state middleware is not in use.
- Handle use to store OAuth state is generated by joining components with "_" rather than ":".
- Moved
oauth/http/statestore
component tooauth/http/requesttokenstore
.
repository
andbugs
URLs inpackage.json
pointed to correct GitHub repository.
0.0.1 - 2021-10-21
- Initial release.