v2.1.0

• Allow users to provide non-standard properties to client_credentials token requests via an extraParams property. This is necessary to support vendors like Auth0 and Kinde which both require an audience parameter. (@South-Paw)
• Sending client_id and client_secret in POST request body is now optionally supported. By default the credentials will still be sent in the Authorization header, but users can opt-in to using the body. The authentication method will also be discovered if an OAuth2 or OpenID discovery document is used. (@parkerduckworth)
• The fetchWrapper now has an option to disable auto-refreshing tokens. (@bradjones1)
• Bug fix: If a 'state' parameter was not used in authorization_code, it should not be required in the redirect.
• Tested with Node 20.

v2.0.18

• Didn't run make build before the last release, which causes some files in the dist/ directory to be out of date.

v2.0.17

• Correctly pass 'scope' to authorization_code redirects.

v2.0.16

• It was not possible to generate the URL to the authorization endpoint with PKCE using Node, due to depending on a global crypto object. This is fixed with fallbacks all the way back to Node 14.

v2.0.15

#70: Sending the client secret is now supported with the authorization_code
flow.

Full Changelog: v2.0.14...v2.0.15

v2.0.14

• Re-release, to publish on Github packages.

v2.0.13

Version 2 stable release!

Version 2 is a complete rewrite of this library that broadens the scope of to be a fully-featured general OAuth2 client. This package has been renamed from fetch-mw-oauth2 to @badgateway/oauth2-client.

The setup of this library has changed a lot, so if you are upgrading from 1.x.x or 0.x.x, you will have to change how you're setting up the OAuth2 setup. Take a look at the instructions in the readme to see how.

New features in v2

• A general OAuth2 client library, with functions such as authorizationCode, clientCredentials, allowing you to directly access these features.
• PKCE support for authorization_code.
• Support for OAuth2 Token Introspection (RFC7662).
• OAuth2 endpoint discovery via the Server metadata document (RFC8414).
• Now uses Node 18's native fetch implementation. It's still possible to polyfill this with node-fetch, but this is not set up by default anymore. There's documentation on setting up the polyfill in the readme.

New since the last alpha release

• Renamed this package from fetch-mw-oauth2 to @badgateway/oauth2-client.
• #59: Scope support for authorization_code flow.

v2.0.12

Version 2 stable release!

Version 2 is a complete rewrite of this library that broadens the scope of to be a fully-featured general OAuth2 client. This package has been renamed from fetch-mw-oauth2 to @badgateway/oauth2-client.

The setup of this library has changed a lot, so if you are upgrading from 1.x.x or 0.x.x, you will have to change how you're setting up the OAuth2 setup. Take a look at the instructions in the readme to see how.

New features in v2

• A general OAuth2 client library, with functions such as authorizationCode, clientCredentials, allowing you to directly access these features.
• PKCE support for authorization_code.
• Support for OAuth2 Token Introspection (RFC7662).
• OAuth2 endpoint discovery via the Server metadata document (RFC8414).
• Now uses Node 18's native fetch implementation. It's still possible to polyfill this with node-fetch, but this is not set up by default anymore. There's documentation on setting up the polyfill in the readme.

New since the last alpha release

• Renamed this package from fetch-mw-oauth2 to @badgateway/oauth2-client.
• #59: Scope support for authorization_code flow.

v1.0.1

• Maintenance release.

v2.0.10

Fetch-mw-oauth2 v2 alpha

This is an alpha version of the upcoming v2. Version 2 is a complete rewrite of this library that broadens the scope of to be a fully-featured general OAuth2 client.

The fetch wrapper is still available, but it's just one of its features. The setup of this library has changed a lot, so if you are upgrading from 1.x.x or 0.x.x, you will have to change how you're setting up the OAuth2 setup. Take a look at the instructions in the readme to see how.

New features in v2

• A general OAuth2 client library, with functions such as authorizationCode, clientCredentials, allowing you to directly access these features.
• PKCE support for authorization_code.
• Support for OAuth2 Token Introspection (RFC7662).
• OAuth2 endpoint discovery via the Server metadata document (RFC8414).
• Now uses Node 18's native fetch implementation. It's still possible to polyfill this with node-fetch, but this is not set up by default anymore. There's documentation on setting up the polyfill in the readme.