Skip to content

9.0.0

Compare
Choose a tag to compare
@manfredsteyer manfredsteyer released this 04 Mar 22:33
· 227 commits to master since this release

New Features/ Merged PRs

  • ~ 50% less bundle size for code flow (recommended flow) due to putting non-treeshakable code only needed for implicit flow (not recommended anymore) into an lib of its own (see breaking change, below)
  • New demo-project quickstart-demo shows most important aspects for code flow
  • Angular 9 upgrade #718, jeroenheijmans
  • Fix for issue 661 #720, mike-rivera
  • Set userinfoEndpoint if userinfo_endpoint not exists #685, luciimon
  • Add more types in OAuthService #684, vadjs
  • Fix destroying route via silentRefresh when using hash strategy (Issue 277) #672, tpeter1985
  • Clean up more resources in ngOnDestroy #666, Andreas-Hjortland
  • Fix positioning of popup login window #664, Andreas-Hjortland
  • Fixed not using config.openUri in code flow #660, axle-h
  • Merge pull request #656 from dirkbolte/improve-error-for-missing-endpointUrl, dirkbolte
  • Add more guides on another way to use loadDiscoveryDocumentAndTryLogin #648, jonyeezs
  • Added popup related error handling for implicit grant, dekundu
  • Support hash location strategy with code flow #634, gingters
  • Unsubscribe from 'token_received' events before re-subscribing #630, l1b3r
  • Correct implementation of rfc7636 section 4.1 #629, jfyne
  • During session check, ignore messages with irrelevant origin #617, Maximaximum
  • Allow clockSkewInSec to be different from 600 #615, vdveer
  • Fixing disableAtHashCheck, not being recognized correctly #613, dorianweidler
  • Add support for code flow silent-refresh and popup #609, KevinCathcart
  • Always set expiration timers for valid token types #597, harmpauw
  • Validate self when calling crypto provider #588, ryanmwright
  • Removed duplicated condition for allowedUrls during interceptor logic and make it optional #584, adrianbenjuya
  • Add CryptoHandler to public api. #583, Chris3773

Big Thanks to all Contributers

adrianbenjuya, Andreas-Hjortland, axle-h, Chris3773, dekundu, dirkbolte, dorianweidler, gingters, harmpauw, jeroenheijmans, jfyne, jonyeezs, KevinCathcart, l1b3r, luciimon, Maximaximum, mike-rivera, ryanmwright, tpeter1985, vadjs, vdveer

Also, big thanks to jeroenheijmans for doing an awesome job with moderating and analyzing the issues.

You all rock!

Resolved Bugs

  • AutoSilentRefresh doesn't work after refresh the page bug #444
  • Event type 'received_first_token' is never fired bug #564
  • loadUserProfile will return roles of last user if current user has no roles assigned bug investigation-needed #580
  • OAuthResourceServerConfig: customUrlValidation not used when allowedUrls not set bug future-version pr-welcome #593
  • Url Helper Service should not discard question marks when parsing hash fragment bug investigation-needed #604
  • Code Flow erroring out due to multipe expiry events bug pr-welcome #632
  • Emit token_expires if token has already expired bug #637
  • Unhandled Promise rejection: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document bug #641
  • postMessage interfering issue bug #657
  • Does Authorization Code Flow work with loadDiscoveryDocumentAndLogin(); bug #661
  • Refresh timer not started after page reload bug investigation-needed #683
  • refresh with code flow bug #688
  • Debug mode with custom Logger breaks bug pr-welcome #709
  • tryLoginCodeFlow Removing ? from URL Which is Invalid bug investigation-needed

Breaking Changes

With regards to tree shaking, beginning with version 9, the JwksValidationHandler has been moved to a library of its own. If you need it for implementing implicit flow, please install it using npm:

npm i angular-oauth2-oidc-jwks --save

After that, you can import it into your application by using this:

import { JwksValidationHandler } from 'angular-oauth2-oidc-jwks';

instead of that:

import { JwksValidationHandler } from 'angular-oauth2-oidc';

Please note, that this dependency is not needed for the code flow, which is nowadays the recommended flow for single page applications. This also results in smaller bundle sizes.