9.0.0
New Features/ Merged PRs
- ~ 50% less bundle size for code flow (recommended flow) due to putting non-treeshakable code only needed for implicit flow (not recommended anymore) into an lib of its own (see breaking change, below)
- New demo-project quickstart-demo shows most important aspects for code flow
- Angular 9 upgrade #718, jeroenheijmans
- Fix for issue 661 #720, mike-rivera
- Set userinfoEndpoint if userinfo_endpoint not exists #685, luciimon
- Add more types in OAuthService #684, vadjs
- Fix destroying route via silentRefresh when using hash strategy (Issue 277) #672, tpeter1985
- Clean up more resources in ngOnDestroy #666, Andreas-Hjortland
- Fix positioning of popup login window #664, Andreas-Hjortland
- Fixed not using config.openUri in code flow #660, axle-h
- Merge pull request #656 from dirkbolte/improve-error-for-missing-endpointUrl, dirkbolte
- Add more guides on another way to use loadDiscoveryDocumentAndTryLogin #648, jonyeezs
- Added popup related error handling for implicit grant, dekundu
- Support hash location strategy with code flow #634, gingters
- Unsubscribe from 'token_received' events before re-subscribing #630, l1b3r
- Correct implementation of rfc7636 section 4.1 #629, jfyne
- During session check, ignore messages with irrelevant origin #617, Maximaximum
- Allow clockSkewInSec to be different from 600 #615, vdveer
- Fixing disableAtHashCheck, not being recognized correctly #613, dorianweidler
- Add support for code flow silent-refresh and popup #609, KevinCathcart
- Always set expiration timers for valid token types #597, harmpauw
- Validate self when calling crypto provider #588, ryanmwright
- Removed duplicated condition for allowedUrls during interceptor logic and make it optional #584, adrianbenjuya
- Add CryptoHandler to public api. #583, Chris3773
Big Thanks to all Contributers
adrianbenjuya, Andreas-Hjortland, axle-h, Chris3773, dekundu, dirkbolte, dorianweidler, gingters, harmpauw, jeroenheijmans, jfyne, jonyeezs, KevinCathcart, l1b3r, luciimon, Maximaximum, mike-rivera, ryanmwright, tpeter1985, vadjs, vdveer
Also, big thanks to jeroenheijmans for doing an awesome job with moderating and analyzing the issues.
You all rock!
Resolved Bugs
- AutoSilentRefresh doesn't work after refresh the page bug #444
- Event type 'received_first_token' is never fired bug #564
- loadUserProfile will return roles of last user if current user has no roles assigned bug investigation-needed #580
- OAuthResourceServerConfig: customUrlValidation not used when allowedUrls not set bug future-version pr-welcome #593
- Url Helper Service should not discard question marks when parsing hash fragment bug investigation-needed #604
- Code Flow erroring out due to multipe expiry events bug pr-welcome #632
- Emit token_expires if token has already expired bug #637
- Unhandled Promise rejection: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document bug #641
- postMessage interfering issue bug #657
- Does Authorization Code Flow work with loadDiscoveryDocumentAndLogin(); bug #661
- Refresh timer not started after page reload bug investigation-needed #683
- refresh with code flow bug #688
- Debug mode with custom Logger breaks bug pr-welcome #709
- tryLoginCodeFlow Removing ? from URL Which is Invalid bug investigation-needed
Breaking Changes
With regards to tree shaking, beginning with version 9, the JwksValidationHandler
has been moved to a library of its own. If you need it for implementing implicit flow, please install it using npm:
npm i angular-oauth2-oidc-jwks --save
After that, you can import it into your application by using this:
import { JwksValidationHandler } from 'angular-oauth2-oidc-jwks';
instead of that:
import { JwksValidationHandler } from 'angular-oauth2-oidc';
Please note, that this dependency is not needed for the code flow, which is nowadays the recommended flow for single page applications. This also results in smaller bundle sizes.