Skip to content

Releases: panva/oauth4webapi

v2.0.4

27 Nov 20:51
@panva panva
v2.0.4
d624860
Compare
Choose a tag to compare
v2.0.4

Refactor

  • weak maps instead of symbols (e551edc)
Assets 2
Loading
0 Join discussion

v2.0.3

25 Nov 08:40
@panva panva
v2.0.3
cf1041b
Compare
Choose a tag to compare
v2.0.3

Fixes

  • omit zealous response cloning() to reduce edge compute memory bills (a785223), closes #37
Assets 2
Loading
0 Join discussion

v2.0.1

21 Nov 11:56
@panva panva
v2.0.1
f274bf9
Compare
Choose a tag to compare
v2.0.1

Fixes

  • claims parameter encoding in issued request objects (3eb165a)

Performance

  • cache public DPoP CryptoKey's JWK representation for re-use (2858d06)
Assets 2
Loading
0 Join discussion

v2.0.0

20 Nov 19:45
@panva panva
v2.0.0
46493b3
Compare
Choose a tag to compare
v2.0.0

⚠ BREAKING CHANGES

  • Use the TLS server validation in processAuthorizationCodeOpenIDResponse to validate the issuer instead of checking the ID Token's signature. The function's options argument was removed.
  • Use the TLS server validation in processDeviceCodeResponse to validate the issuer instead of checking the optional ID Token's signature. The function's options argument was removed.
  • Use the TLS server validation in processIntrospectionResponse to validate the issuer instead of checking the optional JWT Introspection Response signature. The function's options argument was removed.
  • Use the TLS server validation in processRefreshTokenResponse to validate the issuer instead of checking the optional ID Token's signature. The function's options argument was removed.
  • Use the TLS server validation in processUserInfoResponse to validate the issuer instead of checking the optional JWT UserInfo Response signature. The function's options argument was removed.
  • PAR w/ DPoP no longer automatically adds dpop_jkt to the authorization request.
  • Removed calculateJwkThumbprint function export.
  • Removed jwksRequest function export.
  • Removed processJwksResponse function export.

Refactor

  • remove ignored and unused exports (4a545df)
  • use TLS server validation instead of jwt signature validations (f728110)
Assets 2
Loading
0 Join discussion

v1.4.1

20 Nov 18:37
@panva panva
v1.4.1
454f2c8
Compare
Choose a tag to compare
v1.4.1

Refactor

  • deno: add mod.ts to deno.land/x (0778278)
  • use RsaHashedKeyAlgorithm in checkRsaKeyAlgorithm (94aa31c)
Assets 2
Loading
0 Join discussion

v1.4.0

08 Nov 08:51
@panva panva
v1.4.0
00cd52b
Compare
Choose a tag to compare
v1.4.0

Features

  • add bun as a supported runtime (707efd1)
Assets 2
Loading
0 Join discussion

v1.3.0

31 Oct 09:35
@panva panva
v1.3.0
8da6f6c
Compare
Choose a tag to compare
v1.3.0

Features

  • allow to skip JWT signature validation on select responses (44d9114)
Assets 2
Loading
0 Join discussion

v1.2.2

04 Nov 16:34
@panva panva
v1.2.2
2594b2d
Compare
Choose a tag to compare
v1.2.2

Refactor

  • add a type check on AbortSignal (b013fef)
  • align argument and function names in assert functions (8ea65f6)
  • update "as" error messages (3e894f5)
Assets 2
Loading
0 Join discussion

v1.2.1

10 Oct 07:12
@panva panva
v1.2.1
4329195
Compare
Choose a tag to compare
v1.2.1

This release

  • moves the package on npm from @panva/oauth4webapi to just oauth4webapi
  • moves the package on deno.land/x from doauth to oauth4webapi

Otherwise this release contains only code refactoring and documentation updates.

NB: @panva/oauth4webapi had last npm version released and it now simply re-exports oauth4webapi to allow existing consumers to obtain updates within the ^1.2.1 semver range.

Assets 2
Loading
0 Join discussion

v1.2.0

14 Sep 12:51
@panva panva
v1.2.0
8d73e04
Compare
Choose a tag to compare
v1.2.0

Features

  • add experimental EdDSA (Ed25519) JWS algorithm support (f70d4d5)
Assets 2
Loading
0 Join discussion