v2.0.1

• fixed client_secret_basic requiring the username and password tokens to be x-www-form-urlencoded
  according to https://tools.ietf.org/html/rfc6749#section-2.3.1
  • NOTE: Although technically a fix, this is a breaking change when used with providers that also
    don't currently follow the standard. A proper way of submitting client_id and client_secret using client_secret_basic is Authorization: base64(formEncode(client_id):formEncode(client_secret)). If your client_id and client_secret does contain special characters that need encoding this does not affect you. If it does, try using client_secret_post instead.

v2.0.0

• dropped support for Node.js v4.x due to its End-of-Life on 2018-04-30
• removed deprecated client#grantAuth
• removed deprecated way of passing keystore directly to Client#register
• removed support for passing client to OpenIDConnectStrategy as single argument, use new Strategy({ client }) instead of new Strategy(client).
• fixed a bug requiring nonce to be passed for response_type=none

v1.20.0

• added documentation for OpenIdConnectError
• added error_uri from IdP responses to OpenIdConnectError instances
• fixed OpenIdConnectError messages to include error_description

v1.19.5

• Issuer.discover now parses the provided URI instead of just inspecting the string. #80

v1.19.4

• fixed edge cases of (and simplified) private id token decryption method

v1.19.3

• fix return values of #authorizationCallback() for response_type=none to resolve a TokenSet

v1.19.2

• fixed authorizationUrl to respect existing issuer authorization_endpoint query parameters

v1.19.1

• adjusted the passport state mismatch related error message to hint developers at a local setup issue