Releases: panva/node-openid-client
Releases · panva/node-openid-client
v5.0.0
⚠ BREAKING CHANGES
- The 'query' way of passing access token to userinfo was removed.
- Access Token is now asserted to be present for userinfo and requestResource calls.
- The registry export was removed.
- FAPIClient is renamed to FAPI1Client
- FAPI1Client has default algorithms set to PS256 rather than RS256
- FAPI1Client has default tls_client_certificate_bound_access_tokens set to true
- FAPI1Client has default response_types set to
id_token codeand grant_types accordingly - FAPI1Client has no token_endpoint_auth_method set, one must be set explicitly
- Client methods
unpackAggregatedClaimsandfetchDistributedClaimswere removed with no replacement. - DPoP option inputs must be a private crypto.KeyObject or a valid crypto.createPrivateKey input.
- Issuer.prototype.keystore is now private API
- HTTP(S) request customization now only recognizes the following options 'agent', 'ca', 'cert', 'crl', 'headers', 'key', 'lookup', 'passphrase', 'pfx', and 'timeout'. These are standard node http/https module request options, got-library specific options such as 'followRedirect', 'retry', or 'throwHttpErrors' are no longer recognized.
- The arguments inside individual HTTP request customization changed, first argument is now an instance of URL, the http request options object is passed in as a second argument.
- The
responseproperty attached to some RPError or OPError instances is now an instance of http.IncomingMessage. Its body is available on itsbodyproperty as either JSON if it could be parsed, or a Buffer if it failed to pass as JSON. - Drop support for Node.js v10.x
- Only Node.js LTS releases Codename Erbium (^12.19.0) and newer are supported. Currently this means ^12.19.0 (Erbium), ^14.15.0 (Fermium), and ^16.13.0 (Gallium).
- Issuer.discover will no longer attempt to load
/.well-known/oauth-authorization-server. To load such discovery documents pass full well-known URL to Issuer.discover.
Refactor
- DPoP input must be a private KeyObject or valid crypto.createPrivateKey input (d69af6f)
- FAPIClient is renamed to FAPI1Client (59a4e73)
- Issuer.prototype.keystore is now private API (0c23248)
- only use the native http(s) client (83376ac)
- remove automatic lookup of /.well-known/oauth-authorization-server (fc87d2b)
- remove client.unpackAggregatedClaims and client.fetchDistributedClaims (b7f261f)
- remove Registry public API export (6b91d58)
- remove the 'query' option for userinfo, assert access token (eb9d139)
- update Node.js semver support matrix (8b3044e)