v2.2.1

Fixes

• return undefined from getValidatedIdTokenClaims as documented (678b12d)

v2.2.0

Features

• allow the client's assumed current time to be adjusted (5051a5d), closes #49 #50

// client's local clock is mistakenly 1 hour in the past
const client: oauth.Client = {
  client_id: 'abc4ba37-4ab8-49b5-99d4-9441ba35d428',
  // ... other metadata
  [oauth.clockSkew]: +(60 * 60),
}

// client's local clock is mistakenly 1 hour in the future
const client: oauth.Client = {
  client_id: 'abc4ba37-4ab8-49b5-99d4-9441ba35d428',
  // ... other metadata
  [oauth.clockSkew]: -(60 * 60),
}

• allow the client's DateTime claims tolerance to be adjusted (3936a56), closes #49 #50

// Tolerate 30 seconds clock skew when validating JWT claims like `exp` or `nbf`.
const client: oauth.Client = {
client_id: 'abc4ba37-4ab8-49b5-99d4-9441ba35d428',
  // ... other metadata
  [oauth.clockTolerance]: 30,
}

v2.1.0

Features

• add more asymmetric JWS algorithms (af43ec7)

v2.0.6

Fixes

• build: fixup user agent version after version bump (e1c3ed8)

v2.0.5

This release contains only code refactoring and documentation updates.

v2.0.4

Refactor

• weak maps instead of symbols (e551edc)

v2.0.3

Fixes

• omit zealous response cloning() to reduce edge compute memory bills (a785223), closes #37

v2.0.1

Fixes

• claims parameter encoding in issued request objects (3eb165a)

Performance

• cache public DPoP CryptoKey's JWK representation for re-use (2858d06)

v2.0.0

⚠ BREAKING CHANGES

• Use the TLS server validation in processAuthorizationCodeOpenIDResponse to validate the issuer instead of checking the ID Token's signature. The function's options argument was removed.
• Use the TLS server validation in processDeviceCodeResponse to validate the issuer instead of checking the optional ID Token's signature. The function's options argument was removed.
• Use the TLS server validation in processIntrospectionResponse to validate the issuer instead of checking the optional JWT Introspection Response signature. The function's options argument was removed.
• Use the TLS server validation in processRefreshTokenResponse to validate the issuer instead of checking the optional ID Token's signature. The function's options argument was removed.
• Use the TLS server validation in processUserInfoResponse to validate the issuer instead of checking the optional JWT UserInfo Response signature. The function's options argument was removed.
• PAR w/ DPoP no longer automatically adds dpop_jkt to the authorization request.
• Removed calculateJwkThumbprint function export.
• Removed jwksRequest function export.
• Removed processJwksResponse function export.

Refactor

• remove ignored and unused exports (4a545df)
• use TLS server validation instead of jwt signature validations (f728110)

v1.4.1

Refactor

• deno: add mod.ts to deno.land/x (0778278)
• use RsaHashedKeyAlgorithm in checkRsaKeyAlgorithm (94aa31c)