passing null as checks.nonce should not disable it (5120a07)
v5.1.1
Fixes
allow setting timeout to 0 to disable it (32b28b5), closes #443
v5.1.0
Features
support OAuth 2.0 Authorization Server Issuer Identification (fb6a141)
support server-provided DPoP nonces (update DPoP to draft-04) (a84950a)
Fixes
reject oauthCallback when id_token is detected (92ffee5)
typescript: ts-ignore missing AbortSignal global (d975c11), closes #433
v5.0.2
Bug Fixes
explicitly set content-length again (956c34b), closes #420
v5.0.1
Bug Fixes
explicitly set accept: application/json again (89cdbe2)
v5.0.0
⚠ BREAKING CHANGES
The 'query' way of passing access token to userinfo was removed.
Access Token is now asserted to be present for userinfo and requestResource calls.
The registry export was removed.
FAPIClient is renamed to FAPI1Client
FAPI1Client has default algorithms set to PS256 rather than RS256
FAPI1Client has default tls_client_certificate_bound_access_tokens set to true
FAPI1Client has default response_types set to id_token code and grant_types accordingly
FAPI1Client has no token_endpoint_auth_method set, one must be set explicitly
Client methods unpackAggregatedClaims and fetchDistributedClaims were removed with no replacement.
DPoP option inputs must be a private crypto.KeyObject or a valid crypto.createPrivateKey input.
Issuer.prototype.keystore is now private API
HTTP(S) request customization now only recognizes the following options 'agent', 'ca', 'cert', 'crl', 'headers', 'key', 'lookup', 'passphrase', 'pfx', and 'timeout'. These are standard node http/https module request options, got-library specific options such as 'followRedirect', 'retry', or 'throwHttpErrors' are no longer recognized.
The arguments inside individual HTTP request customization changed, first argument is now an instance of URL, the http request options object is passed in as a second argument.
The response property attached to some RPError or OPError instances is now an instance of http.IncomingMessage. Its body is available on its body property as either JSON if it could be parsed, or a Buffer if it failed to pass as JSON.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps openid-client from 4.7.4 to 5.1.2.
Release notes
Sourced from openid-client's releases.
... (truncated)
Changelog
Sourced from openid-client's changelog.
... (truncated)
Commits
ae2e3ff
chore(release): 5.1.25120a07
fix: passing null as checks.nonce should not disable itcba11f2
chore(release): 5.1.132b28b5
fix: allow setting timeout to 0 to disable it5abf728
refactor: substr > slice07be6ee
chore: not everything is a Bug Fix per se, something is just a Fixff046ca
chore(release): 5.1.0a84950a
feat: support server-provided DPoP nonces (update DPoP to draft-04)92ffee5
fix: reject oauthCallback when id_token is detectedfb6a141
feat: support OAuth 2.0 Authorization Server Issuer IdentificationDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)