@inrupt/solid-client-authn-node - npm Package Versions

2.0.0 - 2023-12-20

Breaking Changes

• Node 16 is no longer supported. The global fetch function is used instead of @inrupt/universal-fetch. This means this library now only works with Node 18 and higher.
• The Session class no longer extends EventEmitter. Instead, it exposes an events attribute implementing EventEmitter. We do not recommend to use Session instance's events attribute as an arbitrary events emitter, and encourage users to only use the supported events and documented API.
• Session methods onLogin, onLogout, onError, onSessionRestore, onSessionExpiration and onNewRefreshToken have been removed. They are replaced by calls to session.events.on, using the appropriate event name.
• Session constructor changes:
  • the onNewRefreshToken parameter is no longer supported. Its usage is replaced by calling session.events.on using the EVENTS.NEW_REFRESH_TOKEN constant as a first parameter, and a callback handling the token as a second parameter.
  • The useEssSession parameter is no longer supported.
• The getClientAuthenticationWithDependencies is no longer exported as part of the public API, and is now internal-only.
• The UMD build of @inrupt/oidc-client-ext is no longer available. Since this is a package only intended to be consumed by @inrupt/solid-client-authn-browser, which doesn't have a UMD build, this change should have no impact.

Build system changes

• Moved from rollup-plugin-typescript2 to @rollup/plugin-typescript. Although this should not be a breaking change, upgrading may require extra attention.

1.17.5 - 2023-11-16

Internal changes

• This refactors how the the node-based end-to-end tests run to make it possible to run them without having playwright installed. This should not impact downstream consumers.

1.17.4 - 2023-11-09

Bugfixes

node

• Support for iss parameter: RFC9207 adds an iss parameter to the callback IRI, and the Node library wasn't removing it before comparing the effective callback URL to the URL used when making the Authorization request.

1.17.3 - 2023-10-10

Bugfixes

browser

• Mismatching redirect URI on refresh: the root cause of the bug was a race condition because of the asynchronous nature of updating the browser URL. The appropriate event is now awaited for, which should prevent the issue from manifesting.

1.17.2 - 2023-09-15

Bugfixes

browser

• Mismatching redirect URI on refresh: this bug was caused by an invalid redirect URL stored with session data. Saving an invalid redirect URL is now prohibited, and in addition the storage of users impacted by this bug will be cleared so that they don't have to do anything manually to clear their local storage. Users affected by this bug will be asked to log back in, as if they logged out.

1.17.1 - 2023-07-15

Bugfixes

• The fetch function is now bound to the window object in all uses within authn-browser

1.17.0 - 2023-07-14

New Feature

• Support for RP-Initiated Logout in Node and Browser libraries.
• ESM support for Node and Browser packages.

1.16.0 - 2023-05-09

New Feature

• Node 20 support

1.15.0 - 2023-04-17

New Feature

• Node 18 support

1.14.0 - 2023-03-23

browser and node

New features

• The Session exposes an events attribute implementing EventEmitter, with type hints to guide which events are supported. It allows to register a callback listening on events using session.events.on, but also to unregister a callback using session.events.off, or to register a one-off callback using session.events.once. This attribute intends at replacing exising Session methods to listen on events, namely onLogin, onLogout, onError, onSessionRestore, onSessionExpiration, onNewRefreshToken.

node

Bugfixes

• The session expiration date was incorrectly computed in the authorization code flow.