2022-04-18 14.0.0

In this version the APP_INITIALIZER was removed. (See PR). The library will not do anything until the application interact with it. There is no pre-loading of anything and it does not affect your application's bootstrapping process at all. You can however explicitly preload the secure token server well-known endpoints with a new method called preloadAuthWellKnownDocument(). As a side effect because the config has to be loaded first, a lot of APIs become reactive and return an Observable now.

See the migration guide.

• refresh token rotation is now optional and can be activated using allowUnsafeReuseRefreshToken
  • PR
• Fixed getUrlParameter's handling of fragment response
  • PR
• isLoading observable in OidcSecurityService
  • PR
• Add redirectUrl customization (via AuthOptions)
  • PR
• Fix: implicit flow in popup window error (fixes #1385)
  • PR
• Enhancement: Improved abstract services
  • PR
• Remove double quotes in info messages
  • PR
• Enhancement: Added auth result
  • PR

2021-12-01 13.1.0

• Using window.crypto for jwt signature validation
• Removed jsrsasign dependency
  • PR

2021-11-19 13.0.0

• Update to Angular 13 and rxjs 7

2021-08-17 12.0.3

• docs(guards): use UrlTree for redirect, clean up
  • PR
• fixing storage mechanism
  • PR
• Additional logging when a nonce is created and validated
  • PR

2021-07-20 12.0.2

• Added fix overwriting prompt param
  • PR
• Unclear error message when providing improper config to module
  • PR
• added multiple configs documentation
  • PR
• Expose PopupService and PopupOptions as public
  • PR
• Support end session for Auth0 (non conform OIDC endpoint)
  • PR

2021-07-06 12.0.1

• Fix #1168 userInfoEndpoint Typo

2021-07-04 Version 12.0.0

• Configuration via forRoot(...) method

  • Issue | PR

• Remove the "AuthorizedState" enum in Version 12

  • Issue | PR

• Use a different key than redirect to store redirect route when using autologin

  • Issue | PR

• Returnvalue of loginwithpopup and login should be the same

  • Issue | PR

• How to provide client id during logoff

  • Issue | PR

• urlHandler callback function parameter in LogoffRevocationService.logoff does nothing

  • Issue | PR

• Convert all instances of "Authorized" to "Authenticated"

  • Issue | PR

• Support for multiple APIs with unique scopes

  • Issue | PR

• Multiple access tokens for the same client_id but different scopes

  • Issue | PR

• Is there a silent renew event？

  • Issue | PR

• Angular 12 Support

  • Issue | PR

• Add configuration to disable or enable id_token expired check

  • Issue | PR

• Support for Azure B2C multiple policies

  • Issue | PR

• Improve AutoLoginSample

  • Issue | PR

• Accessing AuthResult response object

  • Issue | PR

• Rename stsServer configuration parameter to authority

  • Issue | PR

• Only one returntype (object) when subscribing to isAuthenticated and user data to avoid confusion.

  • Issue | PR

2021-06-12 Version 11.6.11

• Silent renew does not always start
  • PR

2021-05-28 Version 11.6.10

• AutoLoginGuard appears to cause some sort of infinite loop.
  • PR

2021-05-16 Version 11.6.9

• Support Custom Params for EndSession and RefreshTokens Renew
  • PR
• Added Auth0 example
• Bugfix: the "use" attr on the jwks key is optional if only one key is present
  • PR