express-openid-connect - npm Package Versions

v2.9.0 (2022-10-17)

Full Changelog

Added

• [SDK-3717] Add cookie prop to support more express-session stores #395 (adamjmcgrath)

v2.8.0 (2022-07-20)

Full Changelog

Added

• [SDK-3503] Add *_jwt token endpoint auth methods #376 (adamjmcgrath)

v2.7.3 (2022-06-29)

Full Changelog

Fixed

• discovery errors should be handled in express middleware #371 (adamjmcgrath)
• Allow periods in cookie name #350 (moberegger)

v2.7.2 (2022-03-29)

Full Changelog

Security

• URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect GHSA-7p99-3798-f85c

v2.7.1 (2022-02-24)

Full Changelog

Fixed

• transactionCookie configuration should be optional #338 (BitPatty)

v2.7.0 (2022-02-17)

Full Changelog

Added

• [SDK-3109] Add ability to pass custom logout params #329 (adamjmcgrath)
• [SDK-3111] Add Oauth error props to http error when available #328 (adamjmcgrath)
• [SDK-3110] Allow customising the UA header in client reqs #327 (adamjmcgrath)
• allow configuration of same site attribute on auth_verification cookie #323 (BitPatty)

Changed

• Looser cookie name validation #330 (adamjmcgrath)

v2.6.0 (2022-01-31)

Full Changelog

Added

• Add cross domain iframe support for modern browsers #317 (adamjmcgrath)

v2.5.2 (2021-12-09)

Full Changelog

Security

• Session fixation fix CVE-2021-41246

Fixed

• Fix refresh signature in ts defs #294 (adamjmcgrath)

v2.5.1 (2021-09-28)

Full Changelog

Fixed

• Fix cookie chunking #275 (adamjmcgrath)

2.5.0 (2021-07-14)

Full Changelog

Added

• Add custom session id generation #252 (nholik)
• Add httpTimeout Option #251 (jmacvey)

Fixed

• Chunked cookies should not exceed browser max #237 (davidpatrick)