Socket
Socket
Sign inDemoInstall

oauth4webapi

Package Overview
Dependencies
Maintainers
0
Versions
45
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

oauth4webapi - npm Package Versions

1235

2.2.1

Diff
panva
 published 2.2.1 •

Changelog

Source

2.2.1 (2023-04-13)

Fixes

  • return undefined from getValidatedIdTokenClaims as documented (678b12d)

2.2.0

Diff
panva
 published 2.2.0 •

Changelog

Source

2.2.0 (2023-03-10)

Features

  • allow the client's assumed current time to be adjusted (5051a5d), closes #49 #50
  • allow the client's DateTime claims tolerance to be adjusted (3936a56), closes #49 #50

2.1.0

Diff
panva
 published 2.1.0 •

Changelog

Source

2.1.0 (2023-02-09)

Features

  • add more asymmetric JWS algorithms (af43ec7)

2.0.6

Diff
panva
 published 2.0.6 •

Changelog

Source

2.0.6 (2022-12-16)

Fixes

  • build: fixup user agent version after version bump (e1c3ed8)

2.0.5

Diff
panva
 published 2.0.5 •

Changelog

Source

2.0.5 (2022-12-11)

2.0.4

Diff
panva
 published 2.0.4 •

Changelog

Source

2.0.4 (2022-11-27)

Refactor

  • weak maps instead of symbols (e551edc)

2.0.3

Diff
panva
 published 2.0.3 •

Changelog

Source

2.0.3 (2022-11-25)

Fixes

  • omit zealous response cloning() to reduce edge compute memory bills (a785223), closes #37

2.0.2

Diff
panva
 published 2.0.2 •

2.0.1

Diff
panva
 published 2.0.1 •

Changelog

Source

2.0.1 (2022-11-21)

Fixes

  • claims parameter encoding in issued request objects (3eb165a)

Performance

  • cache public DPoP CryptoKey's JWK representation for re-use (2858d06)

2.0.0

Diff
panva
 published 2.0.0 •

Changelog

Source

2.0.0 (2022-11-20)

⚠ BREAKING CHANGES

  • Use the TLS server validation in processAuthorizationCodeOpenIDResponse to validate the issuer instead of checking the ID Token's signature. The function's options argument was removed.
  • Use the TLS server validation in processDeviceCodeResponse to validate the issuer instead of checking the optional ID Token's signature. The function's options argument was removed.
  • Use the TLS server validation in processIntrospectionResponse to validate the issuer instead of checking the optional JWT Introspection Response signature. The function's options argument was removed.
  • Use the TLS server validation in processRefreshTokenResponse to validate the issuer instead of checking the optional ID Token's signature. The function's options argument was removed.
  • Use the TLS server validation in processUserInfoResponse to validate the issuer instead of checking the optional JWT UserInfo Response signature. The function's options argument was removed.
  • PAR w/ DPoP no longer automatically adds dpop_jkt to the authorization request.
  • Removed calculateJwkThumbprint function export.
  • Removed jwksRequest function export.
  • Removed processJwksResponse function export.

Refactor

  • remove ignored and unused exports (4a545df)
  • use TLS server validation instead of jwt signature validations (f728110)
1235
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc