Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

oidc-provider

Package Overview
Dependencies
Maintainers
1
Versions
339
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

oidc-provider - npm Package Versions

23
34

8.5.3

Diff

Changelog

Source

8.5.3 (2024-11-05)

Fixes

  • normalize single string set-cookie headers (6effeed)
panva
published 8.5.2 •

Changelog

Source

8.5.2 (2024-10-19)

Refactor

  • remove use of node:url in favour of WHATWG URL (0dc59a1)

Documentation

panva
published 8.5.1 •

Changelog

Source

8.5.1 (2024-07-03)

Documentation

Refactor

  • build: export Provider also as a named export (083c7c4)
panva
published 8.5.0 •

Changelog

Source

8.5.0 (2024-06-28)

Features

  • add a Client static validate() method (d1f7d73)
  • add a helper allowing custom claims parameter validations (ec2a1f5)
  • add experimental support for RFC9396 - Rich Authorization Requests (e9fb573)
  • add response_modes client metadata allow list (76f9af0)
  • allow extraParams to define validations for extra parameters (b7d3322)
  • DPoP: add a setting to disable DPoP Proof Replay Detection (2744fc8)
  • DPoP: send a dpop-nonce when the proof's iat check fails and nonces are configured but not required (1b073c0)
  • FAPI: add FAPI 2.0 profile behaviours (5212609)
  • JAR: add a helper allowing custom JWT claim and header validations (be9242a)
  • PAR: add a setting to allow use of unregistered redirect_uri values (a7e73fa)
  • update Web Message Response Mode and remove its Relay Mode (a91add8)

Fixes

  • DPoP,mTLS: reject client configuration in which binding is required but response types include an implicit token response (cd7e0f4)

Refactor

  • deprecate FAPI 1.0 ID2, lax request objects, plain PKCE (3e8a784)
  • don't use overwrite cookie option by default (dfbcb94)
  • DPoP: move the accepted timespan into a constant (a8e8006)
  • DPoP: omit sending the dpop-nonce header if the existing one used is fresh (4d635e2)
  • ensure param-assigned max_age from client.defaultMaxAge is a string (0c52469)
  • FAPI: deprecate FAPI profile hardcoded PKCE checks (56641ec)
  • JAR: authorization requests with JAR now require a client_id parameter (9131cd5)
  • JAR: Request Objects are no longer checked for one time use (18efa70)
  • PAR: consume PAR after user interactions instead of before (53babe6)
  • store claims value parsed in non-JAR PAR (9cd865b)
  • use invalid_request instead of unauthorized_client (7947d87)
panva
published 8.4.7 •

Changelog

Source

8.4.7 (2024-06-20)

Fixes

  • include ID Token auth_time when client's default_max_age is zero (bebda04)
panva
published 8.4.6 •

Changelog

Source

8.4.6 (2024-04-23)

Documentation

  • adds events and debugging recipe (#1246) (0bf7696)
  • fix client_secret_basic special characters encoding example (73baae1)
  • re-run update docs (99cc84a)

Refactor

  • avoid iteration resource iteration in client_credentials (e306640)
  • avoid use of prototype attributes in object-hash (270af1d)
  • use logical or assignment (8f55588)

Fixes

  • ensure each individual resource indicator is a valid URI (d9e1ad2)
panva
published 8.4.5 •

Changelog

Source

8.4.5 (2024-01-17)

Refactor

  • use doc argument in web_message js code (da3198b)

Fixes

  • add missing opening html tags (23997c5)
  • DPoP: mark defaulted dpop_jkt parameter as trusted (ee633f3)
panva
published 8.4.4 •

Changelog

Source

8.4.4 (2024-01-08)

Refactor

  • test decoded basic auth tokens for their VSCHAR pattern (3f86cc0)

Fixes

  • DPoP,PAR,JAR: validate DPoP before invalidating JAR during PAR (ca0f999)
panva
published 8.4.3 •

Changelog

Source

8.4.3 (2023-12-14)

panva
published 8.4.2 •

Changelog

Source

8.4.2 (2023-12-02)

Fixes

  • reject client JSON Web Key Set null value (#1237) (cce6d43)
23
34
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc