openid-client
Advanced tools
Changelog
3.0.0 (2019-05-11)
response_type=token
client_secret
value rather then
its SHA digestapplication/jwt
redirect_uri
or response_type
on a client instance. I sympathize and
openid-client will now take these common mistakes and accomodate.#client.authorizationParams()
will now attempt to resolve the redirect_uri
and
response_type
from your client's metadata. If there's only one listed, it will be used
automatically. If there's more, you must continue providing it explicitly.resource
to authorization code or refresh token exchange,
you can now pass those in the actual client methods.@panva/jose
for all things JOSE. As a result of this the minimum required
node version is v12.0.0 and the client will now only function in node.js environments.Issuer.defaultHttpOptions
getter and setter were removed. See documentation customization
section for its replacement.client.CLOCK_TOLERANCE
client property was removed. See documentation customization section for
its replacement.client.authorizationCallback()
has been renamed to client.callback()
tokenset.claims
getter is now a function tokenset.claims()
useRequest
and useGot
methods were removed, with the maintenance mode and inevitable
deprecation of the request
module i've decided to only support got as an http request library.keystore
options argument properties are now called just jwks
.response_type=code
is no longer defaulted to in #client.authorizationUrl()
if your client
instance has multiple response_types
members.===
equality operator is now used for assertions, while unlikely the breaking change is
that should some ID Token claims be correct values but incorrect type, these will start failing now.#client.revoke()
no longer returns or in any way processes the response body as per spec
requirements.