Version 1.18.2

• 2017-12-05 DIFF
• bumped node-jose dependency

Version 1.18.1

• 2017-11-25 DIFF
• fixed the order of several assert.equal calls to swap actual/expected descriptions
• added assertion error messages for passport strategy

Version 1.18.0

• 2017-11-19 DIFF
• added option for the passport strategy to use PKCE
• updated http request library got dependency

Version 1.17.0

• 2017-10-31 DIFF
• now uses client_secret_post as default for Issuer instances that do not support client_secret_basic but do signal support for client_secret_post in their discovery document

Version 1.16.0

• 2017-10-13 DIFF
• added s_hash value validation support for ID Tokens returned by authorization endpoint
• fixed edge cases where valid _hash but from invalid sha-length was accepted

Version 1.15.0

• 2017-09-11 DIFF
• added support for Request Objects encrypted with symmetrical keys
• fixed PBES2 encryption to use client_secret derived symmetrical key instead of its full octet value

Version 1.14.0

• 2017-09-09 DIFF
• added Passport Strategy passReqToCallback option, defaults to false

Version 1.13.0

• 2017-08-24 DIFF
• added an optional keystore argument to Client#fromUri(uri, token, [keystore]) to pass a keystore with private asymmetrical keys
• fixed keystore check during constructor Client#new calls to check that only private asymmetrical keys are added

Version 1.12.1

• 2017-08-11 DIFF
• explicitly specified accepted response type via accept: application/json header
• added state to token_endpoint calls for servers supporting mixup mitigation

Version 1.12.0