Releases: appirio-tech/tc-core-library-js
v3.0.1
v2.6.8
v2.6.3.1
Parse email from custom claims - "new auth" changes
Merge pull request #30 from appirio-tech/dev
parse email from custom claim ("new auth")
Showing full error while accessing m2m token
Merge pull request #28 from appirio-tech/dev printing whole response body if any error occured while fetching m2m token
AzpHash support for M2M
For m2m - this field 'azpHash' will give the integer value 'azp'. In case of Machine To Machine (m2m) JWT token, 'azp' filed means - "Authorized party - the party to which the ID Token was issued".
Dependencies security vulnerabilities fixing.
RS256 key caching bug fix
There was following error logged in Cloudwatch (at 2019-06-12 07:00:00(UTC +00:00))-
Error: Invalid Token.Error: getaddrinfo EMFILE topcoder.auth0.com:443
at jwksClients.(anonymous function).getSigningKey (/opt/app/node_modules/tc-core-library-js/lib/auth/verifier.js:44:28)
Current fix (PR #19) will prevent multiple calls to Auth0 server for fetching public signing key to verify m2m token by caching locally.
Extension of v2.6
Lib changes for vulnerability issue (PR - #18).
Other features and behaviors are same as v2.6.
M2M token storage off-boarding
A proxy Auth0 server implemented through AWS lambda, which store the token in Redis cache. Following features covered -
- Using AWS Redis for off-board storage.
- The service only renew the token with Auth0 when the old token expires (and not just because it restarted).
- Multiple instances of the same service are able to use the same token.
- All the local token cache time is aligned with actual token expire time so NO need to provide TOKEN_CACHE_TIME explicitly
M2M enhancement and security fixes
Created from 'master' branch.