Skip to content

v0.2.3

Choose a tag to compare

View all tags
@github-actions github-actions released this 11 Feb 13:08
· 49 commits to main since this release
v0.2.3
987827e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Patch Changes

  • #117 b2c5877 Thanks @DeanMauro! - Add getOAuthApi helper function to access OAuthHelpers outside of the fetch method. This enables OAuth functionality in worker RPC methods and other entry points.

  • #109 9f118f3 Thanks @bokhi! - fix: path-aware audience validation for RFC 8707 resource indicators. Include request pathname in resourceServer computation for both internal and external token validation. Replace strict equality in audienceMatches() with origin + path-prefix matching on path boundaries. Origin-only audiences (e.g. https://example.com) still match any path (backward compatible). Path-aware audiences (e.g. https://example.com/api) match the exact path and sub-paths (/api/users) but not partial matches (/api-v2).

  • #120 155c410 Thanks @DeanMauro! - Add OAuth 2.0 Token Exchange (RFC 8693) support. Clients can exchange an existing access token for a new one with narrowed scopes, a different audience, or a shorter TTL — without requiring the user to re-authorize. Gated behind the allowTokenExchangeGrant option (default false). Also adds scope downscoping (RFC 6749 Section 3.3) to authorization code and refresh token flows.

Assets 2
Loading