Skip to content

v0.7.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 May 12:07
· 15 commits to main since this release
v0.7.0
b2f0d94
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Minor Changes

  • #208 c59c37b Thanks @mattzcarey! - Experimentally support MCP Enterprise-Managed Authorization ID-JAG assertions through the JWT bearer grant.

  • #206 13ff269 Thanks @itsandy-canva! - Expose grantId to tokenExchangeCallback via TokenExchangeCallbackOptions.

    Implementations of tokenExchangeCallback already received userId and
    clientId, but had no way to identify which specific grant the library was
    operating on. This made it impossible to surgically revoke a single grant from
    the callback (e.g. on a terminal upstream refresh failure) — implementations had
    to either sweep all grants for a (userId, clientId) pair (racy under
    concurrent refreshes) or maintain their own out-of-band mapping.

    grantId is now provided alongside userId so callbacks can pass them
    directly to OAuthHelpers.revokeGrant. Populated for all three grant types
    (authorization_code, refresh_token, token_exchange). Stable across
    refreshes for the lifetime of the grant.

Assets 2
Loading