Releases: inrupt/solid-client-authn-js
Releases · inrupt/solid-client-authn-js
v2.2.0
New Feature
node
- It is now possible to prevent a
Sessionself-refreshing in NodeJS. To do so, a new
parameter is added to the constructor:Session({ keepAlive: false }). This prevents
theSessionsetting a callback to refresh the Access Token before it expires, which
could cause a memory leak in the case of a server-side application with many users.
It also avoids unnecessary requests being sent to the OpenID Provider.
v2.1.0
New Feature
node and browser
- OpenID Providers with multiple JWK in their JWKS are now supported. Thanks to
@pavol-brunclik-compote for the original contribution.
node
- Authorization code flow for statically registered clients is now supported. Statically registered
clients previously defaulted to the Client Credentials flow, it is no longer an assumption.
Bugfix
browser
- Fix non-DPoP bound tokens support in browser: a bug in the handling of non-DPoP-bound tokens was
preventing the auth code grant to complete, with a 401 to the OpenId Provider Token Endpoint
observed on redirect after the user authenticated. It is now possible to do
session.login({/*...*/, tokenType: "Bearer"})and get a successful result.
Contributors
pavol-brunclik-compote
Assets 2
v2.0.0
Breaking Changes
- Node 16 is no longer supported. The global
fetchfunction is used instead of@inrupt/universal-fetch.
This means this library now only works with Node 18 and higher. - The
Sessionclass no longer extendsEventEmitter. Instead, it exposes aneventsattribute implementing
EventEmitter. We do not recommend to useSessioninstance'seventsattribute as an arbitrary events emitter,
and encourage users to only use the supported events and documented API. SessionmethodsonLogin,onLogout,onError,onSessionRestore,onSessionExpirationandonNewRefreshToken
have been removed. They are replaced by calls tosession.events.on, using the appropriate event name.Sessionconstructor changes:- the
onNewRefreshTokenparameter is no longer supported. Its usage is replaced by callingsession.events.on
using theEVENTS.NEW_REFRESH_TOKENconstant as a first parameter, and a callback handling the token as a
second parameter. - The
useEssSessionparameter is no longer supported.
- the
- The
getClientAuthenticationWithDependenciesis no longer exported as part of the public API, and is now internal-only. - The UMD build of
@inrupt/oidc-client-extis no longer available. Since this is a package only intended to be
consumed by@inrupt/solid-client-authn-browser, which doesn't have a UMD build, this change should have no
impact.
Build system changes
- Moved from
rollup-plugin-typescript2to@rollup/plugin-typescript. Although this should not be a breaking change,
upgrading may require extra attention.
v1.17.5
v1.17.4
1.17.3
Bugfixes
browser
- Mismatching redirect URI on refresh: the root cause of the bug was a race
condition because of the asynchronous nature of updating the browser URL. The appropriate event is now awaited for, which should prevent
the issue from manifesting.
browser and node
- JSDoc comments are preserved in emitted files, which gives a better developer experience in IDEs supporting them.
v1.17.2
Bugfixes
browser
- Mismatching redirect URI on refresh: this bug was caused by an invalid redirect URL stored with session data.
Saving an invalid redirect URL is now prohibited, and in addition the storage of users impacted by this bug will be cleared so that they don't have to do anything manually
to clear their local storage. Users affected by this bug will be asked to log back in, as if they logged out.
v1.17.1
v1.17.0
New Features
- Support for RP-Initiated Logout in Node and Browser libraries.
- ESM support for Node and Browser packages.