Releases: inrupt/solid-client-authn-js
Releases · inrupt/solid-client-authn-js
v2.2.0
New Feature
node
- It is now possible to prevent a
Session
self-refreshing in NodeJS. To do so, a new
parameter is added to the constructor:Session({ keepAlive: false })
. This prevents
theSession
setting a callback to refresh the Access Token before it expires, which
could cause a memory leak in the case of a server-side application with many users.
It also avoids unnecessary requests being sent to the OpenID Provider.
v2.1.0
New Feature
node and browser
- OpenID Providers with multiple JWK in their JWKS are now supported. Thanks to
@pavol-brunclik-compote for the original contribution.
node
- Authorization code flow for statically registered clients is now supported. Statically registered
clients previously defaulted to the Client Credentials flow, it is no longer an assumption.
Bugfix
browser
- Fix non-DPoP bound tokens support in browser: a bug in the handling of non-DPoP-bound tokens was
preventing the auth code grant to complete, with a 401 to the OpenId Provider Token Endpoint
observed on redirect after the user authenticated. It is now possible to do
session.login({/*...*/, tokenType: "Bearer"})
and get a successful result.
v2.0.0
Breaking Changes
- Node 16 is no longer supported. The global
fetch
function is used instead of@inrupt/universal-fetch
.
This means this library now only works with Node 18 and higher. - The
Session
class no longer extendsEventEmitter
. Instead, it exposes anevents
attribute implementing
EventEmitter
. We do not recommend to useSession
instance'sevents
attribute as an arbitrary events emitter,
and encourage users to only use the supported events and documented API. Session
methodsonLogin
,onLogout
,onError
,onSessionRestore
,onSessionExpiration
andonNewRefreshToken
have been removed. They are replaced by calls tosession.events.on
, using the appropriate event name.Session
constructor changes:- the
onNewRefreshToken
parameter is no longer supported. Its usage is replaced by callingsession.events.on
using theEVENTS.NEW_REFRESH_TOKEN
constant as a first parameter, and a callback handling the token as a
second parameter. - The
useEssSession
parameter is no longer supported.
- the
- The
getClientAuthenticationWithDependencies
is no longer exported as part of the public API, and is now internal-only. - The UMD build of
@inrupt/oidc-client-ext
is no longer available. Since this is a package only intended to be
consumed by@inrupt/solid-client-authn-browser
, which doesn't have a UMD build, this change should have no
impact.
Build system changes
- Moved from
rollup-plugin-typescript2
to@rollup/plugin-typescript
. Although this should not be a breaking change,
upgrading may require extra attention.
v1.17.5
v1.17.4
1.17.3
Bugfixes
browser
- Mismatching redirect URI on refresh: the root cause of the bug was a race
condition because of the asynchronous nature of updating the browser URL. The appropriate event is now awaited for, which should prevent
the issue from manifesting.
browser and node
- JSDoc comments are preserved in emitted files, which gives a better developer experience in IDEs supporting them.
v1.17.2
Bugfixes
browser
- Mismatching redirect URI on refresh: this bug was caused by an invalid redirect URL stored with session data.
Saving an invalid redirect URL is now prohibited, and in addition the storage of users impacted by this bug will be cleared so that they don't have to do anything manually
to clear their local storage. Users affected by this bug will be asked to log back in, as if they logged out.
v1.17.1
v1.17.0
New Features
- Support for RP-Initiated Logout in Node and Browser libraries.
- ESM support for Node and Browser packages.