CHANGELOG.md

4.0.0

Breaking

• #47 - BREAKING CHANGE verifyAccessToken and verifyIdToken no longer return an njwt.Jwt with setters (like setIssuer or setSubject). The resulting jwt is now frozen to prevent manipulation

Features

• #48 - feat: adds getKeysInterceptor option from jwks-rsa

3.2.2

Fixes

• #46 - Upgrades njwt version to 2.0.1 to pull in CVE-2024-34273 resolution

3.2.1

Fixes

• #45 - freezes njwt version

3.2.0

Features

• #41 - adds jwt aud as array support
  • resolves #40

3.1.0

Other

• #37 - upgrades jwks-rsa dependencies

3.0.1

Fixes

• #28 - Fix for deprecated option requestAgentOptions in favor of requestAgent (via jwks-rsa)
  • More info: https://github.com/auth0/node-jwks-rsa/blob/master/CHANGELOG.md#request-agent-options

3.0.0

Breaking Changes

• Increases minimum Node version to 14

Other

• #25
  • Updates njwt and jwks-rsa versions to address security vulnerability in shared sub dependency (jsonwebtoken)
  • Resolves #21

2.6.0

Features

• #12 - Passes requestAgentOptions through to the jwks-rsa library

Fixes

• #8 - Fixes error on jwt.isExpired() invocation

Other

• #11 - Updates njwt dependency to 1.2.0 for security fixes
• #10 - Updates lib.d.ts

2.3.0

Features

• #708 - Adds support for custom JWKS URI when it cannot be constructed from issuer URI

2.2.0

Other

• #1012 Removes @okta/configuration-validation dependency

2.1.0

Other

• #979 - Adds TypeScript type declaration file. Configured eslint and tsd

2.0.1

Other

• #952 - Updates configuration-validation dependency to 1.0.0
• #953 - Fixes security vulnerability in jwks-rsa dependency

2.0.0

Features

• #951 - Adds verifyIdToken()

Breaking Changes

• #951 - Verifier will throw error "No KID specified" if no KID is present in the JWT header

1.0.1

• #935 Updates jwks-rsa version for security fixes

1.0.0

Features

• 9d76c9f - Adds verifications to verifyAccessToken() #481

Fixes

• 2f2d39f - Removes check of client_id from access tokens #477
• 0d5afa7 - Updates dev deps to remove vulns #484

0.0.16

Features

• 213e092 - Added support for an includes operator for assertClaims #436

0.0.15

Fixes

• 7fc3ebf - Pins jkws-rsa at 1.4.0 to work around a dependency problem (see #448 )

0.0.14

Other

• 2945461 - Updates @okta/configuration-validation version.

0.0.13

Features

• 1ae19d1 - Adds configuration validation for issuer and clientId when passed into the verifier.

Other

• 3582f25 - Rely on shared environment configuration from project root.
• c37b9cf - Updates the TCK version to support new integration tests.
• c8b7ab5a - Migrate dependencies to project root utilizing yarn workspaces.
• 6b6aca4 - Migrates mocha tests to jest.
• 0a504a6 - Add note that this library is only for NodeJS