v3.3.0

oidc-client-ts v3.3.0 is a minor release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Features:
  • #1924 use BroadcastChannel if no window.opener

thanks to @jcphill

v3.3.0-rc.0

oidc-client-ts v3.3.0-rc.0 is a minor release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Features:
  • #1924 use BroadcastChannel if no window.opener

thanks to @jcphill

v3.2.1

oidc-client-ts v3.2.1 is a bugfix release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Fixes:
  • #1850: userStore should be StateStore instead of WebStorageStateStore
  • #1925: resource owner password credentials flow with oidc scope and no id_token returned will fail sub claim check

thanks to @sebastienlabine, @darkbasic and @sularome

v3.2.0

oidc-client-ts v3.2.0 is a minor release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Fixes:
  • #1702: cannot set Authorization via extraHeaders
  • #1738: allow empty string for client_secret in TokenClient
  • #1803: metadataSeed.authorization_endpoint not prioritized over remote metadata
• Features:
  • #1691: add removeState as an option to processSigninResponse
  • #1817: add raiseEvent parameter to getUser
  • #1818 : add url_state to SignoutRequest

thanks to @ZephireNZ, @ntamotsu, @jgarplind, @waldemarennsaed and @richjyoung

v3.1.0

oidc-client-ts v3.1.0 is a minor release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Fixes:
  • #1666: fix link in docs to issue
  • #1600: updated docs about logger
  • #1589: fix compiler error for target=ES2022
  • #1539: fix small typo in signinCallback doc in UserManager.ts
  • #1504: typo in sample app config
  • #1490: fix the return type of signinCallback
  • #1443: fixes typos in docs
• Features:
  • #1672: make signoutCallback return signout response if request_type is so:r
  • #1626: add popupSignal property to signinPopup and signoutPop
  • #1580: add dpop docs
  • #1569: add dpop nonce support
  • #1457: add extra headers
  • #1461: add demonstrating proof of possession
  • #1430: add global requestTimeoutInSeconds setting
  • #1405: allow using default scopes from authorization server

thanks to @klues, @smujmaiku, @mftruso, @peetck, @dbfr3qs, @mottykohn, @noshiro-pf, @dbfr3qs, @grjan7 and @natergj

v2.4.1

oidc-client-ts 2.4.1 is a bug fix release.

Changelog:

• #1681: return signout response from signoutCallback

thanks to @dopry

v3.1.0-rc.1

oidc-client-ts v3.1.0-rc.1 is a bug fix release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Fixes:
  • #1589: fix compiler error for target=ES2022
• Features:
  • #1580: add dpop docs
  • #1569: add dpop nonce support

thanks to @dbfr3qs

v3.1.0-rc.0

oidc-client-ts v3.1.0-rc.0 is a minor release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Fixes:
  • #1539: fix small typo in signinCallback doc in UserManager.ts
  • #1504: typo in sample app config
  • #1490: fix the return type of signinCallback
  • #1443: fixes typos in docs
• Features:
  • #1457: add extra headers
  • #1461: add demonstrating proof of possession
  • #1430: add global requestTimeoutInSeconds setting
  • #1405: allow using default scopes from authorization server

thanks to @mottykohn, @noshiro-pf, @dbfr3qs, @grjan7 and @natergj

v3.0.1

oidc-client-ts 3.0.1 is a bug fix release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Fixes:
  • #1379: userManager.signoutRedirect not working (by reverting #1342)

v3.0.0

oidc-client-ts 3.0.0 is a major release.

No longer using crypto-js package, but built-in browser crypto.subtle module. Crypto.subtle is available only in secure contexts (HTTPS). Also have a look into the migration info.

Changelog:

• Breaking changes:
  • #275: use native web crypto instead of crypto-js package
  • #1232: improve merge claims behavior
  • #930: drop deprecated settings
  • #1230: update jwt-decode
  • #1231: require node >=18
• Fixes:
  • #1010: make response_mode optional
  • #1242: session change not fired if identity token does not contain a sid claim
  • #1300: explicitly throw an error when crypto.subtle is undefined
  • #1292: docs(authorization-code-grant.md): update broken link
  • #1316: use npm distribution tags for upcoming releases
  • #1313: handle promise in Events.raise
  • #1341: UserManager.events().unload() event is triggered too early on UserManager.signoutRedirect()
• Features:
  • #1250: improve documentation
  • #1291: allow to optionally pass redirect_uri to UserManager.signinSilent when using refresh token
  • #1258: allow to optionally pass extraTokenParams to UserManager.signinSilent when using refresh token
  • #1275: add documentation section about hash-mode routing

thanks to @43081j, @huysentruitw, @marcoreni, @Lyokolux, @MathiasRossen, @tennox and @PSanetra