Skip to content

v4.0.0

Latest
Latest

Choose a tag to compare

View all tags
@NSeydoux NSeydoux released this 30 Mar 08:40
v4.0.0
0e92414
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Breaking changes

oidc-browser

Note that these changes are unlikely to impact a client application.

  • Replaced @inrupt/oidc-client dependency with oidc-client-ts (^3.5.0), the actively maintained TypeScript successor.
  • Removed re-exports: Version, CordovaPopupNavigator, CordovaIFrameNavigator (no longer available upstream).
  • Changed SigninRequest and OidcClientSettings to type-only exports.

node

  • A new signature was introduced for getSessionFromStorage in release 2.3.0. The legacy signature is
    deprecated, and will be removed with the 4.0.0 major release. Using the more recent API to manage Sessions
    based on the associated tokens should be preferred, as it allows to not rely on in-memory scale, making it
    easier to scale horizontally. Prefer using session.events.on(EVENTS.NEW_TOKENS, ...) to get the tokens, and
    Session.fromTokens to build the Session object.
// Deprecated signature
const session = await getSessionFromStorage(
  sessionId,
  storage,
  onNewRefreshToken,
  refresh,
);
// Replacement signature
const session = await getSessionFromStorage(sessionId, {
  storage,
  onNewRefreshToken,
  refresh,
});
  • The event EVENTS.NEW_REFRESH_TOKEN is being replaced by EVENTS.NEW_TOKENS which returns all the tokens a client
    can store for refreshing a session.

Bugfix

core

  • Fix issue using the library with Bun by adding missing extractable flag to the DPoP keys so that they can be serialized on the
    appropriate events. Thanks to @NoelDeMartin for fixing this issue.

node

  • Sessions built from Session.fromTokens now have a correct expiration time triggering refresh in the fetch. Thanks to @NoelDeMartin for fixing this issue.

browser

  • Fixed an issue where handleIncomingRedirect({ restorePreviousSession: true }) would redirect to the OAuth provider with expired client credentials, causing users to be stuck on an error page. The library now validates client expiration before attempting silent authentication and gracefully falls back to a logged-out state when the client has expired. Thanks to @timgent for the contribution.

What's Changed

Full Changelog: v3.1.1...v4.0.0

Contributors

NoelDeMartin and timgent
Assets 2
Loading