Skip to content

Latest commit

 

History

History
381 lines (212 loc) · 12.2 KB

File metadata and controls

381 lines (212 loc) · 12.2 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog.

9.1.0 — 2026-06-23

Added

Changed

  • Update dependencies

9.0.0 — 2026-06-05

Added

  • Introduce OAuth2Service.addRoute() to expose additional routes next to the OIDC standard ones. May be useful when willing to stub some vendor specific management routes for instance.
  • Add support for Node.js 26

Changed

  • Breaking: No longer support Node.js 20
  • Remove Express as a dependency. Request handlers are now implemented directly on top of Node.js's built-in http/https modules. No impact on the documented API.
  • Update dependencies

8.2.3 — 2026-05-27

Changed

  • Update dependencies

8.2.2 — 2026-02-26

Changed

  • Return state on /endsession redirect (by meesvandongen in #391)
  • Update dependencies

8.2.1 — 2026-01-27

Fixed

  • Allow beforeSigning event to modify typ header property (by AndreasNill in #388)

Changed

  • Update dependencies

8.2.0 — 2025-10-31

Added

  • Export TokenRequestIncomingMessage type to make /token related hooks easier to consume (reported in #355 by kikisaeba)
  • Teach the cli to accept a issuer-url-trailing-slash option (reported in #353 by Valdermeyder)

Changed

  • Update dependencies

8.1.0 — 2025-06-06

Added

  • Export HttpServer and OAuth2Service (reported in #344 by jraoult)

Changed

  • Update dependencies

8.0.1 — 2025-05-28

Fixed

  • Fix crash when running npx oauth2-mock-server --help (reported in #337 by robcresswell)

8.0.0 — 2025-05-18

Fixed

Changed

  • Breaking: No longer support Node.js 18
  • Switched to "Universal" ESM. CommonJS require() usage pattern still supported for Nodejs ^20.19 & ^22.12
  • Add support for Node.js 24
  • Update dependencies

7.2.1 — 2025-04-30

Fixed

  • Fix paths of well known endpoints when issuer ends with a forward slash (reported in #331 by kikisaeba)

Changed

  • Update dependencies

7.2.0 — 2024-11-25

Added

  • Include scope in token for authorization_code and refresh_token grants (by PetrasJaug)
  • Add PKCE support (by tanettrimas)

Changed

  • Update dependencies

7.1.2 — 2024-05-21

Changed

7.1.1 — 2023-10-24

Fixed

  • Be a better citizen in an ECMAScript modules world

7.1.0 — 2023-10-23

Added

  • Add support for "aud" claim in "client_credentials" grants (by kadams54)

Changed

  • Update dependencies

7.0.0 — 2023-10-04

Changed

  • Breaking: No longer support Node.js 16

6.0.1 — 2023-10-03

Security

6.0.0 — 2023-06-19

Changed

  • Breaking: No longer support Node.js 14
  • Fix authorize endpoint compliance (remove scope requirement, make state optional) (by jirutka)
  • Add support for Node.js 20
  • Update dependencies

5.0.2 — 2023-02-20

Security

5.0.1 — 2022-10-04

Security

5.0.0 — 2022-06-27

Changed

  • Breaking: No longer support Node.js 12
  • Add support for Node.js 18

4.3.2 — 2022-06-27

Changed

  • Update dependencies

4.3.1 — 2022-03-29

Security

4.3.0 — 2022-02-01

Added

  • Support the token introspection endpoint (by cfman)

4.2.0 — 2022-01-28

Added

  • Add support for custom endpoint pathnames (by roskh)
  • Teach /token endpoint to support JSON content type (by roskh)

4.1.1 — 2021-11-18

Fixed

  • Fix regression: Prevent unhandled rejected promises when incorrectly invoking the /token endpoint

4.1.0 — 2021-11-15

Added

4.0.0 — 2021-10-25

Added

  • Add /endsession endpoint (by AndTem)
  • Support EdDSA algorithm

Removed

  • Breaking: Drop support for Node.js 10
  • No longer accepts PEM encoded keys
  • No longer supports generating unsigned JWTs

Changed

  • Breaking: Reworked exposed API. Please refer to the migration guide for more information.
  • Add support for Node.js 16

3.2.0 — 2021-08-03

Added

  • Add subject_types_supported OpenID Provider Metadata field (by jjbooth74)

3.1.0 — 2020-11-30

Added

3.0.3 — 2020-11-12

Fixed

  • Fix regression: When adding a key to the KeyStore, do not normalize key "use" value to "sig" when already defined

3.0.2 — 2020-10-29

Added

  • Support Nodejs 14.15 LTS

3.0.1 — 2020-10-23

Fixed

  • Include missing files on pack/publish

3.0.0 — 2020-10-22

Added

  • TypeScript type definitions (#48)

Changed

  • Straightened definitions of optional parameters: null is no longer considered as a non valued parameter value; undefined bears that meaning.

2.0.0 — 2020-10-01

Added

Removed

  • No longer support Node 8

1.5.1 — 2020-04-06

Security

1.5.0 — 2020-01-23

Added

  • Add HTTP request object to OAuth2Service's events
  • Add beforeTokenSigning event to OAuth2Service

1.4.0 — 2020-01-15

Security

Fixed

  • Add missing aud claim under Authorization Code Flow

Added

  • Add CORS support

1.3.3 — 2019-09-25

Security

Changed

  • Update license's legal entity.

1.3.2 — 2019-08-09

Security

1.3.1 — 2019-06-07

Security

1.3.0 — 2019-06-03

Added

  • Add revocation endpoint

1.2.0 — 2019-03-19

Added

  • Add Authorization code grant
  • Add Refresh token grant
  • Add Userinfo endpoint

Security

1.1.0 — 2018-08-02

Added

  • Add Resource Owner Password Credentials grant

Fixed

  • Add missing cache control headers on /token responses

1.0.0 — 2018-08-01

Initial release.