Releases: jasonraimondi/ts-oauth2-server
Releases · jasonraimondi/ts-oauth2-server
v3.3.0 - Custom Grants, JWT iss & aud
719d223
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- feat: support custom grants by @jasonraimondi in #129
- feat: support aud and iss on access tokens by @jasonraimondi in #131
Full Changelog: v3.2.0...v3.3.0
Contributors
jasonraimondi
Assets 2
v3.3.0-alpha.1
177e49b
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
Full Changelog: v3.3.0-alpha.0...v3.3.0-alpha.1
v3.3.0-alpha.0
72f8233
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- feat: support custom grants by @jasonraimondi in #129
- feat: support aud and iss by @jasonraimondi in #131
Full Changelog: v3.2.0...v3.3.0-alpha.0
Contributors
jasonraimondi
Assets 2
v3.2.0 - Support RFC 8693 - OAuth 2.0 Token Exchange
e6e09a7
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- feat: support RFC 8693 token exchange by @jasonraimondi in #112
OAuth 2.0 Token Exchange (RFC 8693)
To enable the token exchange grant, you'll need to provide your own implementation of processTokenExchangeFn. This function should orchestrate the exchange with the required third-party services based on your specific needs.
authorizationServer.enableGrant({
grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
processTokenExchangeFn,
})Thanks to @Jazcash for helping brainstorm and test this feature. Much appreciated 🙏
Full Changelog: v3.1.0...v3.2.0
Contributors
Jazcash and jasonraimondi
Assets 2
v3.1.0
f066b49
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
What's Changed
- feat: support redirect uri with port by @jasonraimondi in #105
- chore(deps): bump semver from 7.5.1 to 7.5.4 in /example by @dependabot in #84
- chore(deps-dev): bump tsup from 6.7.0 to 8.0.1 by @dependabot in #88
- chore(deps-dev): bump postcss from 8.4.24 to 8.4.32 by @dependabot in #87
- chore(deps-dev): bump typescript from 5.1.3 to 5.3.3 by @dependabot in #89
- chore(deps-dev): bump semver from 5.7.1 to 5.7.2 by @dependabot in #86
- chore(deps-dev): bump @babel/traverse from 7.22.4 to 7.23.5 by @dependabot in #85
- chore(deps): bump jsonwebtoken and @types/jsonwebtoken by @dependabot in #94
- chore(deps-dev): bump vitepress from 1.0.0-beta.1 to 1.0.0-rc.34 by @dependabot in #93
- chore(deps-dev): bump @types/body-parser from 1.19.2 to 1.19.5 by @dependabot in #91
- chore(deps-dev): bump fastify from 4.17.0 to 4.25.2 by @dependabot in #92
Full Changelog: v3.0.2...v3.1.0
Contributors
jasonraimondi and dependabot
Assets 2
v3.0.2
ec6b1ab
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
v3.0.1
c0aeb0b
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
v3.0.0
a3d4bb0
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
Notes
- The package is now entirely ESM (ECMAScript Modules), check out Sindre Sorhus's writeup for a better understanding of this change.
- The
AuthorizationServerdefault constructor's parameters have been simplified. - The
AuthorizationServerOptionsdefault configuration values for have been changed. - The
AuthorizationServer.enableGrantType()process to enable grant types has been updated. - The
AuthorizationServer.setOptions()method has been removed. Options should be set during initialization.
Migration
AuthorizationServer Updates
In v2.x, AuthorizationServer constructor required all repositories. In v3.x, it has been simplified.
Before (v2.x):
const authorizationServer = new AuthorizationServer(
authCodeRepository,
clientRepository,
accessTokenRepository,
scopeRepository,
userRepository,
jwtService,
{
requiresS256: false,
tokenCID: "name",
}
);After (v3.x):
const authorizationServer = new AuthorizationServer(
clientRepository,
accessTokenRepository,
scopeRepository,
jwtService,
{
requiresS256: true, // default changed to true
tokenCID: "id", // default changed to "id"
}
);Enabling Grants
In v3, enableGrantType has been updated for the "authorization_code" and "password" grants.
AuthorizationCodeGrant now requires a AuthorizationCodeRepository and a UserRepository.
Before (v2.x):
authorizationServer.enableGrantType("authorization_code");After (v3.x):
authorizationServer.enableGrantType({
grant: "authorization_code",
userRepository,
authorizationCodeRepository,
});PasswordGrant now requires a UserRepository.
Before (v2.x):
authorizationServer.enableGrantType("password");After (v3.x):
authorizationServer.enableGrantType({
grant: "password",
userRepository,
});Callouts
Thanks to @mahmoudzeyada
Full Changelog
Contributors
mahmoudzeyada
Assets 2
v2.6.1
5d724bd
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
Notes
- patch(#74): security upgrade jsonwebtoken from 8.5.1 to 9.0.0 (thank you @Siddhant-K-code)
Full Changelog
Contributors
Siddhant-K-code
Assets 2
v2.6.0
5571a5d
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
Notes
- feat(#62): enable token invalidation by reuse of originating authorization code (thank you @oliverlockwood)
Full Changelog
Contributors
oliverlockwood