Skip to content

v4.0.0
Compare
Choose a tag to compare
@jasonraimondi jasonraimondi released this 12 Aug 02:17
· 12 commits to main since this release
v4.0.0
cfe994b
This commit was signed with the committer’s verified signature. The key has expired.
jasonraimondi Jason Raimondi
GPG key ID: F1C480ABB9E74720
Expired
Learn about vigilant mode.

Changes

There is one small breaking change for users implementing /revoke or /introspect`. And one minor, not technically breaking, but change in defaults.

(breaking) - The /revoke and /introspect endpoints will now authenticate via client_credentials by default

Before (v3.x):

new AuthorizationServer(..., {
  authenticateIntrospect: false, // default was false in 3.x
  authenticateRevoke: false,     // default was false in 3.x
})

After (v4.x):

const auth = new AuthorizationServer(..., {
  authenticateIntrospect: true, // set to false to match 3.x
  authenticateRevoke: true,     // set to false to match 3.x
})

(not-breaking, but a change) - The AuthorizationServer now enables by "client_credentials" and "refresh_token" by default.

Before (v3.x):

authorizationServer.enableGrant("client_credentials")
authorizationServer.enableGrant("revoke_token")

After (v4.x):

authorizationServer.enableGrant("client_credentials") // no longer necessary
authorizationServer.enableGrant("revoke_token") // no longer necessary

// but if you want to tweak the token length of either of these grants, you can 
authorizationServer.enableGrant(["client_credentials", new DateInterval("6h")])

Full Changelog: v3.6.0...v4.0.0

Assets 2
Loading