v3.6.0
·
19 commits
to main
since this release
036e5e4
This commit was signed with the committer’s verified signature.
The key has expired.
jasonraimondi
Jason Raimondi
- feat: support token introspection by @jasonraimondi in #148
- feat: token introspection add client credentials auth by @jasonraimondi in #150
- tests: improve adapter test suite and improve responseFromVanilla by @jasonraimondi in #153
- fix: revocation inconsistencies and match oauth spec rfc7009 by @jasonraimondi in #152
- fix: introspect and revoke to spec and return falsey instead of throwing by @jasonraimondi in #154
Whats New
- RFC7662 "OAuth 2.0 Token Introspection" - https://tsoauth2server.com/docs/endpoints/introspect
- RFC7009 "OAuth 2.0 Token Revocation" - https://tsoauth2server.com/docs/endpoints/revoke
new AuthorizationServer(..., {
authenticateIntrospect: false, // Default: false (v3.x), true (v4.x)
authenticateRevoke: false, // Default: false (v3.x), true (v4.x)
})- Default
falsevalues maintain v3.x compatibility, and you must implement your own authentication. - Setting to
trueenables client credentials authentication (v4.x behavior).
Full Changelog: v3.4.1...v3.6.0
Contributors
jasonraimondi