v1.4.4 (2023-10-30)
Security
- bump axios to latest version #176 (frederikprijck)
v1.4.3 (2022-08-16)
Fixed
- Add missing commas so that "use strict" works #161 (jimrandomh)
v1.4.2 (2022-01-19)
Fixed Upgrade axios from 0.21.4 to 0.22.0 #149 (snyk-bot)
v1.4.1 (2021-10-13)
Changed Replace request with axios #144 (frederikprijck)
v1.4.0 (2020-10-22)
Added Adding support for extra params to authorizeParams #131 (alexbjorlig)
Security Bump lodash from 4.17.15 to 4.17.20 #129
Fixed Fix to not override option values with defaults. #127 (kierans)
v1.3.3 (2020-06-05)
Closed issues
- Having a session is now required#107
Fixed
- Allow sessionless authentication #120 (davidpatrick)
Security
- Fixed dependency vulnerability in Mocha #121 (davidpatrick)
v1.3.2 (2020-02-03)
Closed issues
- 1.2.1 -> 1.3.1 upgrade causes "Cannot read property 'scope' of undefined" #107
- TypeError: Cannot read property 'authParams' of undefined #106
- Cannot read property 'split' of undefined in Profile.js with GSuite login #105
Fixed
- Remove ID token
iatvalue check #109 (joshcanhelp) - Fix missing ID causing cannot read error #109 (joshcanhelp)
- Guard against undefined parameter access #108 (pihvi)
v1.3.1 (2019-12-06)
Closed issues
- the userProfile does not have 'provider' field correctly populated. #102
- Social login breaks when account name contains utf-8 characters. #100
- Strategy does not work on Restify #96
Fixed
- Parses provider from user_id if identities is not provided. #103 (kertof)
- Fix decoding jwt when encoded payload contains utf8 characters #101 (abelptvts)
v1.3.0 (2019-11-19)
Added
- Improved OIDC compliance #97 (davidpatrick)
Security
- Update
lodashpackage to address security vulnerabilities #94 (https://github.com/is2ei) - Update
requestpackage to address security vulnerabilities with dependencycryptiles#98 (davidpatrick)
v1.2.1 (2019-08-12)
Closed issues
- Strategy constructor mutates options argument #91
- Infinite redirect loop, "Invalid authorization request state." #89
- could I use cookie-session instead of express-session? #87
Fixed
- Fix strategy constructor to not mutate options argument #92 (naptowncode)
v1.2.0 (2019-07-31)
Closed issues
- Not obvious how to style lock on redirect #74
- Auth0 state parameter not always passed through #73
- Allow for different grant types #72
- Use native Object.assign instead of xtend #67
- state parameter default to true #65
- Custom Claims? #64
- Auth0Strategy vs OAuth2Strategy #61
- logout problems #59
- What is the point of this line? #56
- Custom User Store vs Auth0 Database #54
- Setting a proxy #50
- Document how to access the "state" parameter #40
- Incompatible with Lock for Web's responseMode option #39
- Return to same page after login? #38
- refreshToken is always null #36
- JWT Token #30
- Specify JWT scope #29
- Rule Errors do not propagate #28
Added
- Add telemetry #85 (joshcanhelp)
- Add information on ID token scopes to README #83 (joshcanhelp)
- Add support for acr_values #78 (federicobarera)
- Add support for
connection_scopeoption #75 (GertSallaerts)
Changed
- Replace xtend with Object.assign #84 (joshcanhelp)
Security