v2.4.0

Bug Fixes

• OpenIdConnectError also returns session_state (95fae3d)
• stop sending state on the authorisation code token grant (c4c9e50)

Features

• add RP-Initiated Logout URL helper (7c2e030), closes #116

v2.3.1

Bug Fixes

• apply safer, simpler www-authenticate parsing regex (ffce55a)
• only assign Discovery 1.0 defaults when Issuer is discovered (dca60b8)

v2.3.0

Features

• authorization response parameter checking based on response_type (6e0ac57)
• passport strategy automatically checks response REQUIRED params (902eeed)

v2.2.1

• improved discovery support of custom .well-known suffixes
• chores - refactoring, missing tests, cleanup

v2.2.0

• added support for RFC8414 - OAuth 2.0 Authorization Server Metadata discovery
• encrypted_id_token property added to TokenSet instances with the value of the encrypted ID Token value before its decryption

v2.1.1

• fixed handling of bearer endpoint responses with www-authenticate headers only. (#102)

v2.1.0

• node-jose dependency bumped to major ^1.0.0 - fixes A\d{3}GCMKW symmetrical encryption support
• dependency updates

v2.0.4

• fixed circular when serializing OpenIdConnectError
• base64url dependency update

v2.0.3

• base64url dependency replaced with base64-url

v2.0.2

only dependency tree updates