v4.0.10

chore: output comments in build files for jsdoc editor assistance

Full Changelog: v4.0.9...v4.0.10

v4.0.8

What's Changed

• docs: add jsdocs to public methods by @jasonraimondi
• docs: clarify token expiry settings and DateInterval usage by @jasonraimondi in #178

Full Changelog: v4.0.7...v4.0.8

v4.0.7

What's Changed

• Fix missing extraJwtFields in access tokens obtained though refresh_token grant flow by @gamedevsam in #170

Full Changelog: v4.0.6...v4.0.7

v4.0.6

What's Changed

• Vanilla adapter: parse urlencoded by @benmerckx in #169

New Contributors

• @benmerckx made their first contribution in #169

Full Changelog: v4.0.5...v4.0.6

v4.0.5

What's Changed

• fix: allow empty client secrets in basic auth by @jasonraimondi in #168

Full Changelog: v4.0.4...v4.0.5

v4.0.4

What's Changed

• Fix Fastify redirect logic when using NestJS by @gamedevsam in #165
• chore(deps-dev): bump vite from 5.3.2 to 5.4.15 by @dependabot in #162
• chore(deps-dev): bump vitest from 1.6.0 to 1.6.1 by @dependabot in #161

New Contributors

• @gamedevsam @sbatista-visor made their first contribution in #165

Full Changelog: v4.0.3...v4.0.4

v4.0.3

What's Changed

• fix: call finalize scopes in client credentials and refresh token by @jasonraimondi in #160
• docs(fix): incorrect identifier authorizationCodeRepository by @wxh06 in #158
• docs(fix): update incorrect method description for scope finalize by @jasonraimondi in #160

New Contributors

• @wxh06 made their first contribution in #158
• @saevarb made their first bug report in #159

Full Changelog: v4.0.2...v4.0.3

v4.0.2

What's Changed

• feat: export error helper isOAuthError in d3f1d8d
• docs: add nuxt adapter indocs by @devcui in #157

New Contributors

• @devcui made their first contribution in #157

Full Changelog: v4.0.1...v4.0.2

v4.0.1

• fix: express adapter status method causing build errors

Full Changelog: v4.0.0...v4.0.1

v4.0.0

Changes

There is one small breaking change for users implementing /revoke or /introspect`. And one minor, not technically breaking, but change in defaults.

---

(breaking) - The /revoke and /introspect endpoints will now authenticate via client_credentials by default

Before (v3.x):

new AuthorizationServer(..., {
  authenticateIntrospect: false, // default was false in 3.x
  authenticateRevoke: false,     // default was false in 3.x
})

After (v4.x):

const auth = new AuthorizationServer(..., {
  authenticateIntrospect: true, // set to false to match 3.x
  authenticateRevoke: true,     // set to false to match 3.x
})

---

(not-breaking, but a change) - The AuthorizationServer now enables by "client_credentials" and "refresh_token" by default.

Before (v3.x):

authorizationServer.enableGrant("client_credentials")
authorizationServer.enableGrant("revoke_token")

After (v4.x):

authorizationServer.enableGrant("client_credentials") // no longer necessary
authorizationServer.enableGrant("revoke_token") // no longer necessary

// but if you want to tweak the token length of either of these grants, you can 
authorizationServer.enableGrant(["client_credentials", new DateInterval("6h")])

---

Full Changelog: v3.6.0...v4.0.0