- #434 Preserve existing refresh token when refreshed token doesn't contain a new refresh token
- #440 Update
@hapi/hoekto v11.x to avoid URL clonning issues
- #430 Update
authorizeURLdocs with a custom param example - #421 Fix typo on API.md
- #422 Improve jsdocs
- #409 Remove build badge
- #332 Preserve query params on authorizePath on authorizeURL method
- #341 Rewrite integration tests
- #382 Update eslint parser dependencies
- #390 Add Node 16 to test matrix
- #404 Update
avato v4.x - #405 Update
@hapi/hoekto v10.0.0 - #406 Update
@hapi/wreckto v18.0.0 - #407 Update
@hapi/boomto v10.0.0 - #407 Update
doctocto v2.x - #408 Add Node 18 to test matrix
- #403 Add LinkedIn example
- 340 Accept only options available per grant type
- #403 Drop support for Node 12. Require at least Node 14
- #406 Disable redirects by default
- #387 Add support to configure refreshPath
- #386 Update eslint v8
- #379 Use c8 to collect code coverage
- #356 Update development dependencies
- #355 Add package support info
- #354 Add support for custom http options to access token refresh and revoke operations
- #329 Documentation updates for persistent access token refresh
- #330 Upgrade module to use eslint v7
- #331 Internal module reorganization
- #333 Add template for issues
- #341 Segregate integration tests by responsability area
- #352 Use Node 14 as default runtime version for development. Document support matrix
- #353 Use joi instead of the deprecated @hapi/joi module
- #328 Add support to refresh persistent access tokens
- #326 Remove usage of date-fns production dependency
- #325 Setup volta instead of nvm to handle node versions
- #322 Update acorn version in package-lock file
- #292 #313 Require at least Node 12
- #292 Use private class fields for non-public API's
- #292 Access token
.tokenproperty is now frozen - #318 New public API separating each grant type into it's own submodule
- #321 Rename resource owner credentials module to be accurate
- #292 Upgrade @hapi/hoek to v9 (requires Node 12)
- #292 Upgrade @hapi/joi to v17 (requires Node 12)
- #292 Upgrade @hapi/wreck to v17 (requires Node 12)
- #311 Upgrade nock dev library to v12
- #319 Add Node 14 to test matrix
- #314 Add client credentials token refresh disclaimer
- #317 Fix output documentation for boom errors
- #320 Add complete reference documentation
- #301 Refactor module schema to reuse constants across the codebase
- #302 Extract access token parsing functionality from token class
- #310 #312 Change how date-fns is imported do make it compatible with webpack
- #303 #304 Add more references to API documentation on library README
- #306 Add documentation for URL resolution on host/paths configurations
- #307 Replace travis CI with github actions
- #299 Add support to verify for token expiration with a custom expiration window
- #300 Add support to set the header credentials' encoding mode with
options.credentialsEncodingMode.
- #298 Add support for custom scope separator by using
options.scopeSeparatorconfiguration
- #290 Valid token presence is verified on access token creation
- #290 Valid tokenType presence is verified on
.revokecalls
- #289 Remove dev lodash library from tests
- #285 Update ava test runner to v3
- #287 Update chance-access-token dev library to v2
- #288 Update nyc instrumentation dev library to v15
- #297 Add tests for empty credentials support
- #291 Improve library documentation. Separate API reference from main documentation
- #277 Add support to parse access tokens's expire_at property as UNIX timestamps
- #273 Deprecate unsupported library versions
-
#260 Use @hapi/wreck v15. This version changes how a baseUrl is resolved against a path, affecting how
auth.tokenHost,auth.tokenPath,auth.authorizeHostandauth.authorizePathare resolved when using the.getTokenmethods. See @hapi/wreck breaking changes to better understand potential issues that may arise. -
#260 Use new Node.js WHATWG URL api instead of the legacy url module. This change affects how
auth.authorizeHostandauth.authorizePathare resolved when using theauthorizationCode.authorizeURLmethod. -
#256 Users can override the
grant_typeparameter when performing a token exchange throught the.getTokenmethod. Useful in cases where the auth server uses a value different from the standard. -
#256 Token exchange methods no longer mutate provided arguments
-
#255 Follow up to 20 redirects by default
-
#200 #256 Change default multiple scope encoding from using comma to spaces on all token exchange methods
-
#88 Change JSON response parsing mode from
smarttostrict. Since the OAuth2 specification indicates only JSON responses are valid, any non-JSON response throws an error instead of resolving into a Buffer. Usehttp.json = trueto restore the previous behavior.
-
#270 All token exchange methods now accept an optional argument to override non-essential http options or read parsing options.
-
#268 All token exchange methods can be called without arguments
-
#263 Use @hapi/joi v16. No breaking changes are expected.
- #262 Use files package option instead of .npmignore
- #267 Better document encoding of values for the token exchange process
- #249 Add dropbox usage example
- #254 Upgrade codebase to eslint v6 and airbnb-base-eslint configuration v14
- #253 Upgrade nock to v11
- #252 Use ava instead of mocha as test runner
- #252 Use ava built-in assertions library instead of chai
- #250 Upgrade date-fns library to v2
- #235 Upgrade Joi version to v15 (@hapi/joi)
- #244 Upgrade mocha test runner to v6
- #244 Upgrade nyc to v14
- #244 Upgrade development dependencies to latest version available
- #242 Upgrade debug dependency to v4
- Fix Joi schema missusage
- Fix access token expiration properties omission
- Ignore access token date properties when not available
- Add support to revoke accessToken and refreshToken in a single call with
revokeAll
- Replace internal request library to wreck
- Replace bluebird with native promise implementation
- Replace callback interface with async/await
- Improve integration tests coverage
- Add support to specify scopes as array in
getTokenmethod - Add support to empty strings and visual ASCII characters on
clientId/clientSecretoptions
- Update debug dependency
- Add support to encode the authorization headers
- Update dependencies
- Add Node 8 to test matrix
- Add support for custom idParamName in authCode.authorizeURL() method
- Upgrade dependencies, to avoid using outdated/vulnerable versions
- Add support to body encoding format in library requests
- Add missing documentation for module options
- Parse token payload response
expires_inproperty as integer
- Fixed documentation for client option.
- Refactored test to use fixtures.
- Update code to comply with more linter rules.
- Fixed examples in README to return on error.
- Added a working example example.
- Clone params and configuration passed
- Changed public api to, to make it consistent. Changed shortcut names to full names.
- Changed public api to allow different sites for /authorize and /tokens
- Added strict schema validation to module options.
- Does not override expires_at property if passed into accessToken.create.
- Upgraded code to strict mode.
- Upgraded all the code base to es6.
- Updated linter settings to meet the new es6 code requirements.
- Fixed shared value for access token, causing tokens to be overriding.
- Replaced internal logger by the debug module logger.
- Fixed some project metadata.
- Added optional sending support to the body auth params.
- Updated license information.
- Updated main dependencies version.
- Fixed leaked token when a refresh token was used.
- Fixed error class prototype inheritance. Now inherits correctly from Error.
- Now all error states returned from the server, are rejected as HTTPError instances. (This allow to know what httpStatusCode was returned)
- Updated project dependencies.
- Added support for passing arguments to the refresh token action.
- Added project badges.
- Code general cleanup and applied code styleguide.
- Created CONTRIBUTING guides! (Separated from README)
- Fixed bug, which resolved promises even if the token wasn´t retrieved. #64
- Better documentation!
- Added support for promise based API
- Adds revocation token method
- Not using headers if access_token is defined as a part of the URL.
- Changes from Pascal Case to Camel Case in the API.
- Adds Bearer Header for requests.
- Now compatible with Github
- Updated name convention on using simple oauth2 configuration block.
- Token expiration is now dinamically defined through the expires_in field returned with the access token from the OAuth2 server
- Fixed missing Basic Auth that somehow is not created from the request library
- Fixed bug on AccessToken#expired() as it had the inverse logic
- AccessToken#refresh() now returns an AccessToken object
- Updated documentation
- Added Password credentials flow
- First version Node client for OAuth2