CHANGELOG.md

Changelog

Features

• update project to Angular 16 (b999024)

Bug Fixes

• #728 (51e438a), closes /github.com/manfredsteyer/angular-oauth2-oidc/issues/728#issuecomment-808969225
• clear location.hash only if it is present (c2b2753), closes #970
• clock skew bug (f30098d)
• correctly handle ? and & in location replacements (70fd826)
• correctly use clockSkew for hasValid[Access|Id]Token (68238fb)
• Disable nonce validation for id token for e2e tests (f5bd96c)
• fix scope/state removal for implicit flow with hash (9e257d0)
• in code flow pass options to error handler (c9a2c55), closes #972
• issue with sha256 and prod build #1120 (b44e19a)
• js-sha256: wrap logic in a function to prevent optimizer destroy lib (ae26fba)
• jwks: update jsrsasign dependency to 10.2.0 (a05bd8a), closes #1061
• multiplying calls to token endpoint in code flow (59f65d2)
• Refresh tokens with a plus sign get corrupted before sending to token endpoint (2204c5a)
• revoketokenandlogout: 'customParameters' should accept boolean (9761bad)
• While Using POPUP mode, we click on login button multiple time it opens multiple popup instead of focusing already opened (bbff95b)

12.0.0 (2021-07-16)

Bug Fixes

• #728 (51e438a), closes /github.com/manfredsteyer/angular-oauth2-oidc/issues/728#issuecomment-808969225
• clear location.hash only if it is present (c2b2753), closes #970
• correctly handle ? and & in location replacements (70fd826)
• Disable nonce validation for id token for e2e tests (f5bd96c)
• fix scope/state removal for implicit flow with hash (9e257d0)
• in code flow pass options to error handler (c9a2c55), closes #972
• jwks: update jsrsasign dependency to 10.2.0 (a05bd8a), closes #1061
• multiplying calls to token endpoint in code flow (59f65d2)
• Refresh tokens with a plus sign get corrupted before sending to token endpoint (2204c5a)
• revoketokenandlogout: 'customParameters' should accept boolean (9761bad)
• While Using POPUP mode, we click on login button multiple time it opens multiple popup instead of focusing already opened (bbff95b)

Features

• introduce DateTimeProvider (0c0a4a7)
• logout: postLogoutRedirectUri should not default to redirectUri (ff7d1d9)
• support JWT response on userinfo endpoint (da16494)
• Custom grant type added (#919)
• Listen for storage to receive auth hash from popup (#935)
• Add event for unchanged session (#936)
• Add loginHint to codeFlow (#938)
• Add a windowRef option to initLoginFlowInPopup to prevent the window from beeing blocked by popup blockers (#965)
• Use configured revocationEndpoint by default (#1020)

10.0.0 (2020-06-30)

• chore: increase version in package.json (84d95a7)
• chore: make version 9.2 ready (415e053)
• chore(deps): bump jsrsasign from 8.0.12 to 8.0.19 (4def1c1)
• chore(deps): bump websocket-extensions from 0.1.3 to 0.1.4 (cae715e)
• chore(release): 9.2.1 (7a15194)
• chore(release): 9.2.2 (40f5ae5)
• chore(release): 9.3.0 (f42f943)
• refactor: inline js-sha256 (ca435c0)
• refactor: remove dep on contributer-table (b486546)
• refactor: use esm for sha-256 (92ee76d)
• feat(oauth-service): pass custom url params to logOut (4607d55)
• feat(oauth-service): revokeTokenAndLogout with cust params (026dcb3)
• 'disableAtHashCheck' by default if responseType is 'id_token' (169d749)
• #825: (38c7c3f), closes #825
• #825: (fb3afe4), closes #825
• Fix issue with ambient type in constructor when running Universal with Ivy (9e95c73)
• Fix typo in code-flow.md (1816e7b)
• Replaced document by this.document #773 (678ff95), closes #773
• response_types including 'code' gets a code_challenge (58a8132)
• Update code-flow.md (5c5288c)
• docs(readme): use our own idsvr (65c2b95)
• fix: loadDiscoveryDocumentAndLogin should pass state into initLoginFlow (132c624)
• fix(lib): copying LICENSE file to output build (e89aa6d)

10.0.0 (2020-06-30)

Bug Fixes

• loadDiscoveryDocumentAndLogin should pass state into initLoginFlow (132c624)
• lib: copying LICENSE file to output build (e89aa6d)

Features

• oauth-service: pass custom url params to logOut (4607d55)
• oauth-service: revokeTokenAndLogout with cust params (026dcb3)

10.0.0 (2020-06-30)

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

Features

• automatic silent refresh: stopAutomaticRefresh stops all timers. (8ab853b)
• code-flow: allow using implicit flow by setting useSilentRefresh to true (93902a5)
• oauth-service: pass custom url params to logOut (4607d55)
• oauth-service: revokeTokenAndLogout with cust params (026dcb3)
• sample: also use new idsvr 4 for implicit flow demo to prevent issues with same site cookies (58c6354)
• session checks: Session checks work now for code flow too. Pls see Docs for details. (4bf8901)
• token-revocation: also revoke refresh_token (429ed2c)
• remove jsrsasign dependancy (77cb37a)
• Upgrade to angular 8 (31c6273)

Bug Fixes

• loadDiscoveryDocumentAndLogin should pass state into initLoginFlow (132c624)
• lib: copying LICENSE file to output build (e89aa6d)
• revoketokenandlogout: explicit way to revoke an access token (c799ead)
• sample: make sense of the guard (1cae011)
• #687 (e2599e0)
• code flow: Fixed code flow for IE 11 (0f03d39)
• sample: use hash-based routing (3f44eca)
• session state: save session_state also when using code flow (8fa99ff)
• state: passing an url with a querystring as the state, e. g. url?x=1 (71b705c)
• missing HttpModule dependency (7eac8ae)
• run tokensetup outside ngzone (07bb62d)
• typo (3d331f2)

9.2.2 (2020-05-09)

9.2.1 (2020-04-23)

9.2.0 (2020-03-28)

Features

• revoketokenandlogout: explicit way to revoke an access token according to RFC 7009 (c799ead)

• token-revocation: also revoke refresh_token (429ed2c)

Bug Fixes

• sample: make sense of the guard (1cae011)

9.1.0 (2020-03-23)

Features

• automatic silent refresh: stopAutomaticRefresh stops all timers. (8ab853b)
• code-flow: allow using silent refresh by setting useSilentRefresh to true (93902a5)
• sample: Also use new Identity Server 4 for implicit flow demo to prevent issues with same site cookies (58c6354)
• session checks: Session checks work now for code flow too. Please see docs for details. (4bf8901)

Bug Fixes

• code flow: Fixed code flow for IE 11 (0f03d39)
• sample: use hash-based routing (3f44eca)
• session state: save session_state also when using code flow (8fa99ff)
• state: passing an url with a querystring as the state, e. g. url?x=1 (71b705c)
• #687 (e2599e0)
• missing HttpModule dependency (7eac8ae)
• run tokensetup outside ngzone (07bb62d)
• typo (3d331f2)

Pull Requests

• Update sample app and silent-refresh.html script #755, linjie997
• Add optional state parameter for logout, pmccloghrylaing
• fix customHashFragment usage in tryLoginCodeFlow, roblabat
• replace document with injectionToken #741, d-moos
• Support predefined custom parameters extraction from the TokenResponse, vdveer
• Fixed not working silent refresh when using 'code' #735, ErazerBrecht

Thanks

Big Thanks to all contributers: Brecht Carlier, Daniel Moos, Jie Lin, Manfred Steyer, Phil McCloghry-Laing, robin labat, vdveer

Also, big thanks to jeroenheijmans for doing an awesome job with moderating and analyzing the issues!