v4.0.0

⚠ BREAKING CHANGES

• the deprecated issuer.key() method was removed
• due to added ESM module support Node.js version with ESM implementation bugs are no longer supported, this only affects early v13.x versions. The resulting Node.js semver range is ^10.19.0 || >=12.0.0 < 13 || >=13.7.0 (also taking into account the got dependency update)
• upgraded got http request library dependency from v9.x to v11.x. If you override some of the http request options you will most certainly have to accomodate them.
• Signed Request Object "typ" changed from JWT to oauth.authz.req+jwt
• Encrypted Request Object "cty" changed from JWT to oauth.authz.req+jwt
• PKCE is now used by default in the passport strategy
• client.userinfo() verb parameter was renamed to method
• the deprecated client.resource() method was removed

Features

• added support for ESM (ECMAScript modules) (3ac37e8)
• passport strategy will now use PKCE by default where applicable (56f9fe7)

Bug Fixes

• request object type changed from 'JWT' to 'oauth.authz.req+jwt' (641a42f)

Refactor

• remove deprecated client.resource() (c0ec865)
• remove deprecated issuer.key() (5cd1ecf)
• rename client.userinfo() verb parameter to method (4cb21a4)
• upgrade got from v9.x to v11.x (c72b5e8)

v3.15.10

Bug Fixes

• typescript: add missing types (#284) (49e0ff0)

v3.15.9

Bug Fixes

• typescript: max_age in AuthorizationParameters is a number (5ce2a73), closes #279

v3.15.8

Bug Fixes

• allow AAD appid including discovery URLs to be multi-tenant (c27caab)

v3.15.7

Chores

• dependency updates

v3.15.6

Refactor

• fixup for removed lodash dependency (13a05fd), closes #272

Bug Fixes

• merge helper returns modified object, leftovers removed (2e3339b)

v3.15.5

Bug Fixes

• regression from #272 (9bff960)

v3.15.4

Refactor

• removes lodash dependency (7bc9b91), closes #272

v3.15.3

Bug Fixes

• give AAD v1 common same treatment as v2 common (2344e00), closes #269

v3.15.2

Bug Fixes

• allow any JSON numeric value for timestamp values (a24a759), closes #263