- update project to Angular 16 (b999024)
- #728 (51e438a), closes /github.com/manfredsteyer/angular-oauth2-oidc/issues/728#issuecomment-808969225
- clear location.hash only if it is present (c2b2753), closes #970
- clock skew bug (f30098d)
- correctly handle ? and & in location replacements (70fd826)
- correctly use clockSkew for hasValid[Access|Id]Token (68238fb)
- Disable nonce validation for id token for e2e tests (f5bd96c)
- fix scope/state removal for implicit flow with hash (9e257d0)
- in code flow pass options to error handler (c9a2c55), closes #972
- issue with sha256 and prod build #1120 (b44e19a)
- js-sha256: wrap logic in a function to prevent optimizer destroy lib (ae26fba)
- jwks: update jsrsasign dependency to 10.2.0 (a05bd8a), closes #1061
- multiplying calls to token endpoint in code flow (59f65d2)
- Refresh tokens with a plus sign get corrupted before sending to token endpoint (2204c5a)
- revoketokenandlogout: 'customParameters' should accept boolean (9761bad)
- While Using POPUP mode, we click on login button multiple time it opens multiple popup instead of focusing already opened (bbff95b)
12.0.0 (2021-07-16)
- #728 (51e438a), closes /github.com/manfredsteyer/angular-oauth2-oidc/issues/728#issuecomment-808969225
- clear location.hash only if it is present (c2b2753), closes #970
- correctly handle ? and & in location replacements (70fd826)
- Disable nonce validation for id token for e2e tests (f5bd96c)
- fix scope/state removal for implicit flow with hash (9e257d0)
- in code flow pass options to error handler (c9a2c55), closes #972
- jwks: update jsrsasign dependency to 10.2.0 (a05bd8a), closes #1061
- multiplying calls to token endpoint in code flow (59f65d2)
- Refresh tokens with a plus sign get corrupted before sending to token endpoint (2204c5a)
- revoketokenandlogout: 'customParameters' should accept boolean (9761bad)
- While Using POPUP mode, we click on login button multiple time it opens multiple popup instead of focusing already opened (bbff95b)
- introduce DateTimeProvider (0c0a4a7)
- logout: postLogoutRedirectUri should not default to redirectUri (ff7d1d9)
- support JWT response on userinfo endpoint (da16494)
- Custom grant type added (manfredsteyer#919)
- Listen for storage to receive auth hash from popup (manfredsteyer#935)
- Add event for unchanged session (manfredsteyer#936)
- Add loginHint to codeFlow (manfredsteyer#938)
- Add a windowRef option to initLoginFlowInPopup to prevent the window from beeing blocked by popup blockers (manfredsteyer#965)
- Use configured revocationEndpoint by default (manfredsteyer#1020)
- chore: increase version in package.json (84d95a7)
- chore: make version 9.2 ready (415e053)
- chore(deps): bump jsrsasign from 8.0.12 to 8.0.19 (4def1c1)
- chore(deps): bump websocket-extensions from 0.1.3 to 0.1.4 (cae715e)
- chore(release): 9.2.1 (7a15194)
- chore(release): 9.2.2 (40f5ae5)
- chore(release): 9.3.0 (f42f943)
- refactor: inline js-sha256 (ca435c0)
- refactor: remove dep on contributer-table (b486546)
- refactor: use esm for sha-256 (92ee76d)
- feat(oauth-service): pass custom url params to logOut (4607d55)
- feat(oauth-service): revokeTokenAndLogout with cust params (026dcb3)
- 'disableAtHashCheck' by default if responseType is 'id_token' (169d749)
- #825: (38c7c3f), closes #825
- #825: (fb3afe4), closes #825
- Fix issue with ambient type in constructor when running Universal with Ivy (9e95c73)
- Fix typo in code-flow.md (1816e7b)
- Replaced document by this.document #773 (678ff95), closes #773
- response_types including 'code' gets a code_challenge (58a8132)
- Update code-flow.md (5c5288c)
- docs(readme): use our own idsvr (65c2b95)
- fix: loadDiscoveryDocumentAndLogin should pass state into initLoginFlow (132c624)
- fix(lib): copying LICENSE file to output build (e89aa6d)
10.0.0 (2020-06-30)
- loadDiscoveryDocumentAndLogin should pass state into initLoginFlow (132c624)
- lib: copying LICENSE file to output build (e89aa6d)
- oauth-service: pass custom url params to logOut (4607d55)
- oauth-service: revokeTokenAndLogout with cust params (026dcb3)
10.0.0 (2020-06-30)
All notable changes to this project will be documented in this file. See standard-version for commit guidelines.
- automatic silent refresh: stopAutomaticRefresh stops all timers. (8ab853b)
- code-flow: allow using implicit flow by setting useSilentRefresh to true (93902a5)
- oauth-service: pass custom url params to logOut (4607d55)
- oauth-service: revokeTokenAndLogout with cust params (026dcb3)
- sample: also use new idsvr 4 for implicit flow demo to prevent issues with same site cookies (58c6354)
- session checks: Session checks work now for code flow too. Pls see Docs for details. (4bf8901)
- token-revocation: also revoke refresh_token (429ed2c)
- remove jsrsasign dependancy (77cb37a)
- Upgrade to angular 8 (31c6273)
- loadDiscoveryDocumentAndLogin should pass state into initLoginFlow (132c624)
- lib: copying LICENSE file to output build (e89aa6d)
- revoketokenandlogout: explicit way to revoke an access token (c799ead)
- sample: make sense of the guard (1cae011)
- #687 (e2599e0)
- code flow: Fixed code flow for IE 11 (0f03d39)
- sample: use hash-based routing (3f44eca)
- session state: save session_state also when using code flow (8fa99ff)
- state: passing an url with a querystring as the state, e. g. url?x=1 (71b705c)
- missing HttpModule dependency (7eac8ae)
- run tokensetup outside ngzone (07bb62d)
- typo (3d331f2)
9.2.2 (2020-05-09)
9.2.1 (2020-04-23)
9.2.0 (2020-03-28)
-
revoketokenandlogout: explicit way to revoke an access token according to RFC 7009 (c799ead)
-
token-revocation: also revoke refresh_token (429ed2c)
- sample: make sense of the guard (1cae011)
- automatic silent refresh: stopAutomaticRefresh stops all timers. (8ab853b)
- code-flow: allow using silent refresh by setting useSilentRefresh to true (93902a5)
- sample: Also use new Identity Server 4 for implicit flow demo to prevent issues with same site cookies (58c6354)
- session checks: Session checks work now for code flow too. Please see docs for details. (4bf8901)
- code flow: Fixed code flow for IE 11 (0f03d39)
- sample: use hash-based routing (3f44eca)
- session state: save session_state also when using code flow (8fa99ff)
- state: passing an url with a querystring as the state, e. g. url?x=1 (71b705c)
- #687 (e2599e0)
- missing HttpModule dependency (7eac8ae)
- run tokensetup outside ngzone (07bb62d)
- typo (3d331f2)
- Update sample app and silent-refresh.html script #755, linjie997
- Add optional state parameter for logout, pmccloghrylaing
- fix customHashFragment usage in tryLoginCodeFlow, roblabat
- replace document with injectionToken #741, d-moos
- Support predefined custom parameters extraction from the TokenResponse, vdveer
- Fixed not working silent refresh when using 'code' #735, ErazerBrecht
Big Thanks to all contributers: Brecht Carlier, Daniel Moos, Jie Lin, Manfred Steyer, Phil McCloghry-Laing, robin labat, vdveer
Also, big thanks to jeroenheijmans for doing an awesome job with moderating and analyzing the issues!