v3.1.0 (2023-10-05)
Added
v3.0.1 (2023-01-12)
Fixed
- update types/jsonwebtoken update v9.0.0 #349 (ToshihitoKon)
- Bump jsonwebtoken from 8.5.1 to 9.0.0 #344 (dependabot[bot])
v3.0.0 (2022-11-01)
This release drops support for Node 10 and 12
v2.1.5 (2022-10-10)
Fixed
v2.1.4 (2022-06-07)
Fixed
- Type definitions depend on jsonwebtoken #314 (adamjmcgrath)
v2.1.3 (2022-05-20)
Fixed
- Fix issue with ES Express import #310 (adamjmcgrath)
v2.1.2 (2022-05-12)
Fixed
- fix: express build error #304 (blindperson)
v2.1.1 (2022-05-06)
Fixed
- fix: types-compabitility for express-jwt @ 7 #301 (carboneater)
v2.1.0 (2022-04-26)
Added
- add support for express-jwt@7 #297 (jfromaniello)
Fixed
v2.0.5 (2021-10-15)
Fixed
- Destroy the request when reaches the timeout (#270) #271 (amrsalama)
- [SDK-2833] Fix issue where errors were being cached #268 (adamjmcgrath)
Fixed
- [SDK-2626] getKeysInterceptor types #251 (davidpatrick)
Fixed
- Fix retrieveSigningKeys error #242 (davidpatrick)
Security
- Bump jose from 2.0.3 to 2.0.5 #244 (dependabot)
Fixed
- Interceptor bind client #237 (erikfried)
- Update type def for getSigningKey #236 (davidpatrick)
- Use hostname instead of host when creating request #233 (cjlpowers)
Added
- Callback backwards compatbility for
getSigningKey
#227 (davidpatrick)
Fixed
- Fix typescript declarations for v2 #229 (davidpatrick)
- Fix typescript types for fetcher #231 (itajaja)
With version 2 we have added full JWK/JWS support. With this we have bumped the node version to minimum 10. We have also removed Axios and exposed a fetcher
option to allow user's to completely override how the request to the jwksUri
endpoint is made.
- Drops support for Node < 10
- No more callbacks, using async/await(promises)
- Removed Axios and changed the API to JwksClient
Added
Changed
- Simplify request wrapper #218 (davidpatrick)
- Pins to Node Version 10,12,14 #212 (davidpatrick)
- Migrate from callbacks to async/await #222 (davidpatrick)
The proxy option has been removed from the JwksClient. Support for it was a little spotty through Axios, and we wanted to allow users to have more control over the flow. Now you can specify your proxy by overriding the requestAgent
used with an agent with built-in proxy support, or by completely overriding the request library with the fetcher
option.
// OLD
const oldClient = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
proxy: 'https://username:pass@address:port'
});
// NEW
const HttpsProxyAgent = require('https-proxy-agent');
const newClient = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
requestAgent: new HttpsProxyAgent('https://username:pass@address:port')
});
The library no longer gates what http(s) Agent is used, so we have removed requestAgentOptions
and now expose the requestAgent
option when creating a jwksClient
.
// OLD
const oldClient = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
requestAgentOptions: {
ca: fs.readFileSync(caFile)
}
});
// NEW
const newClient = jwksClient({
jwksUri: 'https://sandrino.auth0.com/.well-known/jwks.json',
requestAgent: new https.Agent({
ca: fs.readFileSync(caFile)
})
});
The library no longer supports callbacks. We have migrated to async/await(promises).
// OLD
client.getSigningKey(kid, (err, key) => {
const signingKey = key.getPublicKey();
});
// NEW
const key = await client.getSigningKey(kid);
const signingKey = key.getPublicKey();
Added
Fixed
- Fix npmjs resolves #221 (adamjmcgrath)
- Fix Import default Axios instance #216 (dsebastien)
Fixed
- Added coverage folders to .npmignore
Security
Added
- Provide an alternative source for supplying keysets #202 (davidpatrick)
Deprecation
We are deprecating passing in a jwksObject
to the client for reasons laid out in #202. In order to load keys from anything other than the jwksUri
, please use the getKeysInterceptor
.
const client = new JwksClient({
jwksUri: 'https://my-enterprise-id-provider/.well-known/jwks.json',
getKeysInterceptor: (cb) => {
const file = fs.readFileSync(jwksFile);
return cb(null, file.keys);
}
});
Added
- Add ability to configure proxy with env vars #188 (lubomir-haralampiev)
Fixed
- fix proxy agent for http #182 (NShahri)
- fix dependencies for --production flag with npm #180 (alexrqs)
Added
Fixed
- Add missing async methods to Typescript type definitions #163 (mwgamble)
- Fixing proxy on Axios #176 (davidpatrick)
- Fix caching and rateLimiting on getSigningKeyAsync #177 (davidpatrick)
Added
- Add promisified methods to JwksClient #161 (jimmyjames)
- Update express-jwt ^6.0.0 #157 (davidpatrick)
Fixed
- Update Buffer initialization to non-deprecated method #154 (cwardcode)
- Use axios url parameter instead of baseURL #153 (novascreen)
Security
- Bump lodash from 4.17.15 to 4.17.19 [#152](https://github.com/auth0/node-jwks
Fixed
Security
- Update dependencies to latest #147 (lbalmaceda)
Added
Changed
- Migrate from Deprecated Request Lib #135 (davidpatrick)
Fixed
This release includes a change to the default caching mechanism. Caching is on now by default, with the decrease of the default time of 10hours to 10minutes. This change introduces better support for signing key rotation.
Added
Changed
- [SDK-1221] Modify Cache Defaults #123 (davidpatrick)
Fixed
- Add Linter step to CI #129 (davidpatrick)
- Send the explicit commit SHA to Codecov #128 (lbalmaceda)
This patch release includes an alias for accessing the public key of a given JSON Web Key (JWK). This is in response to an unintended breaking change that was introduced as part of the last Typescript definitions change, included in the release with version 1.6.0
.
Now, no matter what the public key algorithm is, you can obtain it like this:
client.getSigningKey(kid, (err, jwk) => {
const publicKey = jwk.getPublicKey();
});
Fixed
- Add alias for obtaining the public key #119 (lbalmaceda)
- Handling case when Jwk doesn't have 'use' parameter #116 (manpreet-compro)
Changed
Added
- Add
agentOptions
to customizerequest
TLS/SSL options. #84
Changed
- Now includes the jsonwebtoken as a runtime dependency not dev to avoid breaks with 1.5.0 installs
- Various dependencies in both the library and samples updated
Added
Added
Added
Fixed
- Fixed TypeScript definition
- Koa integration
ms
updated to v2.0.0