@strongnguyen/oidc-provider/CHANGELOG.md

OAuth 2.0 Authorization Server implementation for Node.js with OpenID Connect

# Changelog

All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.

## [7.14.3](https://github.com/panva/node-oidc-provider/compare/v7.14.2...v7.14.3) (2022-12-01)


### Fixes

* memory adapter grant references for intended models ([357ced3](https://github.com/panva/node-oidc-provider/commit/357ced3924b71819be144f184861a8c78c27fde6))

## [7.14.2](https://github.com/panva/node-oidc-provider/compare/v7.14.1...v7.14.2) (2022-11-30)


### Fixes

* build client symmetric keys from all client signing alg properties ([a26f87d](https://github.com/panva/node-oidc-provider/commit/a26f87d74fcc38e48da2814b9e41e84f7e64e784))

## [7.14.1](https://github.com/panva/node-oidc-provider/compare/v7.14.0...v7.14.1) (2022-11-22)


### Fixes

* url encode client_id returned in registration responses ([500dfeb](https://github.com/panva/node-oidc-provider/commit/500dfeb763bd8ea445ad3c79be8e543ba34af275))

## [7.14.0](https://github.com/panva/node-oidc-provider/compare/v7.13.0...v7.14.0) (2022-11-09)


### Features

* graduate jwtResponseModes (JARM) feature as stable ([7b878cd](https://github.com/panva/node-oidc-provider/commit/7b878cd195da05024a45c0e347546f0d4ee862c5))

## [7.13.0](https://github.com/panva/node-oidc-provider/compare/v7.12.0...v7.13.0) (2022-10-26)


### Features

* enable v18 LTS in package.json ([e423b4d](https://github.com/panva/node-oidc-provider/commit/e423b4d87a6caf490d993e8ae4e2b428504f7d8b))

## [7.12.0](https://github.com/panva/node-oidc-provider/compare/v7.11.5...v7.12.0) (2022-09-13)


### Features

* graduate backchannelLogout feature as stable ([617e260](https://github.com/panva/node-oidc-provider/commit/617e2602d0e862fdbdec4d501555097596378d96))


### Fixes

* ignore instead of throw on unverified post_logout_redirect_uri ([04b1096](https://github.com/panva/node-oidc-provider/commit/04b1096ac1507cab15a680ebde91cc33f6d636eb))

## [7.11.5](https://github.com/panva/node-oidc-provider/compare/v7.11.4...v7.11.5) (2022-07-16)


### Fixes

* **PAR:** set additional stored PAR object properties on plain requests ([1be15fa](https://github.com/panva/node-oidc-provider/commit/1be15faed0a704bf5a2c34121d8131e00f23c734))
* **PAR:** skip stored PAR object alg validation when it's being used ([406caa4](https://github.com/panva/node-oidc-provider/commit/406caa48f0c5929666e43a7b76af9a393c4631d2))

## [7.11.4](https://github.com/panva/node-oidc-provider/compare/v7.11.3...v7.11.4) (2022-07-04)


### Fixes

* arrow & static class methods as adapter factories ([#1197](https://github.com/panva/node-oidc-provider/issues/1197)) ([cee552f](https://github.com/panva/node-oidc-provider/commit/cee552f0403863d9a1b8495b93098cc706f7f625))

## [7.11.3](https://github.com/panva/node-oidc-provider/compare/v7.11.2...v7.11.3) (2022-06-13)


### Fixes

* httpOptions helper ([#1194](https://github.com/panva/node-oidc-provider/issues/1194)) ([80fe961](https://github.com/panva/node-oidc-provider/commit/80fe9619cd679b5988820e5389b027a4b0a24ca2))

## [7.11.2](https://github.com/panva/node-oidc-provider/compare/v7.11.1...v7.11.2) (2022-05-16)


### Fixes

* updated `signed` to `trusted` in the Interaction model ([#1192](https://github.com/panva/node-oidc-provider/issues/1192)) ([eb91aea](https://github.com/panva/node-oidc-provider/commit/eb91aea9c3a50284e71f43ce2fe7f31ebdd83bb5))

## [7.11.1](https://github.com/panva/node-oidc-provider/compare/v7.11.0...v7.11.1) (2022-04-25)


### Fixes

* client schema invalidation code not set ([edf22fb](https://github.com/panva/node-oidc-provider/commit/edf22fba1ca8fb21e528c6755f74ae48a9d6704b))

## [7.11.0](https://github.com/panva/node-oidc-provider/compare/v7.10.6...v7.11.0) (2022-04-20)


### Features

* allow native app callbacks in client post_logout_redirect_uris ([3fca22b](https://github.com/panva/node-oidc-provider/commit/3fca22bb5dc8dc529c08c596109988a35e110f74))
* bump backchannelLogout to draft-07 ([95611d9](https://github.com/panva/node-oidc-provider/commit/95611d9978c1f5c10ae9dbe1d49186983a3b01df))
* graduate issAuthResp feature as stable and enable by default ([e774f60](https://github.com/panva/node-oidc-provider/commit/e774f606ea63271c971aad3d7b5730d0f16c0f52))


### Fixes

* ensure jwt replay detection takes clockTolerance into account ([f167233](https://github.com/panva/node-oidc-provider/commit/f1672336750b8a23ad0c0fa9f3bb2f91ad61397d))

## [7.10.6](https://github.com/panva/node-oidc-provider/compare/v7.10.5...v7.10.6) (2022-01-07)


### Fixes

* substr > slice change in mountPath should have been substring ([adc0d63](https://github.com/panva/node-oidc-provider/commit/adc0d63193c131d7a45f83e4195360a62ef2c522))

## [7.10.5](https://github.com/panva/node-oidc-provider/compare/v7.10.4...v7.10.5) (2022-01-04)


### Fixes

* **resourceIndicators:** await the result of useGrantedResource ([#1173](https://github.com/panva/node-oidc-provider/issues/1173)) ([64a8028](https://github.com/panva/node-oidc-provider/commit/64a802884dc4b990847cda4eacb3dba619ae379d))

## [7.10.4](https://github.com/panva/node-oidc-provider/compare/v7.10.3...v7.10.4) (2021-12-05)


### Fixes

* add iss to error responses when issAuthResp is enabled ([05ac3a8](https://github.com/panva/node-oidc-provider/commit/05ac3a8cc51f18d33e17982b81f1996e6a327e8c))

## [7.10.3](https://github.com/panva/node-oidc-provider/compare/v7.10.2...v7.10.3) (2021-12-04)


### Fixes

* expose invalid_dpop_proof error code and set it to 401 on userinfo ([2628d7e](https://github.com/panva/node-oidc-provider/commit/2628d7e4b81d22a3972e8f82c94b9ec4dd9835d4))

## [7.10.2](https://github.com/panva/node-oidc-provider/compare/v7.10.1...v7.10.2) (2021-11-28)


### Fixes

* use paseto configuration from `getResourceServerInfo` ([#1150](https://github.com/panva/node-oidc-provider/issues/1150)) ([02c821d](https://github.com/panva/node-oidc-provider/commit/02c821d7f16c6421d30ffc449366d4d79d951830))

## [7.10.1](https://github.com/panva/node-oidc-provider/compare/v7.10.0...v7.10.1) (2021-11-16)


### Fixes

* clearly mark that multiple pop mechanisms are not allowed ([49eed4c](https://github.com/panva/node-oidc-provider/commit/49eed4c20b28ef95e7a1a6315783dd3956b8c84a))

## [7.10.0](https://github.com/panva/node-oidc-provider/compare/v7.9.0...v7.10.0) (2021-11-04)


### Features

* duplicate iss and aud as JWE Header Parameters ([b26ea44](https://github.com/panva/node-oidc-provider/commit/b26ea4465b3e45b8e63e69bd08c5de525494dea8))

## [7.9.0](https://github.com/panva/node-oidc-provider/compare/v7.8.1...v7.9.0) (2021-10-26)


### Features

* add LTS Gallium as a supported runtime version ([19b4d0d](https://github.com/panva/node-oidc-provider/commit/19b4d0daa4ca1e05acd2b5651545251fe937ff39))

## [7.8.1](https://github.com/panva/node-oidc-provider/compare/v7.8.0...v7.8.1) (2021-10-12)


### Bug Fixes

* use insufficient_scope instead of invalid_scope at userinfo_endpoint ([ba8a8f0](https://github.com/panva/node-oidc-provider/commit/ba8a8f0188c9a73a0ab0f8b974bea49feb2a87a6))

## [7.8.0](https://github.com/panva/node-oidc-provider/compare/v7.7.0...v7.8.0) (2021-09-15)


### Features

* OAuth 2.0 Pushed Authorization Requests (PAR) is now a stable feature ([3c54d8d](https://github.com/panva/node-oidc-provider/commit/3c54d8ddb85d72fc9432c283b3bea417a895afca))

## [7.7.0](https://github.com/panva/node-oidc-provider/compare/v7.6.0...v7.7.0) (2021-09-02)


### Features

* CIBA Core 1.0 is now a stable feature ([cc8bc0d](https://github.com/panva/node-oidc-provider/commit/cc8bc0d651e8111a144cb3eeaf7f61600dd074f2))

## [7.6.0](https://github.com/panva/node-oidc-provider/compare/v7.5.4...v7.6.0) (2021-08-03)


### Features

* support v3.local, v3.public, and v4.public paseto access tokens format ([aca5813](https://github.com/panva/node-oidc-provider/commit/aca5813a5b7e669f30894102ad925b1aec3f3467))

## [7.5.4](https://github.com/panva/node-oidc-provider/compare/v7.5.3...v7.5.4) (2021-07-21)


### Bug Fixes

* add missing x-ua-compatible to form_post and dag input ([f773669](https://github.com/panva/node-oidc-provider/commit/f77366982b33281226f6b88492e844322da69915)), closes [#1052](https://github.com/panva/node-oidc-provider/issues/1052)

## [7.5.3](https://github.com/panva/node-oidc-provider/compare/v7.5.2...v7.5.3) (2021-07-19)


### Bug Fixes

* memory adapter grant references for intended models ([2fe4dc8](https://github.com/panva/node-oidc-provider/commit/2fe4dc83677cdbc8b0f4cc9dc5fa5cdea336162b))

## [7.5.2](https://github.com/panva/node-oidc-provider/compare/v7.5.1...v7.5.2) (2021-07-19)


### Bug Fixes

* use correct keystore select method for paseto access tokens ([ce394bc](https://github.com/panva/node-oidc-provider/commit/ce394bc15874fcea17a61f913248a72a66bf4945))

## [7.5.1](https://github.com/panva/node-oidc-provider/compare/v7.5.0...v7.5.1) (2021-06-24)


### Bug Fixes

* issue id tokens with claims when resource is used ([#1038](https://github.com/panva/node-oidc-provider/issues/1038)) ([4b16c71](https://github.com/panva/node-oidc-provider/commit/4b16c71983dfa9b8f2bf14008e4858478a916e5d))

## [7.5.0](https://github.com/panva/node-oidc-provider/compare/v7.4.1...v7.5.0) (2021-06-23)


### Features

* use 303 See Other HTTP response status code for built in redirects ([c243bf6](https://github.com/panva/node-oidc-provider/commit/c243bf6b6663c41ff3e75c09b95fb978eba87381))

## [7.4.1](https://github.com/panva/node-oidc-provider/compare/v7.4.0...v7.4.1) (2021-05-29)


### Bug Fixes

* handle backchannel requests in grant revocation ([8fe9aec](https://github.com/panva/node-oidc-provider/commit/8fe9aecdf8d93c7c9f2cca5f9e2e6ffaf65714e9))

## [7.4.0](https://github.com/panva/node-oidc-provider/compare/v7.3.2...v7.4.0) (2021-05-28)


### ⚠ BREAKING CHANGES

* **fapi:** Draft feature `fapiRW` was replaced by a stable `fapi`
feature.
* **fapi:** The default profile for the new `fapi` feature is
Financial-grade API Security Profile 1.0 - Part 2: Advanced (Final) rather than
Financial-grade API - Part 2: Read and Write API Security Profile (ID2).
ID2 albeit being an Implementer's Draft remains a possible
`features.fapi.profile` option

### Features

* **fapi:** FAPI (Final and ID2) is now a stable feature ([4f52a4c](https://github.com/panva/node-oidc-provider/commit/4f52a4cf62d0e2282a8f6a1759725b8633135b83))
* **resourceIndicators:** allow omitting resource parameter at the token endpoint ([0309ec0](https://github.com/panva/node-oidc-provider/commit/0309ec068ef7c347fc8f68bf70a5a1fc79f78d57)), closes [/github.com/panva/node-oidc-provider/discussions/989#discussioncomment-676812](https://github.com/panva//github.com/panva/node-oidc-provider/discussions/989/issues/discussioncomment-676812) [#989](https://github.com/panva/node-oidc-provider/issues/989)
* Client Initiated Backchannel Authentication (CIBA) and FAPI-CIBA-ID1 ([a217484](https://github.com/panva/node-oidc-provider/commit/a217484caa3593e556e9c4c18d0766d878d7f813))


### Bug Fixes

* **deviceFlow:** ensure pairwise device flow clients prove ownership of their jwks_uri ([ec99201](https://github.com/panva/node-oidc-provider/commit/ec9920138d3dda17fe107b77a1361be1a4372089))
* remove default got user-agent ([d65187c](https://github.com/panva/node-oidc-provider/commit/d65187c296770c3b903ccdd9f30c323b5ad36a8b))
* skip validating client redirect_uris presence when not required ([90965bb](https://github.com/panva/node-oidc-provider/commit/90965bb61bb87159fee0513a59849bdaa45e4fff))

## [7.3.2](https://github.com/panva/node-oidc-provider/compare/v7.3.1...v7.3.2) (2021-05-13)


### Bug Fixes

* account claims scope argument type during refresh token exchange ([bd1bee1](https://github.com/panva/node-oidc-provider/commit/bd1bee17a77b6b6746cc19be2984db87169ed5b9)), closes [#1000](https://github.com/panva/node-oidc-provider/issues/1000)

## [7.3.1](https://github.com/panva/node-oidc-provider/compare/v7.3.0...v7.3.1) (2021-04-09)


### Bug Fixes

* store original PAR signed request object after decryption ([fa26e55](https://github.com/panva/node-oidc-provider/commit/fa26e55fac320502119f18e7c1fb576cda6ef0d3))

## [7.3.0](https://github.com/panva/node-oidc-provider/compare/v7.2.0...v7.3.0) (2021-04-08)


### ⚠ BREAKING CHANGES

* DPoP implementation updated to [draft-ietf-oauth-dpop-03](https://tools.ietf.org/html/draft-ietf-oauth-dpop-03)

### Features

* update DPoP implementation to ietf draft 03 ([d08126f](https://github.com/panva/node-oidc-provider/commit/d08126f70fc45ef3c3b10ade692406e3793e27dc))

## [7.2.0](https://github.com/panva/node-oidc-provider/compare/v7.1.3...v7.2.0) (2021-04-01)


### Features

* enable customizing client auth jwt assertion expected audience ([e6286a6](https://github.com/panva/node-oidc-provider/commit/e6286a6dd23444930b2e9b033ab9229790b82ea0))

## [7.1.3](https://github.com/panva/node-oidc-provider/compare/v7.1.2...v7.1.3) (2021-03-24)


### Bug Fixes

* interaction uid is now an alias to its jti, it is not stored anymore either ([2d85768](https://github.com/panva/node-oidc-provider/commit/2d857688eb2bfc0fab6b2f02c3ffbf2b953442f7))
* keyselection for ecdh when both OKP and EC are present ([a0f8f7d](https://github.com/panva/node-oidc-provider/commit/a0f8f7d883106c650ef3cb5b380c39f2e29a6b3b))

## [7.1.2](https://github.com/panva/node-oidc-provider/compare/v7.1.1...v7.1.2) (2021-03-15)


### Bug Fixes

* v1.paseto token alg keystore value to be PS384 instead of RS384 ([ae1f879](https://github.com/panva/node-oidc-provider/commit/ae1f879e10a6079c47727830f8e1aa8d6ef95466))

## [7.1.1](https://github.com/panva/node-oidc-provider/compare/v7.1.0...v7.1.1) (2021-03-10)


### Bug Fixes

* save the grantId reference field with an interaction session ([6cab64e](https://github.com/panva/node-oidc-provider/commit/6cab64e1c28422f4ef3ca558bc5f68578cd92a55))
* typo in consent detail missingOIDClaims -> missingOIDCClaims ([1427383](https://github.com/panva/node-oidc-provider/commit/1427383bb67f296063e7952d0dce0201732c29ba))

## [7.1.0](https://github.com/panva/node-oidc-provider/compare/v7.0.0...v7.1.0) (2021-03-05)


### Features

* allow control of which errors flow back to client's redirect_uri ([219cd45](https://github.com/panva/node-oidc-provider/commit/219cd458480e3526380504c879807475e6818830))
* server_error codes no longer redirect back to clients ([b591d7f](https://github.com/panva/node-oidc-provider/commit/b591d7f0dd9e22ed8e47dc9441548c682bb995f1))

## [7.0.0](https://github.com/panva/node-oidc-provider/compare/v6.31.0...v7.0.0) (2021-03-03)


### ⚠ BREAKING CHANGES

* PAR no longer remaps all errors as
invalid_request_object.
* `IdToken.prototype.issue` now requires the `use`
option.
* JWT Header Parameter `client_id` in Request Objects is
now ignored.
* Request Objects now require `iss` and `aud` claims.
* `OIDCContext.prototype.dPoP` getter was removed.
* BaseToken.prototype.setThumbprint `jkt` mode now
expects the string thumbprint value instead of the jose.JWK instance.
* Client JWKS `kid` values are no longer automatically
calculated per RFC7638 when missing. As a result when client's public
keys are used to encrypt assertions the `kid` header will be missing
when such keys are used.
* Provider constructor will now reject JWKS that serve
no purpose (e.g. are only usable for encryption but encryption is
disabled).
* Client and Provider JWKS are validated to be
syntactically correct as before but only resolve to a `crypto.KeyObject`
when they're used.
* `sector_identifier_uri` is now verified regardless of
client's `subject_type` when provided.
* `response_type=token` is no longer supported
* `Session.prototype.accountId` function was removed, it
is just a property access now.
* Session adapter payload property `account` was renamed
to `accountId`.
* Interactions result `login.account` was renamed to
`login.accountId`
* `Session.prototype.loginAccount` option `account` was
renamed to `accountId`
* TypeScript type definitions are no longer bundled with
the package, instead these will be re-published to DefinitelyTyped.
* `configuration.features.resourceIndicators` was
completely re-implemented.
* `configuration.audiences` helper function was removed,
use the `resourceIndicators` feature instead.
* Access Tokens with an audience can no longer be used
to access the userinfo endpoint.
* Only a single audience ("aud") is permitted in
Access Tokens and Client Credential tokens.
* Structured (JWT and PASETO) access tokens Access Tokens
no longer default to using the clientId as audience, if no audience is
specified an Error is throw indicating that issuing a structured token
is probably not needed for a token only usable at the userinfo_endpoint.
* Only opaque access tokens without an audience may be
used to access the userinfo_endpoint.
* Only opaque access tokens may be introspected using
the introspection_endpoint.
* Only opaque access tokens may be revoked using
the revocation_endpoint.
* Only opaque access tokens get stored using the adapter.
* Structured (JWT and PASETO) access tokens do not get
stored by the adapter anymore.
* `access_token.saved` event is only emitted for opaque
access tokens, non-opaque tokens get emitted via `access_token.issued`.
* PASETO tokens were re-implemented from scratch using
the new resourceIndicators implementation.
* `client_credentials.saved` event is only emitted for
opaque access tokens, non-opaque tokens get emitted via
`client_credentials.issued`.
* Structured (JWT and PASETO) access tokens MUST contain
an audience, an error will be thrown if they don't.
* `formats.jwtAccessTokenSigningAlg` configuration was
removed in favour of Resource Server configuration helpers.
* The default consent prompt interaction details have
changed, these now include `missingOIDCScopes`(`string[]`),
`missingOIDClaims`(`string[]`),
`missingResourceScope`(`{ [resourceIndicator]: string[]`).
* The interaction result `consent` structure changed. It
may now only contain a single property, `grantId` (string) which is
the identifier of a Grant (returned by calling Grant.prototype.save()).
* Session-bound artifacts no longer fail to load when
the session's grant has less scopes than the artifact, instead the
action will work with the intersection of currently granted scopes with
the ones on the artifact.
* Sessions no longer hold the "granted" set of
scopes/claims. This is now tracked in the Grant artifact instead. The
following properties are no longer present on the
`session.authorizations[client_id]` object: rejectedScopes,
rejectedClaims, promptedClaims, promptedScopes.
* The following Session prototype methods have been
removed: acceptedClaimsFor, acceptedScopesFor, promptedClaimsFor,
promptedScopesFor, rejectedClaimsFor, rejectedScopesFor.
* OpenID Connect Session Management draft
implementation was removed. This is due to front-channel becoming more
and more unreliable due to browsers blocking third-party cookie access.
* OpenID Connect Front-Channel Logout draft
implementation was removed. This is due to front-channel becoming more
and more unreliable due to browsers blocking third-party cookie access.
* The `jwt-ietf` token format is now just `jwt`. The
`ietfJWTAccessTokenProfile` feature is therefore obsolete and removed.
The prior `jwt` format may be emulated using the
`formats.customizers.jwt` helper function.
* Default PKCE use policy now enforces the use of PKCE
`code_challenge` for all requests where PKCE applies. Use the
`pkce.required` helper to revert to the old policy if you have a reason
to exempt some clients from this policy.
* `ctx.oidc.uid` is now undefined, no random values are
now generated. In places where `ctx.oidc.uid` was used as a source
of a random value, an always fresh random value is now generated
instead.
* Removed every `DEBUG=*` code other than error ones.
Ways to debug the code will surface through logging in the future.
* The Device Flow feature resume path now longer contains
the user code in the URL. Instead, `deviceCode` is now attached to
`Interaction` models when part of a device authorization grant flow.
* The DeviceCode model now gets `grantId` property
assigned only after successful consent interaction.
* Every interaction now gets a totally unique identifier,
"same grant", which never actually was about grants, or consequent
bounces through interaction will now each get a unique identifier.
* The `features.webMessageResponseMode.scriptNonce`
helper was removed, all inline scripts will now have their sha256
automatically added to CSP script-src directives when one is present.
* `client_id` and `client_secret` values are now checked
to conform to their ABNF syntax (%x20-7E).
* Allowing to omit a redirect_uri parameter for
clients with a single one registered is now disabled by default. You can
re-enable this using the `allowOmittingSingleRegisteredRedirectUri`
configuration option.
* Configuration option `cookies.short.maxAge` was removed.
Use `ttl.Interaction` configuration to define the Interaction TTL which
in turn controls the cookie expiration.
* Configuration option `cookies.long.maxAge` was removed.
Use `ttl.Session` configuration to define the Session TTL which
in turn controls the cookie expiration.
* Configuration option `cookies.short.expires` was
removed.
* Configuration option `cookies.long.expires` was
removed.
* Interaction.prototype.save `ttl` argument is now
required.
* Session.prototype.save `ttl` argument is now required.
* Provider.prototype.requestUriCache getter was removed.
* `features.jwtUserinfo` is disabled by default now.
* Removed "whitelist" Request Object merging strategy
* `requestObjects.mergingStrategy` configuration is now a
string valued "strict" or "lax"
* `requestObjects.mergingStrategy` configuration is now
`requestObjects.mode`.
* Configuration option `whitelistedJWA` is now
`enabledJWA`.
* Removed HS256 as a default-enabled algorithm from the
following configuration values so that all AS-issued assertions are
firm to only come from the AS: `whitelistedJWA.idTokenSigningAlgValues`,
`whitelistedJWA.userinfoSigningAlgValues`,
`whitelistedJWA.introspectionSigningAlgValues`,
`whitelistedJWA.authorizationSigningAlgValues`
* Default JWE Algorithms ("alg") now includes "dir".
* ECDH-ES KW variants are not enabled by default anymore.
* The default for JWT Access Tokens' signing algorithm
is no longer the client's `id_token_signed_response_alg` falling back to
RS256 but rather only the provider's default
`id_token_signed_response_alg`.
* Removed built in support for urn: request uris.
* Renamed RequestUriCache.prototype.resolveWebUri to
RequestUriCache.prototype.resolve
* The `claims` configuration property can no longer be
a `Map` instance, only plain objects are allowed.
* `request_object_signing_alg` no longer means a request
object must be provided, `require_signed_request_object` boolean value
serves that purpose now as per the clarifications made in OIDF and IETF
Working Groups.
* The deprecated `postLogoutSuccessSource` configuration
property was removed, use
`features.rpInitiatedLogout.postLogoutSuccessSource` instead.
* The deprecated `logoutSource` configuration
property was removed, use
`features.rpInitiatedLogout.logoutSource` instead.
* RedirectUriMismatch error was removed.
* `redirect_uri_mismatch` error codes are now
`invalid_redirect_uri`.
* Only www-urlencoded bodies recognize RFC6750 payload
bearer token. On the authorization server this only affects the dynamic
registration features and removes an unintended side effect.
* `extraAccessTokenClaims` helper function is renamed to
`extraTokenClaims`.
* The jwks_uri response is now using the proper content
type `application/jwk-set+json`.
* Default Interaction TTL increased from 10 minutes to
1 hour.
* The following Provider instance getters/setters are
removed: subdomainOffset, proxyIpHeader, maxIpsCount, keys. You can
access the underlying Koa app via `provider.app` if you have the need
to use these.
* Default clientBasedCORS helper return value is now
`false`, you must ergo use this helper to open up cors based on your
policy.
* The deprecated `setS256Thumbprint` token instance
method is removed.
* The deprecated `OIDCContext.prototype.bearer` method
is removed.
* removed `dynamicScopes` configuration option, scope
configuration using pre-configured values is gone in favour of
Resource Indicators refactor.
* httpOptions helper function argument is now just
a URL instance. It no longer receives the "to be executed" http request
options.
* httpOptions helper changed. It can now only return
three properties {
  `timeout`: number,
  `agent`: instanceof https.Agent || http.Agent,
  `lookup`: dns.lookup like option
}
* The deprecated `pkceMethods` configuration property was
removed, use `pkce.methods` instead.
* `provider.setInteractionSession` function was removed.
* `meta` interaction result was removed.
* Structured token constructors now require a client
property with a client instance rather than a clientId property.
* `extraClientMetadata.validator` `ctx` argument is now
the first one.
* Single member audience arrays are now transformed to a
single audience string value instead.
* Introspection response `jti` is not returned for
opaque tokens.
* `OIDCContext` and `Interaction` instance property
`signed` renamed to `trusted`.
* `provider.interactionDetails` now only works if both
`req` and `res` are provided.
* `Provider.prototype.callback` is now a function instead
of a getter.
* Node.js runtime version policy changed. Version
12.19.0 is now the minimum required runtime and *ONLY LTS* releases are
supported. This means "Current" Node releases are not officially
supported and you may get mixed results when using them.

### Features

* added configurable policy for issuing registration access tokens ([f18395f](https://github.com/panva/node-oidc-provider/commit/f18395fd0432e6bb7ae8ad60f519ec7a35a31231))
* allow dynamic session and interaction expiration TTL ([afcb375](https://github.com/panva/node-oidc-provider/commit/afcb3750ca0e2a269ad55627d5a9a19e38f90f57))
* allow pre-existing Grants to be loaded during authorization ([9dc7921](https://github.com/panva/node-oidc-provider/commit/9dc792117060a1e682b35a96bcefbba6851a1402))
* apply max expiration on PAR objects created from a JWT ([03f9d8f](https://github.com/panva/node-oidc-provider/commit/03f9d8f1ab95c769e0f029850f40c55a0f673c79))
* automatically add inline scripts to CSP script-src directives ([85c3f4d](https://github.com/panva/node-oidc-provider/commit/85c3f4d0047fd2bd7aab28d2508f87def0766c93)), closes [#850](https://github.com/panva/node-oidc-provider/issues/850) [#584](https://github.com/panva/node-oidc-provider/issues/584)
* check client_id and client_secret ABNF syntax ([3d0d078](https://github.com/panva/node-oidc-provider/commit/3d0d0786cc88c14cfb72ca0e69f219bc69cdd06f))
* control whether underlying Grant gets destroyed during logout and revocation ([ee74dcf](https://github.com/panva/node-oidc-provider/commit/ee74dcf9901433b94f49f304a42b5fba333e9d77))
* features.resourceIndicators (RFC 8707) is now a stable feature ([84c3a5c](https://github.com/panva/node-oidc-provider/commit/84c3a5cdb78b8ffda53e2cbebd135bc262b27d4d))
* helper function to decide whether to validate client.sector_identifier_uri ([72058a5](https://github.com/panva/node-oidc-provider/commit/72058a5fb786288975e13043bcbad003c77aabbf))
* JWT Access Tokens are now just issued and not stored anymore ([d1ee6b7](https://github.com/panva/node-oidc-provider/commit/d1ee6b7c27b24aa6b7a0626d69e2e524975e6021))
* JWT Access Tokens can now be encrypted with a symmetric secret shared with the recipient ([0f76c65](https://github.com/panva/node-oidc-provider/commit/0f76c6576c0a38b3e9550b6017fccaa915fe918e))
* JWT Access Tokens can now be encrypted with an asymmetric public key of the recipient ([d2a63b7](https://github.com/panva/node-oidc-provider/commit/d2a63b7aa172f0a684157b915099ac4bb04e3c37))
* JWT Access Tokens can now be HMAC-signed with a symmetric secret shared with the recipient ([5041158](https://github.com/panva/node-oidc-provider/commit/504115880b4f937cc9a53cecf6447cad4aa4f3a5))
* omitting redirect_uri for clients with a single one is now optional ([329c577](https://github.com/panva/node-oidc-provider/commit/329c5778549b5596c62243e6f745d903b27892ec))
* opaque token length can now be influenced ([f35764f](https://github.com/panva/node-oidc-provider/commit/f35764fce43fe0899fdb682672e79acb93a66986)), closes [#760](https://github.com/panva/node-oidc-provider/issues/760)
* PAR no longer requires otherwise enabled `features.requestObjects` ([33f3a83](https://github.com/panva/node-oidc-provider/commit/33f3a8332b454f3d1fa2b3de0512bf8904a7b695))
* PASETO Access Tokens are now just issued and not stored anymore ([4efe741](https://github.com/panva/node-oidc-provider/commit/4efe74103bbf091ff0060977b1aa0c8b4517347f))
* PASETO Access Tokens can now be encrypted with a symmetric secret shared with the recipient using v1.local ([2e78582](https://github.com/panva/node-oidc-provider/commit/2e785825ec53dc4be5e3394ee076b22eca69999a))
* PASETO Access Tokens now support both v1.public and v2.public ([dff2a72](https://github.com/panva/node-oidc-provider/commit/dff2a72fc25ff1fee8d52b1f66d4c1d1bc4a0c9e))
* require Node.js version ^12.19.0 || ^14.15.0 ([2a54e33](https://github.com/panva/node-oidc-provider/commit/2a54e33c4f2b18367924ab53aa6be383503afc87))
* require use of PKCE ([aa2bd51](https://github.com/panva/node-oidc-provider/commit/aa2bd514d4e829d9d14aa284859d0dc67e5463b1))
* sector_identifier_uri can be used without pairwise subject_type ([202e4c5](https://github.com/panva/node-oidc-provider/commit/202e4c54a4ac5c40c2f0c2d388c6b70228191079))
* The key used to asymmetrically sign JWT Access Tokens can now be chosen based on its Key ID. ([8b32707](https://github.com/panva/node-oidc-provider/commit/8b327072405f40ea141218cf20cddb90285fd70a))
* The key used to asymmetrically sign PASETO Access Tokens can now be chosen based on its Key ID. ([efd3dab](https://github.com/panva/node-oidc-provider/commit/efd3dab876e7b71f95cc98e9cc7eb4a909bd81c2))


### Bug Fixes

* check DPoP htm as case-sensitive ([33223ff](https://github.com/panva/node-oidc-provider/commit/33223fffa6588359b4e85f8f6c8e7c339ca34461))
* delay FAPI response type/mode check when request_uri is present ([78916b7](https://github.com/panva/node-oidc-provider/commit/78916b7a4b53eeaab531e11233364f587f379c09))
* ignore clockTolerance when verifying stored PAR objects ([c3c2276](https://github.com/panva/node-oidc-provider/commit/c3c22766650a4b0a48ccfd20248237f421fbf97a))
* only www-urlencoded bodies recognize RFC6750 payload bearer token ([4553bd5](https://github.com/panva/node-oidc-provider/commit/4553bd548f8eab5f8f545c3cb10a3f92acc65b42))
* remap `invalid_redirect_uri` as `invalid_request` in PAR ([ceb3cd1](https://github.com/panva/node-oidc-provider/commit/ceb3cd15d6051479cc6925771189c27dec559d06))
* remove legacy accept header value from request uri requests ([4cc28ef](https://github.com/panva/node-oidc-provider/commit/4cc28efa6f42b67b6206915b85ae811954fedb93))
* **typescript:** Interaction.prototype.session structure ([#924](https://github.com/panva/node-oidc-provider/issues/924)) ([76c36c7](https://github.com/panva/node-oidc-provider/commit/76c36c7ca955c75d95fdccc7569dbd11ef5ac00d))


### Refactor

* `OIDCContext` and `Interaction` property `signed` renamed ([0ed56bd](https://github.com/panva/node-oidc-provider/commit/0ed56bdbc9d5ee556eefee77b02000e3b699a2e3))
* audience arrays with 1 member are changed to a single value ([d156983](https://github.com/panva/node-oidc-provider/commit/d1569839d34ce46fdd7ddaa0a6093deb66228ec7))
* by default disabled JWT Userinfo Responses ([5931a59](https://github.com/panva/node-oidc-provider/commit/5931a59cf9b6a35dcf7538905257a951a5bd3611))
* changed default signing algorithm selection method ([995d2d4](https://github.com/panva/node-oidc-provider/commit/995d2d49552019fcc8de1d299f340061d8a9f623))
* clean up RequestUriCache ([8c0b9c5](https://github.com/panva/node-oidc-provider/commit/8c0b9c509863b1e2d1882575a8c41b0187e2f269))
* configuration `whitelistedJWA` is now `enabledJWA` ([d77fd4f](https://github.com/panva/node-oidc-provider/commit/d77fd4f3213ef46cf0ec6fc88e2a46fc24f8481d))
* default clientBasedCORS helper is now false ([4cf4cc6](https://github.com/panva/node-oidc-provider/commit/4cf4cc6f0191aa8b320c7760ea41d4ea7d90c8cd))
* default enabled JWAs ([d8ebde0](https://github.com/panva/node-oidc-provider/commit/d8ebde053d7c32874c495f37bb3bd29b44ad3369))
* default Interaction TTL increased from 10 minutes to 1 hour ([f6c7b5e](https://github.com/panva/node-oidc-provider/commit/f6c7b5e4738582bfa592941c73eecf8fb8de09b6))
* extraClientMetadata.validator arguments reordered ([ea6dc73](https://github.com/panva/node-oidc-provider/commit/ea6dc7363ff7e08e0d640bb5932feaf1455960f2))
* idToken.issue() now requires the `use` option ([d1d9421](https://github.com/panva/node-oidc-provider/commit/d1d9421c18398785fefc168bc2e9cac07b12cae4))
* introspection response `jti` not returned for opaque tokens ([a333aaa](https://github.com/panva/node-oidc-provider/commit/a333aaa0bd2020f7da4784debc0d3af97e4c4460))
* only allow objects as `claims` configuration parameter ([2ac59b7](https://github.com/panva/node-oidc-provider/commit/2ac59b772f5417694962e4c1c21e4469c456e4e8))
* provider.callback is now a function instead of a getter ([e78e573](https://github.com/panva/node-oidc-provider/commit/e78e573aca6a9e1a1ae8d0b77d69160cda7838e9))
* provider.interactionDetails(req, res) now requires res ([2c3a667](https://github.com/panva/node-oidc-provider/commit/2c3a667de583846470921883918f4c4145bef6c6))
* provider's jwks_uri is now application/jwk-set+json content ([285eb41](https://github.com/panva/node-oidc-provider/commit/285eb4131f16efcd465e3bc2386347b0808192b5))
* remove bundled TypeScript type defintions ([3a6b671](https://github.com/panva/node-oidc-provider/commit/3a6b671ce10530881f8dd6835371e76d67cb0eb3))
* remove deprecated `pkceMethods` configuration property ([65712d0](https://github.com/panva/node-oidc-provider/commit/65712d0887b23aaa832a843d3485accf4895504d))
* remove deprecated `setS256Thumbprint` token instance method ([6afaf31](https://github.com/panva/node-oidc-provider/commit/6afaf3139c3d4c3c0db097cf44efc9bffd7f3782))
* remove few deprecated configuration properties ([1767c8f](https://github.com/panva/node-oidc-provider/commit/1767c8ffc233d63a5fbc6aebdfc95006fab69775))
* remove Provider.prototype.requestUriCache ([e8b411c](https://github.com/panva/node-oidc-provider/commit/e8b411c4b1615a2fabd2ccec1bf9fd8dd158d30c))
* remove the deprecated `OIDCContext.prototype.bearer` method ([52000d5](https://github.com/panva/node-oidc-provider/commit/52000d55a2452a66917d9a567bf0530ac767bb12))
* removed `dynamicScopes` configuration option ([285fc7a](https://github.com/panva/node-oidc-provider/commit/285fc7ab8b49b8b179232b5fa6c50dd47b0f76f2))
* removed a bunch of proxied methods from provider to app ([3fb32e7](https://github.com/panva/node-oidc-provider/commit/3fb32e7eb5d2ec50902ff913d8dae7398808f15a))
* removed oidc.uid, removed a lot of debug ([801d28f](https://github.com/panva/node-oidc-provider/commit/801d28f01e4f391ffbc2a0d22abf01f415e2cabf))
* Removed OpenID Connect Front-Channel Logout ([feecb5e](https://github.com/panva/node-oidc-provider/commit/feecb5eaa1cea3e0a474ab036c328b1f8e150914))
* Removed OpenID Connect Session Management ([224dd38](https://github.com/panva/node-oidc-provider/commit/224dd38fe1d43bf646c017bdfa7eaac3f3ef1518))
* removed provider.setInteractionSession and result meta object ([ac1b0f6](https://github.com/panva/node-oidc-provider/commit/ac1b0f68472d48c6e42502260cb6206e683a6457))
* rename session.account to session.accountId for consistency ([3e81740](https://github.com/panva/node-oidc-provider/commit/3e817405d44bf25725b763f5cb88a9d8d26195c7))
* renamed `extraAccessTokenClaims` helper function ([ce57d6d](https://github.com/panva/node-oidc-provider/commit/ce57d6d38c2803c4f004cdf0be707c6be92b3d43))
* replaced the `jwt` format with `jwt-ietf` as it is stable now ([d61b515](https://github.com/panva/node-oidc-provider/commit/d61b51596501df8df4f740056aa7fa6e94a13149))
* request_object_signing_alg no longer forces request object use ([e7309af](https://github.com/panva/node-oidc-provider/commit/e7309af980e33f9b54104781ee32c3bb7c539e79))
* requestObjects.mergingStrategy "whitelist" was removed ([7b10e9f](https://github.com/panva/node-oidc-provider/commit/7b10e9f519c470d2c36d64c4831a11d98456b1e9))
* require client in structured tokens constructors ([a4e02bd](https://github.com/panva/node-oidc-provider/commit/a4e02bdb5b1a97474a69e0e3bbf4f46adf2dfb7b))
* response_type value `token` is no longer supported ([0c74a1a](https://github.com/panva/node-oidc-provider/commit/0c74a1a2e3594155613b9471174d32a2279803c3))
* updated `got` http request library ([b395a0d](https://github.com/panva/node-oidc-provider/commit/b395a0dce8ca6eac25d197b77eb225d99bcdc324))
* use invalid_redirect_uri over redirect_uri_mismatch error ([2565cce](https://github.com/panva/node-oidc-provider/commit/2565cce57f94daf5df67569b35eefc3f9f48af14))
* use jose@3 instead of jose@2 ([5572e0e](https://github.com/panva/node-oidc-provider/commit/5572e0e193c92cd59b4ac4ee1addef649eb5a0ae))

## [6.31.0](https://github.com/panva/node-oidc-provider/compare/v6.30.1...v6.31.0) (2021-01-19)


### Features

* end_session_endpoint now recognizes client_id and logout_hint ([9dd2b0e](https://github.com/panva/node-oidc-provider/commit/9dd2b0eaff06959f37e786506d5d2b072e917651))


### Bug Fixes

* keep grants that persist if logged out by that grant's client ([26449f5](https://github.com/panva/node-oidc-provider/commit/26449f5d00625a818674596fa8dd3155c069172b)), closes [#857](https://github.com/panva/node-oidc-provider/issues/857)


### Performance

* use native node's base64url encoding when available ([6149bd3](https://github.com/panva/node-oidc-provider/commit/6149bd37f75a2e49453c1ef25e2ec48fb6ba29f5))

## [6.30.1](https://github.com/panva/node-oidc-provider/compare/v6.30.0...v6.30.1) (2021-01-13)


### Bug Fixes

* botched 6.30.0 release with a syntax error ([cd5f02a](https://github.com/panva/node-oidc-provider/commit/cd5f02a555dcead032178db36a31cce67d808577))

## [6.30.0](https://github.com/panva/node-oidc-provider/compare/v6.29.11...v6.30.0) (2021-01-13)


### Features

* Authorization Server Issuer Identifier in Authorization Response ([3f67ee9](https://github.com/panva/node-oidc-provider/commit/3f67ee90bdebbf62caa8afa84fc4dc0ddaef2dba))
* update JARM feature draft version to Implementer's Draft 01 ([0a021de](https://github.com/panva/node-oidc-provider/commit/0a021de697c67969a2a0ec030500a53ed185d42e))

## [6.29.11](https://github.com/panva/node-oidc-provider/compare/v6.29.10...v6.29.11) (2021-01-12)


### Bug Fixes

* missing login prompt details ([c7b0036](https://github.com/panva/node-oidc-provider/commit/c7b00368d43d4c6c36e32f7e39cbc743e5fae501)), closes [#853](https://github.com/panva/node-oidc-provider/issues/853)

## [6.29.10](https://github.com/panva/node-oidc-provider/compare/v6.29.9...v6.29.10) (2021-01-04)


### Bug Fixes

* html safe guard the action attribute in form post responses ([7cd6025](https://github.com/panva/node-oidc-provider/commit/7cd6025c0e9e66bac2288600ea0870d2e044663d))

## [6.29.9](https://github.com/panva/node-oidc-provider/compare/v6.29.8...v6.29.9) (2020-12-10)


### Bug Fixes

* **typescript:** interaction result may be undefined ([#833](https://github.com/panva/node-oidc-provider/issues/833)) ([44aa53e](https://github.com/panva/node-oidc-provider/commit/44aa53eb0630560eba563d13372b14424daf7f22))
* unrecognized EC curves and OKP subtypes are ignored ([660f46d](https://github.com/panva/node-oidc-provider/commit/660f46d25f5d5fe8e0df0ce0cfdb3a8d8708a3ef))

## [6.29.8](https://github.com/panva/node-oidc-provider/compare/v6.29.7...v6.29.8) (2020-11-30)


### Bug Fixes

* ignore client metadata valued `undefined` when applying defualts ([d0ee50a](https://github.com/panva/node-oidc-provider/commit/d0ee50a23271d1d6655b6552e2fa92e1d049904c)), closes [#824](https://github.com/panva/node-oidc-provider/issues/824)

## [6.29.7](https://github.com/panva/node-oidc-provider/compare/v6.29.6...v6.29.7) (2020-11-10)


### Bug Fixes

* client keystore refresh keeps the derived octet keys in store ([024841e](https://github.com/panva/node-oidc-provider/commit/024841e82ddb5b4ffdd2c66504381f02c6219de8)), closes [#816](https://github.com/panva/node-oidc-provider/issues/816)

## [6.29.6](https://github.com/panva/node-oidc-provider/compare/v6.29.5...v6.29.6) (2020-11-08)


### Bug Fixes

* ensure decrypted request object is accessed in PAR responses ([09751d7](https://github.com/panva/node-oidc-provider/commit/09751d75c770ab0b3a9032239abd4ca7b7cba7cf)), closes [#813](https://github.com/panva/node-oidc-provider/issues/813)

## [6.29.5](https://github.com/panva/node-oidc-provider/compare/v6.29.4...v6.29.5) (2020-10-03)


### Bug Fixes

* loopback redirectUriAllowed protocol check ([#794](https://github.com/panva/node-oidc-provider/issues/794)) ([da99330](https://github.com/panva/node-oidc-provider/commit/da993300c2237e794f012b679c483d42c1d9e423))

## [6.29.4](https://github.com/panva/node-oidc-provider/compare/v6.29.3...v6.29.4) (2020-09-19)


### Bug Fixes

* **typescript:** findAccount may return undefined ([#786](https://github.com/panva/node-oidc-provider/issues/786)) ([6689cdb](https://github.com/panva/node-oidc-provider/commit/6689cdb7edeb6e66f70446fb3e7c1266debc631e))
* updated request object mime-type as per draft-ietf-oauth-jwsreq-30 ([f15524a](https://github.com/panva/node-oidc-provider/commit/f15524a049722d2b3c5eb95c31ff0950e930bf29))

## [6.29.3](https://github.com/panva/node-oidc-provider/compare/v6.29.2...v6.29.3) (2020-08-25)


### Bug Fixes

* **typescript:** allows adapter factory in typings ([#776](https://github.com/panva/node-oidc-provider/issues/776)) ([3cfcd77](https://github.com/panva/node-oidc-provider/commit/3cfcd778cb3a9bdecac0ad51dec062daa187e6b0))

## [6.29.2](https://github.com/panva/node-oidc-provider/compare/v6.29.1...v6.29.2) (2020-08-20)


### Bug Fixes

* **typescript:** extend AdapterPayload from AnyClientMetadata ([6631a2d](https://github.com/panva/node-oidc-provider/commit/6631a2d6e43b30ad90a1f2c1e4bdff1fe3686715)), closes [#774](https://github.com/panva/node-oidc-provider/issues/774)

## [6.29.1](https://github.com/panva/node-oidc-provider/compare/v6.29.0...v6.29.1) (2020-08-13)


### Bug Fixes

* **typescript:** add missing rpInitiatedLogout types ([59c389b](https://github.com/panva/node-oidc-provider/commit/59c389b6e78cd4e9968d575dbaf5824edc8a1464))

## [6.29.0](https://github.com/panva/node-oidc-provider/compare/v6.28.0...v6.29.0) (2020-08-12)


### Features

* allow RP-Initiated Logout 1.0 feature to be disabled ([a2ef044](https://github.com/panva/node-oidc-provider/commit/a2ef0449fd5102f3b09218189744be592818859b))
* update backchannelLogout feature draft version ([9a9dd7e](https://github.com/panva/node-oidc-provider/commit/9a9dd7e754cf509f2ae8cb82193ce79627e5ec4a))
* update frontchannelLogout feature draft version ([d54cc8f](https://github.com/panva/node-oidc-provider/commit/d54cc8f8caf145aaa3959f1b3b7eb202e4072976))
* update sessionManagement feature draft version ([aa62927](https://github.com/panva/node-oidc-provider/commit/aa62927ebe8d3832d3dd63de95bddd2590ea6d6f))

## [6.28.0](https://github.com/panva/node-oidc-provider/compare/v6.27.5...v6.28.0) (2020-07-14)


### Bug Fixes

* ensure client is still valid after custom metadata processing ([fded7c6](https://github.com/panva/node-oidc-provider/commit/fded7c674199668321f08af15be4f0a01092d4c1))


### Features

* incorporate behaviours and metadata from jwsreq-25 ([cb12761](https://github.com/panva/node-oidc-provider/commit/cb12761bf15b877d3bf878eea7f1fbd267a020ea))
* update PAR implementation to ietf draft 02 ([fd2ccee](https://github.com/panva/node-oidc-provider/commit/fd2ccee437572e01c1afb60b58d5386b93d5e992))



## [6.27.5](https://github.com/panva/node-oidc-provider/compare/v6.27.4...v6.27.5) (2020-07-06)



## [6.27.4](https://github.com/panva/node-oidc-provider/compare/v6.27.3...v6.27.4) (2020-06-30)



## [6.27.3](https://github.com/panva/node-oidc-provider/compare/v6.27.2...v6.27.3) (2020-06-19)


### Bug Fixes

* re-allow transfer-encoding chunked ([f88447b](https://github.com/panva/node-oidc-provider/commit/f88447bf989a208d7e0490dbe3226c534259c442)), closes [#739](https://github.com/panva/node-oidc-provider/issues/739)



## [6.27.2](https://github.com/panva/node-oidc-provider/compare/v6.27.1...v6.27.2) (2020-06-16)


### Bug Fixes

* remove unintended client_id from post_logout_redirect_uri callbacks ([57d07cd](https://github.com/panva/node-oidc-provider/commit/57d07cd14a6d18681ee0953c28f4ebe7fda3681c))



## [6.27.1](https://github.com/panva/node-oidc-provider/compare/v6.27.0...v6.27.1) (2020-06-15)


### Bug Fixes

* correct jwtIntrospection draft ack version ([#735](https://github.com/panva/node-oidc-provider/issues/735)) ([62b97d4](https://github.com/panva/node-oidc-provider/commit/62b97d4e6a47cbbbe2d9216a31988a6d442689bf))
* **typescript:** static IdToken.validate ([#733](https://github.com/panva/node-oidc-provider/issues/733)) ([a0d997e](https://github.com/panva/node-oidc-provider/commit/a0d997e9a8653cddaa95ae31b0bea6bdaa1e0267))



## [6.27.0](https://github.com/panva/node-oidc-provider/compare/v6.26.1...v6.27.0) (2020-06-01)


### Bug Fixes

* allow any JSON numeric value for timestamp values for DPoP JWTs ([0700fde](https://github.com/panva/node-oidc-provider/commit/0700fde4e9fb6b4b0a718fb323d1e3d955a1be43))


### Features

* secp256k1 EC curve and ES256K JWS alg feature flag removed ([f74f6bd](https://github.com/panva/node-oidc-provider/commit/f74f6bdf3eea8b6e97c735b697e49779a70b4d1c))


### BREAKING CHANGES

* secp256k1 and ES256K have been registered in IANA a few
days ago so the flag is not needed anymore.

Note: Updates to draft specification versions are released as MINOR
library versions, if you utilize these specification implementations
consider using the tilde `~` operator in your package.json since
breaking changes may be introduced as part of these version updates.
Alternatively, [acknowledge](/docs/README.md#features) the version and
be notified of breaking changes as part of your CI.



## [6.26.1](https://github.com/panva/node-oidc-provider/compare/v6.26.0...v6.26.1) (2020-05-18)


### Bug Fixes

* **typescript:** claims/scopes as Set in rejected/prompted functions ([#719](https://github.com/panva/node-oidc-provider/issues/719)) ([950c21d](https://github.com/panva/node-oidc-provider/commit/950c21d909b84c9de915ed30cff4d6f1f7cc95f7))
* **typescript:** undefined return for DefaultPolicy.get and Checks.get ([b61e9d8](https://github.com/panva/node-oidc-provider/commit/b61e9d886c3f5655374f2e70323fa272b5242adb))



## [6.26.0](https://github.com/panva/node-oidc-provider/compare/v6.25.0...v6.26.0) (2020-05-12)


### Bug Fixes

* A192CBC-HS384 and A256CBC-HS512 direct encryption key derivation ([ead23a7](https://github.com/panva/node-oidc-provider/commit/ead23a76ea3539618c62ecd8974d55e5c76ebcda))


### Features

* helper to define PKCE use requirement ([0c2e208](https://github.com/panva/node-oidc-provider/commit/0c2e208f928dbe7960ccfcc6516b1730a2ff83c0))



## [6.25.0](https://github.com/panva/node-oidc-provider/compare/v6.24.0...v6.25.0) (2020-05-05)


### Bug Fixes

* **typescript:** fix metaFor "value" argument type ([0b31b69](https://github.com/panva/node-oidc-provider/commit/0b31b690baa6a93e2c308990d5a11edcca4e2cd3)), closes [#711](https://github.com/panva/node-oidc-provider/issues/711)


### Features

* update DPoP implementation to ietf draft 01 ([330d13c](https://github.com/panva/node-oidc-provider/commit/330d13cfe2eee22d1745909e90cab738e71e8f5d))


### BREAKING CHANGES

* DPoP implementation updated to
[draft-ietf-oauth-dpop-01](https://tools.ietf.org/html/draft-ietf-oauth-dpop-01)

Note: Updates to draft specification versions are released as MINOR
library versions, if you utilize these specification implementations
consider using the tilde `~` operator in your package.json since
breaking changes may be introduced as part of these version updates.
Alternatively, [acknowledge](/docs/README.md#features) the version and
be notified of breaking changes as part of your CI.



## [6.24.0](https://github.com/panva/node-oidc-provider/compare/v6.23.5...v6.24.0) (2020-04-27)


### Bug Fixes

* **typescript:** added types of prompt.checks in interaction policy ([3b97bde](https://github.com/panva/node-oidc-provider/commit/3b97bdef30e287893ba28c9893b9638efde9eb59))


### Features

* **typescript:** export the DefaultPolicy interface ([b36190b](https://github.com/panva/node-oidc-provider/commit/b36190b9f3e93634d42dfd7fd7ab6ba212465231)), closes [#707](https://github.com/panva/node-oidc-provider/issues/707)
* add server-wide policy configuration on accepting tokens in query ([90b400a](https://github.com/panva/node-oidc-provider/commit/90b400a2ee8954b8e965752df97b19ddeb60