Skip to content

Latest commit

 

History

History
62 lines (51 loc) · 3.19 KB

migration.md

File metadata and controls

62 lines (51 loc) · 3.19 KB

oidc-client v1.11.5 → oidc-client-ts v2.0.0

Ported library from JavaScript to TypeScript. The API is largely backwards-compatible. The support for the deprecated implicit flow has been removed.

  • the following properties are now required: authority, client_id, redirect_uri
  • the following properties were renamed:
    • clockSkewclockSkewInSeconds
    • staleStateAgestaleStateAgeInSeconds
  • default of loadUserInfo changed from truefalse
  • removed ResponseValidatorCtor and MetadataServiceCtor
    • if necessary OidcClient / UserManager classes may be extended to alter their behavior
  • restricted response_type to code flow only. As per OAuth 2.1: PKCE is required for all OAuth clients using the authorization code flow
    • as in oidc-client 1.x, OAuth 2.0 hybrid flows are not supported
  • the property signingKeys is unused, unless the MetaDataService with this feature is used outside of this library.
  • the following properties were renamed:
    • accessTokenExpiringNotificationTimeaccessTokenExpiringNotificationTimeInSeconds
    • silentRequestTimeout (milliseconds) → silentRequestTimeoutInSeconds
    • checkSessionInterval (milliseconds) → checkSessionIntervalInSeconds
    • revokeAccessTokenOnSignoutrevokeTokensOnSignout
  • the following properties have new default values:
    • automaticSilentRenew changed from falsetrue
    • validateSubOnSilentRenew changed from falsetrue
    • includeIdTokenInSilentRenew changed from truefalse
    • monitorSession changed from truefalse
  • type of popupWindowFeatures changed from a string to a dictionary
    • additionally, its default dimensions are now responsive to the opener window's
  • a new property revokeTokenTypes: ('access_token' | 'refresh_token')[] was added
    • by default, UserManager will attempt revoking both token types when revokeTokensOnSignout is true. Compared to 1.x, sign out will now fail if revocations fail.
  • The shorthand for keeping the popup open after the callback with signoutPopupCallback(true) is no longer supported. Instead use signoutPopupCallback(undefined, true) or preferably, signoutPopupCallback(location.href, true).
  • renamed revokeAccessToken()revokeTokens(types?)
    • Compared to 1.x, this function will now throw if any revocation of the types specified fail. Uses the revokeTokenTypes setting when no types are passed.
  • The getter/setters for Log.level and Log.logger have been replaced by Log.setLevel() and Log.setLogger().
  • The getter for User.expired now returns true when expires_at is set to 0. This was false in the previous version.