v2.2.4 (2023-10-26)
Security
- Bump crypto-js from 4.1.1 to 4.2.0 #176 (dependabot[bot])
v2.2.3 (2023-02-06)
Changed
- [SDK-3693] Readme Redesign #159 (stevehobbsdev)
Security
- Bump jsonwebtoken from 8.5.1 to 9.0.0 #165 (dependabot[bot])
v2.2.2 (2021-10-15)
Fixed
- Fix types for overloaded verify method #145 (stevehobbsdev)
v2.2.1 (2021-08-24)
Security
- Depdency updates #138 (stevehobbsdev)
v2.2.0 (2021-06-18)
Added
- Added TypeScript typings #122 (ItalyPaleAle)
v2.1.2 (2021-05-26)
Security
- Pin crypto-js to 3.3.0 #131 (stevehobbsdev)
v2.1.1 (2021-05-25)
Fixed
- Fixed: exception when key not found in JWKS #121 (ItalyPaleAle)
- Remove inconsistencies in verify method's callback invocations #120 (ItalyPaleAle)
Security
- Fix vulnerability with crypto-js 3.3.0 and run audit fix #128 (frederikprijck)
- [Security] Bump y18n from 4.0.0 to 4.0.1 #119 (dependabot-preview[bot])
v2.1.0 (2020-09-11)
Changed
- Asynchronous JWKS cache #107 (ItalyPaleAle)
- Migrate to NPM package lock over Yarn, and update dependencies #114 (stevehobbsdev)
Security
- Bump bl from 3.0.0 to 3.0.1 #111 (dependabot[bot])
- Bump codecov from 3.6.5 to 3.7.1 #109 (dependabot-preview[bot])
- Bump lodash from 4.17.15 to 4.17.19 #108 (dependabot[bot])
- Bump handlebars from 4.5.3 to 4.7.6 #106 (dependabot-preview[bot])
v2.0.3 (2020-04-23)
Fixed
- Fixed bug with keys not first in keybag #101 (ItalyPaleAle)
v2.0.2 (2020-02-20)
Security
- [Snyk] Security upgrade crypto-js from 3.1.9-1 to 3.2.1 #98 (crew-security)
v2.0.1 (2020-01-10)
Removed
- [SDK-1266] Removed iat future value check #95 (stevehobbsdev)
v2.0.0 (2019-12-06)
This new major version introduces more validation checks on ID tokens for OIDC conformance and as such could introduce a breaking change if you are already validating tokens that are not OIDC conformant.
In addition, methods that were marked as deprecated in v1.5.0 have now been removed. From here, always use the verify method to validate ID tokens.
Changed
- Added build step into the versioning process (to be done before release) #93 (stevehobbsdev)
- Updated dependencies #92 (stevehobbsdev)
Removed
- Removed deprecated methods + tests #90 (stevehobbsdev)
Security
- [SDK-974] Improved OIDC compliance #89 (stevehobbsdev)
- Bump tough-cookie from 2.3.2 to 2.3.4 #88 (dependabot[bot])
- Bump stringstream from 0.0.5 to 0.0.6 #87 (dependabot[bot])
- Bump extend from 3.0.1 to 3.0.2 #86 (dependabot[bot])
- Bump sshpk from 1.13.0 to 1.16.1 #85 (dependabot[bot])
- Bump lodash.merge from 4.6.1 to 4.6.2 #84 (dependabot[bot])
v1.5.1 (2019-12-06)
Re-release to correct build directory error
v1.5.0 (2019-12-05)
Added
- [SDK-1166] Replaced promise-polyfill with es6-promise, applied globally #78 (stevehobbsdev)
v1.4.1 (2019-07-09)
Fixed
v1.4.0 (2019-06-18)
Fixed
v1.3.0 (2019-06-05)
Changed
v1.2.0 (2018-03-21)
Added
- Add option to set the endpoint to fetch the jwks.json file #19 (luisrudge)
- Adding access_token validation method
validateAccessToken#17 (luisrudge)
v1.1.2 (2018-03-01)
Fixed
-
Fixing issue with IdTokenVerifier.getRsaVerifier #14 (dfung)
-
Use base64-js methods instead of browser globals atob and btoa #15 (maxbeatty)
v1.1.1 (2018-01-15)
Changed
v1.1.0 (2017-06-15)
Changed
- Replace iat check with nbf check. #7 (nicosabena)
v1.0.2 (2017-05-08)
Fixed
v1.0.1 (2017-05-08)
Fixed
v1.0.0 (2016-12-30)
A lightweight library to decode and verify RS JWT meant for the browser.
var IdTokenVerifier = require('idtoken-verifier');
var verifier = new IdTokenVerifier({
issuer: 'https://my.auth0.com/',
audience: 'gYSNlU4YC4V1YPdqq8zPQcup6rJw1Mbt'
});
verifier.verify(id_token, nonce, function(error, payload) {
...
});
var decoded = verifier.decode(id_token);