v1.4.4

Security

• bump axios to latest version #176 (frederikprijck)

v1.4.3

Fixed

• Add missing commas so that "use strict" works #161 (jimrandomh)

v1.4.2

Fixed
Upgrade axios from 0.21.4 to 0.22.0 #149 (snyk-bot)

v1.4.1

Changed
Replace request with axios #144 (frederikprijck)

v1.3.3

Full Changelog

Closed issues

• Having a session is now required#107

Fixed

• Allow sessionless authentication #120 (davidpatrick)

Security

• Fixed dependency vulnerability in Mocha #121 (davidpatrick)

v1.3.2

Full Changelog

Closed issues

• 1.2.1 -> 1.3.1 upgrade causes "Cannot read property 'scope' of undefined" #107
• TypeError: Cannot read property 'authParams' of undefined #106
• Cannot read property 'split' of undefined in Profile.js with GSuite login #105

Fixed

• Remove ID token iat value check #109 (joshcanhelp)
• Fix missing ID causing cannot read error #109 (joshcanhelp)
• Guard against undefined parameter access #108 (pihvi)

v1.3.1

Full Changelog

Closed issues

• the userProfile does not have 'provider' field correctly populated. #102
• Social login breaks when account name contains utf-8 characters. #100
• Strategy does not work on Restify #96

Fixed

• Parses provider from user_id if identities is not provided. #103 (kertof)
• Fix decoding jwt when encoded payload contains utf8 characters #101 (abelptvts)

v1.3.0

Full Changelog

Added

• Improved OIDC compliance #97 (davidpatrick)

Security

• Update lodash package to address security vulnerabilities #94 (https://github.com/is2ei)
• Update request package to address security vulnerabilities with dependency cryptiles #98 (davidpatrick)

v1.2.1

Full Changelog

Closed issues

• Strategy constructor mutates options argument #91
• Infinite redirect loop, "Invalid authorization request state." #89
• could I use cookie-session instead of express-session? #87

Fixed

• Fix strategy constructor to not mutate options argument #92 (naptowncode)

v1.2.0

Full Changelog

Closed issues

• Not obvious how to style lock on redirect #74
• Auth0 state parameter not always passed through #73
• Allow for different grant types #72
• Use native Object.assign instead of xtend #67
• state parameter default to true #65
• Custom Claims? #64
• Auth0Strategy vs OAuth2Strategy #61
• logout problems #59
• What is the point of this line? #56
• Custom User Store vs Auth0 Database #54
• Setting a proxy #50
• Document how to access the "state" parameter #40
• Incompatible with Lock for Web's responseMode option #39
• Return to same page after login? #38
• refreshToken is always null #36
• JWT Token #30
• Specify JWT scope #29
• Rule Errors do not propagate #28

Added

• Add telemetry #85 (joshcanhelp)
• Add information on ID token scopes to README #83 (joshcanhelp)
• Add support for acr_values #78 (federicobarera)
• Add support for connection_scope option #75 (GertSallaerts)

Changed

• Replace xtend with Object.assign #84 (joshcanhelp)

Security

• Update mocha package to address security vulnerabilities #82 (dan-auth0)
• [Snyk] Fix for 5 vulnerable dependencies #77 (snyk-bot)