v2.4.5

Fixes

• DPoP: clockSkew in ProtectedResourceRequestOptions is a unique Symbol (1708f21)

Documentation

• expose clock skew and tolerance documentation (2d90c49)

v2.4.4

Fixes

• handle Response objects with empty string url in processDpopNonce (f2c9415)

v2.4.3

Revert "fix: encode client_secret_basic - _ . ! ~ * ' ( ) characters"

This reverts commit f926175, even though it is the correct implementation some of the most widely used identity providers don't follow the specification.

v2.4.2

Documentation

• add distribution links to README.md (29bb947)

Fixes

• encode client_secret_basic - _ . ! ~ * ' ( ) characters (f926175)

v2.4.1

Refactor

• create Request instances before passing them to fetch (02ab110)
• types: mark always lowercased values and keys as Lowercase (89e7a77)

Documentation

• categorize APIs in docs/README.md (c28efda)
• expose Indexed Access Types (54c4393)
• update EdDSA description (9765e7a)

v2.4.0

Features

• add the cause property to errors where possible (07c95f7)

Refactor

• use AlgorithmIdentifier instead of Algorithm where possible (e2ae2f3)

Fixes

• base64url decode errors are OperationProcessingError (7f4a878)

v2.3.0

Features

• allow Record<string, string> and string[][] as parameter arguments (021b85f)

v2.2.4

Refactor

• brand URLSearchParams instead of extending URLSearchParams (8e62c8a)

v2.2.3

This release was merely to test release automation. NPM releases now include provenance statements.

v2.2.2

Refactor

• types: enforce flat interfaces (c958d61)