v2.3.1

• fixed devInteractions reported with the same grant uuid

v2.3.0

• added s_hash support for ID Tokens returned by authorization endpoint
• added Request Object symmetrical encryption support
• fixed PBES2 encryption to use client_secret derived symmetrical key instead of its full octet value
• fixed claims parameter handling when part of a Request object as an object
• removed bugged? and/or previously not working A(128|192|256)GCMKW symmetrical encryption algs

v2.2.1

• fixed encrypted parameters incorrectly assumed as signed (request object asymmetrical encryption)

v2.2.0

• added a clientCacheDuration option (defaults to Infinity), this option defines the time a client
  configuration loaded from an adapter will be kept in cache before being loaded again with the next
  request
• removed valid-url dependency in favor of STDLIB's WHATWG url.URL

v2.1.0

• added a third parameter for findById helper, when findById is used in relation to an access
  token or an authorization code the token instance will be passed
• added ctx.oidc.signed with an array of parameter names which were received using a signed or
  encrypted request/Uri parameter.
• signed array of strings is available in the short lived session for interactions
• added basic sequelize adapter example
• fixed a bug where extraParams weren't recognized when part of a request or request_uri parameters
• fixed a bug where client credential and refresh token adapter instances were used even if these
  grants/tokens weren't enabled
• fixed a bug which allowed for non-enabled scopes to be added in client_credential grants

v2.0.1

• fixed infinite interactionCheck loop for application_type=native clients

v2.0.0

Breaking Changes

• oidc-provider now requires node v8.0.0 or higher for ES2015, async function and utils.promisify support
• internal koa (and related) dependencies updated to their respective 'next' or koa2 middleware
  compatible versions
• adapter must now be passed into #initialize()
• helper functions which returned or accepted generators will no longer work, use async functions
• helper functions no longer have koa ctx bound to this, instead their signature is changed
• interactionUrl helper signature changed to (ctx, interaction) and is now awaited
• renderError helper signature changed to (ctx, error) and is now awaited
• uniqueness helper signature changed to (ctx, jti, expiresAt)
• interactionCheck helper signature changed to (ctx)
• default interactionCheck helper requires all native application client authorizations to pass
  through interactions
• findById helper signature changed to (ctx, accountId)
• postLogoutRedirectUri configuration option is now a helper function and is awaited to
• default acrValues configuration option is now empty, if you used the old values ['0', '1', '2'],
  you must configure the value explicitly
• ctx.prompted renamed to more descriptive ctx.promptPending
• default refreshTokenRotation changed from 'none' to 'rotateAndConsume'
• pkce.skipClientAuth removed, native clients not willing to submit secrets should be registered
  with method none
• features.requestUri enabled by default with requireRequestUriRegistration
• features.oauthNativeApps enabled by default
• features.oauthNativeApps automatically enables features.pkce with { forcedForNative: true }
• interaction details no longer utilize cookies to store the details and request parameters,
  short lived sessions are created and maintained via the adapter instead
• Integrity keystore is no longer used, random strings are used to generate a lengthy token,
  a none signed JWT is used to store the metadata, keeping the datasets the same as 1.x
• interaction helper provider#interactionDetails now returns a Promise, it reads the short lived
  session id and loads the details using your adapter
• interaction helper provider.interactionFinished now returns a Promise, it reads the short lived
  session id and stores the interaction results there
• default token TTLs shortened
• Request Object iss (issuer) and aud (audience) values are now being validated to be equal to
  Client's identifier (iss) and the OP Issuer identifier (aud) when present in a Request Object

New features

• static function named connect can now be present on an Adapter prototype, this will be awaited
  during initialization, use to establish the necessary adapter connections
• introspection and revocation endpoint authentication now has dedicated settings and properties,
  unless specific settings for those are provided they default to what's provided for token_endpoint
  equivalents, this allows for fine-tuning while not disrupting existing behavior
• new client metadata supported:
  • introspection_endpoint_auth_method
  • introspection_endpoint_auth_signing_alg
  • revocation_endpoint_auth_method
  • revocation_endpoint_auth_signing_alg
• new configuration properties:
  • introspectionEndpointAuthMethods
  • introspectionEndpointAuthSigningAlgValues
  • unsupported.introspectionEndpointAuthSigningAlgValues
  • revocationEndpointAuthMethods
  • revocationEndpointAuthSigningAlgValues
  • unsupported.revocationEndpointAuthSigningAlgValues
• new discovery properties:
  • introspection_endpoint_auth_methods_supported
  • introspection_endpoint_auth_signing_alg_values_supported
  • revocation_endpoint_auth_methods_supported
  • revocation_endpoint_auth_signing_alg_values_supported