v5.7.0

Features

• add FAPI 2.0 support (55b8a33)

Fixes

• include DPoP Proof "htm" in requestResource if GET is defaulted to (23f7b49)

v5.6.5

Refactor

• avoid use of prototype attributes in keystore queries (#660) (47a549c)

v5.6.4

Revert "fix: encode client_secret_basic - _ . ! ~ * ' ( ) characters"

This reverts commit 5a2ea80, even though it is the correct implementation some of the most widely used identity providers don't follow the specification.

v5.6.3

Fixes

• encode client_secret_basic - _ . ! ~ * ' ( ) characters (5a2ea80)

v5.6.2

Refactor

• issuer discovery (#637) (c228877)

Fixes

• add explicit Accept-Encoding header to http requests (abcb564), closes #648

v5.6.1

Fixes

• consistent space encoding in authorizationUrl (#627) (ad68223), closes #626

v5.6.0

Features

• experimental Bun support (a9d3a87), closes #622 #623

v5.5.0

Features

• DPoP: remove experimental warning, DPoP is now RFC9449 (133a022)

v5.4.3

Fixes

• handle empty client_secret with basic and post client auth (#610) (402c711), closes #609

v5.4.2

Fixes

• bump oidc-token-hash (20607e9)