release 1.7.1
Note that opts.secret
and opts.redirect_uri_path
are now deprecated and will be removed in a next release; a warning is issued in the log now.
Bugfixes
- don't select one of the jwt token auth methods if the required key material is not present; see #238
- fixed a bad error return value in certain setups of
bearer_jwt_verify
; see #234; thanks @JoshTheGoldfish - make sure opts.discovery is resolved when
iss
is returned as part of the authorization response; see #224 ; thanks @mijohansen
Features
- added support for the
client_secret_jwt
authentication method; see #229 - added support for the
private_key_jwt
authentication method; see #217; thanks @pamiel
Other
- remove strict
iss
check in Discovery metadata document; see #219 (may help Azure AD setups)