Releases: AzureAD/passport-azure-ad
Passport-Azure-AD now uses ADAL-Node (plus logging fixes and cleanup)
Use of ADAL-Node instead of OAuth2 library from another source.
Fixes #42 Will not allow passing of another logger beyond bunyan. Others may contribute this
Details:
- The logging now defaults to an ERROR level logging to stderr no matter what
- The logging now defaults to WARN level logging for everything else, but this can be overridden by a setting passed in to the Strategy if desired
- This is only for ODIC and Bearer as WS-Fed and SAML are out of support (but anyone is welcome to add it in, should be minimal)
####Fixed issue #76 regarding types not matching in Tests
Details:
- Fixed the lint issues with the library.
- Changed the proto deprecation in Error methods such as
InternalOpenIDError.prototype = Object.create(Error.prototype);
instead of the controversial (and Lint complaining)InternalOpenIDError.prototype.__proto__ = Error.prototype;
from previous dev. This should also make execution faster. - Removed all
TODOs:
andNOTEs:
Fixes #78 Lint now passes
Details:
- Fixed bugs in the waterfall() for
odicstrategy.js
which was causing issues when loading profiles. This adds back support for B2C and v2 flows (id_token only flows, essentially) - This officially resolves issue #78
Fixes #74 - state is now passed.
Fixes #73 - we now pass Req to callback if specified
Details:
- In addition, I now have a simplified return of (profile, done) as per the convention of Passport libs. (see
oidcstrategy.js
) - In addition, fixed issue with samples so that server validates issue by default in v1 and v2 flows.
B2C Support and caching
- Support for B2C in v2 of our API.
B2C Support - when it launches you can easily use policies in your node.js application! Just check out /examples/login-oidc-b2c for details.
You just specify the tenantName: and then add some routes. - This meant a complete rework of how the Strategy works. It's now waterfalls in to waterfalls (beautiful, if you think about it) which loads items based on need. Much better way of doing it that I wanted to get to for some time.
- Biggest feature: speed improvement: I've implemented caching of the metadata with a
cache-manager
.
This increases speed amazingly.
I needed to do this because now we load metadata at clicktime and not at server launch, so this was required. - I set the cache expiry to 30 mintues for now, we'll see how that goes. May expose it out in config if users want.
- The key I use is the policy that is passed to the Strategy, or use 'standard' for v1 and v2 flows (if there is no
Previous release (1.2.0):
- Support for v1 and v2 API endpoints.
Massive update that fixes a lot that was wrong with the original OpenID Connect Implementation.
Lots of new settings given to you that you can pass in. Look at the client_config_v1.js example to see these. In detail:
You can now specify if user profile should be loaded. (HINT: You shouldn't - as we don't have a user profile lookup.) Default is to skip which you should for AzureAD and MSA. #51
Turns out that my OpenID Connect implementation only have OAuth2 query support, and passed code and tokens through such. This is against spec, against nature, and now fixed. #50
Both the id_token code and id_token flows now support POST and will do the right thing no matter if using v1 or v2. Fragment still not supported. #49
I've exposed this as a config setting you can pass: responseType:. The default is id_token code to match the rest of ADAL.
Login only id_token is now supported *through POST only.
OAuth flows code and OAuth + OpenID Connect id_token code support query or POST response modes.
In addition, I've exposed this as a config setting you can pass: responseMode:. The default is form_post
In support of this, I've updated the app.js in /example to work no matter if using id_token, or id_token code for either v1 or v2.
Added nonce that is actually a nonce (utils.uid(16))
passport OIDC strategy now respects the metadata that is passed to it, so any PPE and Prod metadata endpoints, both v1 and v2, will work.
Support for v1 and v2 APIs. Many fixes
- Support for v1 or v2 of our API. You just change the knobs and the metadata endpoint!
- Massive update that fixes a lot that was wrong with the original OpenID Connect Implementation.
- Lots of new settings given to you that you can pass in. Look at the client_config_v1.js example to see these. In detail:
- You can now specify if user profile should be loaded. (HINT: You shouldn't - as we don't have a user profile lookup.) Default is to skip which you should for AzureAD and MSA. #51
- Turns out that my OpenID Connect implementation only have OAuth2 query support, and passed code and tokens through such. This is against spec, against nature, and now fixed. #50
- Both the id_token code and id_token flows now support POST and will do the right thing no matter if using v1 or v2. Fragment still not supported. #49
- I've exposed this as a config setting you can pass:
responseType:
. The default isid_token code
to match the rest of ADAL. - *Login only
id_token
is now supported through POST only. - OAuth flows
code
and OAuth + OpenID Connectid_token code
support query or POST response modes. - In addition, I've exposed this as a config setting you can pass:
responseMode:
. The default isform_post
- I've exposed this as a config setting you can pass:
- Both the id_token code and id_token flows now support POST and will do the right thing no matter if using v1 or v2. Fragment still not supported. #49
- In support of this, I've updated the app.js in /example to work no matter if using
id_token
, orid_token code
for either v1 or v2. - Added nonce that is actually a nonce (
utils.uid(16)
)
- passport OIDC strategy now respects the metadata that is passed to it, so any PPE and Prod metadata endpoints, both v1 and v2, will work.