v8.4.6

Documentation

• adds events and debugging recipe (#1246) (0bf7696)
• fix client_secret_basic special characters encoding example (73baae1)
• re-run update docs (99cc84a)

Refactor

• avoid iteration resource iteration in client_credentials (e306640)
• avoid use of prototype attributes in object-hash (270af1d)
• use logical or assignment (8f55588)

Fixes

• ensure each individual resource indicator is a valid URI (d9e1ad2)

v8.4.5

Refactor

• use doc argument in web_message js code (da3198b)

Fixes

• add missing opening html tags (23997c5)
• DPoP: mark defaulted dpop_jkt parameter as trusted (ee633f3)

v8.4.4

Refactor

• test decoded basic auth tokens for their VSCHAR pattern (3f86cc0)

Fixes

• DPoP,PAR,JAR: validate DPoP before invalidating JAR during PAR (ca0f999)

v8.4.3

This release contains only code refactoring, dependency, or documentation updates.

v8.4.2

Fixes

• reject client JSON Web Key Set null value (#1237) (cce6d43)

v8.4.1

This release contains only code refactoring, dependency, or documentation updates.

v8.4.0

Features

• DPoP: remove experimental flag, DPoP is now RFC9449 (89d133e)

v8.3.2

Fixes

• assign extraTokenClaims return to the model (e296dc7)

v8.3.1

Fixes

• DPoP: compare htu scheme and hostname case independent (b72d668)

v8.3.0

Features

• allow specifying the user-agent header for outgoing requests (95f24ef)