20.0.2

• tested with Angular v20
• update Angular and 3rd party dependencies to ng v20 by @L-X-T
• fix DOCUMENT import (v20) in quickstart-standalone demo app

19.0.0

• tested with Angular v19
• update Angular and 3rd party dependencies to lastest ng v19 by @L-X-T
• inlcuding v19 migration of "standalone" flag in component decorator

18.0.0

• tested with Angular v18
• update mainly done thanx to @oaklandcorp-jkaiser
• update 3rd party dependencies to lastest ng v18 by @L-X-T

17.0.2

• chore: Update jsrsasign due to CVE-2024-21484 Marvin attack of RSA and RSAOAEP decryption #1393

15.0.0

• Tested with Angular 14 and Angular 15
• Standalone API for working with Standalone Components: provideOAuthClient() (see readme)
• Tested with Standalone Components
• Fixes: #1258, #1254, #1251, #1250, #1238, #1210, #1199, #1188, #1138, #1135

Big thanks to all contributors!!

12.1

• Fix #1120

12.0.0

12.0.0

Bug Fixes

• #728 (51e438a), closes /github.com/manfredsteyer/angular-oauth2-oidc/issues/728#issuecomment-808969225
• clear location.hash only if it is present (c2b2753), closes #970
• correctly handle ? and & in location replacements (70fd826)
• Disable nonce validation for id token for e2e tests (f5bd96c)
• fix scope/state removal for implicit flow with hash (9e257d0)
• in code flow pass options to error handler (c9a2c55), closes #972
• jwks: update jsrsasign dependency to 10.2.0 (a05bd8a), closes #1061
• multiplying calls to token endpoint in code flow (59f65d2)
• Refresh tokens with a plus sign get corrupted before sending to token endpoint (2204c5a)
• revoketokenandlogout: 'customParameters' should accept boolean (9761bad)
• While Using POPUP mode, we click on login button multiple time it opens multiple popup instead of focusing already opened (bbff95b)

Features

• introduce DateTimeProvider (0c0a4a7)
• logout: postLogoutRedirectUri should not default to redirectUri (ff7d1d9)
• support JWT response on userinfo endpoint (da16494)
• Custom grant type added (#919)
• Listen for storage to receive auth hash from popup (#935)
• Add event for unchanged session (#936)
• Add loginHint to codeFlow (#938)
• Add a windowRef option to initLoginFlowInPopup to prevent the window from beeing blocked by popup blockers (#965)
• Use configured revocationEndpoint by default (#1020)

Thanks to all the contributors: Miguel Serra, Manuel Rauber, Frank Rosner, Everson R R Moura, meysam gheysaryan, Nikolay, Patrick Westerhoff, Jonathan Yee, Flofie, Dirk Bolte, Sebastian Abshoff, Paweł Dymiński, Bala Charan Nihanth Mutluru, Torkill Strømmen, codeepic, sven-codeculture, Mohamed AbdelAal, Chaz Gatian, Réda Housni Alaoui, huy2nhan, Lin Jie, Taras Krasnytsia, Josselin Francois Downey, BobCui, Mike, Jeroen Heijmans, coyoteecd

Special Thanks to the one and only Jeroen Heijmans for moderating the forum/ issues.

10.0.0

• Tested with Angular 10
• Details: see changelog.md

9.2.0

Features

• revoketokenandlogout: explicit way to revoke an access token according to RFC 7009 (c799ead)

• token-revocation: also revoke refresh_token (429ed2c)

Bug Fixes

• sample: make sense of the guard (1cae011)

Big tanks to Jeroen Heijmans, SESA469345, Varada-Schneider, and Manfred Steyer

9.1.0

Features

• automatic silent refresh: stopAutomaticRefresh stops all timers. (8ab853b)
• code-flow: allow using silent refresh by setting useSilentRefresh to true (93902a5)
• sample: Also use new Identity Server 4 for implicit flow demo to prevent issues with same site cookies (58c6354)
• session checks: Session checks work now for code flow too. Please see docs for details. (4bf8901)

Bug Fixes

• code flow: Fixed code flow for IE 11 (0f03d39)
• sample: use hash-based routing (3f44eca)
• session state: save session_state also when using code flow (8fa99ff)
• state: passing an url with a querystring as the state, e. g. url?x=1 (71b705c)
• #687 (e2599e0)
• missing HttpModule dependency (7eac8ae)
• run tokensetup outside ngzone (07bb62d)
• typo (3d331f2)

Pull Requests

• Update sample app and silent-refresh.html script #755, linjie997
• Add optional state parameter for logout, pmccloghrylaing
• fix customHashFragment usage in tryLoginCodeFlow, roblabat
• replace document with injectionToken #741, d-moos
• Support predefined custom parameters extraction from the TokenResponse, vdveer
• Fixed not working silent refresh when using 'code' #735, ErazerBrecht

Thanks

Big Thanks to all contributers: Brecht Carlier, Daniel Moos, Jie Lin, Manfred Steyer, Phil McCloghry-Laing, robin labat, vdveer

Also, big thanks to jeroenheijmans for doing an awesome job with moderating and analyzing the issues!