Skip to content
Merged
Show file tree
Hide file tree
Changes from 26 commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
6302c75
migration: openid-client and jose migration
aks96 Feb 9, 2026
fd04c9e
migration guide
aks96 Feb 9, 2026
27963f2
version fix and migration update
aks96 Feb 9, 2026
4e95839
CI fix
aks96 Feb 9, 2026
9c63bd8
CI fix
aks96 Feb 9, 2026
3d99deb
Migration guide
aks96 Feb 9, 2026
56b8799
addressed comments
aks96 Apr 7, 2026
796d59f
Merge branch 'master' into migration/openid-clientv6
aks96 Apr 7, 2026
51ad64c
fix failed actions
aks96 Apr 7, 2026
f1db455
fix failed actions
aks96 Apr 7, 2026
119567f
Merge remote-tracking branch 'origin/master' into migration/openid-cl…
aks96 Apr 17, 2026
22a7bcb
comments addressed
aks96 Apr 17, 2026
bfe775e
fixed edge cases
aks96 Apr 27, 2026
a4f79e0
construct callbackUrl explicitly from SDK's configured redirectUri to…
cschetan77 May 3, 2026
0318dea
Add debug if headers were already sent and session cookie could not b…
cschetan77 May 3, 2026
c6711e1
Removing support for httpAgent SDK config and providing customFetch f…
cschetan77 May 4, 2026
621dcc9
remove on-headers stale dep
cschetan77 May 4, 2026
40cae2f
Hoist RemoteJWKSet instance creation to module scope and cache it on …
cschetan77 May 4, 2026
331a8e3
enable client respects clientAssertionSigningAlg configuration test s…
cschetan77 May 4, 2026
dea71ff
Update client respects httpTimeout configuration test suite
cschetan77 May 4, 2026
6c7a7a5
Sync package lock
cschetan77 May 4, 2026
20a2a01
Account for mounted app scenarios
cschetan77 May 5, 2026
5221f75
clientAssertionSigningAlg now required for any app using PEM, Buffer,…
cschetan77 May 5, 2026
6d16d7a
Update breaking changes in V3_MIGRATION_GUIDE
cschetan77 May 5, 2026
628954a
update node ver in README and put a note for allow insecure requests
cschetan77 May 6, 2026
be90b7d
update clientAssertionSigningKey breaking change section in migration…
cschetan77 May 7, 2026
0236ae7
fix: capture sorted response types before issuer compatibility check
cschetan77 May 12, 2026
63855bc
fix: clientAssertionSigningAlg in type def file to match with joi schema
cschetan77 May 12, 2026
12b3350
fix: remove redundant normalization from TokenSet class
cschetan77 May 12, 2026
6159f01
fix: remove futoin-hkdf dep and it's usage, since node >=20 is guaren…
cschetan77 May 12, 2026
f1cf167
fix: fix: track discovery cache expiry per config instead of globally
cschetan77 May 12, 2026
4205d24
fix: handle IPv6 address while extracting port from reverse proxy's f…
cschetan77 May 12, 2026
a354554
gh workflow unit: add 20.x, 22.x and 24.x to test matrix
cschetan77 May 12, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/actions/build/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ inputs:
node:
description: The Node version to use
required: false
default: 18
default: 24

runs:
using: composite
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
rl-scanner:
uses: ./.github/workflows/rl-secure.yml
with:
node-version: 18 ## depends if build requires node else we can remove this.
node-version: 24 ## depends if build requires node else we can remove this.
artifact-name: 'express-openid-connect.tgz' ## Will change respective to Repository
secrets:
RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
Expand All @@ -32,7 +32,7 @@ jobs:
uses: ./.github/workflows/npm-release.yml
needs: rl-scanner ## this is important as this will not let release job to run until rl-scanner is done
with:
node-version: 22
node-version: 24
require-build: false
secrets:
github-token: ${{ secrets.GITHUB_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ concurrency:
cancel-in-progress: ${{ github.ref != 'refs/heads/master' }}

env:
NODE_VERSION: 18
NODE_VERSION: 22
CACHE_KEY: '${{ github.ref }}-${{ github.run_id }}-${{ github.run_attempt }}'

jobs:
Expand Down
24 changes: 24 additions & 0 deletions EXAMPLES.md
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@
10. [Use a custom session store](#10-use-a-custom-session-store)
11. [Back-Channel Logout](#11-back-channel-logout)
12. [Custom Token Exchange](#12-custom-token-exchange)
13. [Use a proxy for OIDC requests](#13-use-a-proxy-for-oidc-requests)

## 1. Basic setup

Expand Down Expand Up @@ -408,3 +409,26 @@ const { downstreamToken } = await req.oidc.customTokenExchange({
},
});
```

## 13. Use a proxy for OIDC requests

If you need to route all OIDC HTTP requests (discovery, token, userinfo, etc.) through a proxy, use the `customFetch` option with `undici`'s `ProxyAgent`:

```js
const express = require('express');
const { auth } = require('express-openid-connect');
const { ProxyAgent, fetch: undiciFetch } = require('undici');

const app = express();

const dispatcher = new ProxyAgent('http://proxy.example.com:8080');

app.use(
auth({
customFetch: (url, options) => undiciFetch(url, { ...options, dispatcher }),
// ... other options
}),
);
```

The SDK wraps your `customFetch` function to add required headers (User-Agent, Auth0-Client telemetry) before making requests.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@

This library supports the following tooling versions:

- Node.js `^10.19.0 || >=12.0.0`
- Node.js `^20.19.0 || ^22.12.0 || >= 23.0.0`

## Install

Expand Down
Loading
Loading