Releases: caputomarcos/node-red-contrib-oauth2
6.2.1
Release Notes
Add Force Token Refresh Option to OAuth2 Configuration #92
Merged by caputomarcos on May 25, 2024
This release introduces a new feature to the OAuth2 configuration that allows users to force a token refresh. This can be particularly useful when there are changes in scopes or permissions, or when authentication issues are encountered.
Changes include:
- UI Update: Added a new checkbox in the OAuth2 HTML configuration for the 'Force Token Refresh' option.
- Locale Update: Updated the OAuth2 JSON locale files to include descriptions and labels for the new 'force' option.
- JavaScript Update: Modified the OAuth2 JavaScript to handle the 'force' configuration, ensuring that a new access token is generated when this option is enabled, regardless of the current token's validity.
- Response Handling: Improved the handling of the OAuth2 response and headers in the message object.
- Refactor: Refactored the
shouldBypassProxy
function for clarity. - HTML Response: Streamlined the success page HTML response for the OAuth2 callback endpoint.
The new 'force' option is now available in the node configuration UI, and users can enable it to ensure that a fresh access token is always used.
Implements the Loading of Credentials from Node-RED's Credential Store #91
Merged by caputomarcos on May 25, 2024
This commit introduces enhancements to improve the efficiency of the OAuth2 module by reducing unnecessary token requests and leveraging Node-RED's built-in credential management features.
Changes include:
- Credential Loading: Implements the loading of credentials from Node-RED's credential store upon node initialization.
- Token Validation: Adds a check in the
onInput
function to determine if an access token is already stored and valid. If so, it uses the stored token instead of requesting a new one. - Credential Storage: Stores the new access token and its expiry time in the Node-RED credential store after a successful token acquisition.
Add Authorization Endpoint to OAuth2 Module #90
Merged by caputomarcos on May 25, 2024
Changes include:
- Authorization Endpoint: Include the
authorization_endpoint
in the OAuth2 configuration. - Response Update: Update the
oauth2Response
object to includeaccess_token_url
andauthorization_endpoint
. - Code Clarity: Comment out the old assignment of
msg.oauth2Response
for clarity.
Previous Release Highlights
Refactor ESLint Configuration and Improve OAuth2 Node Functionality
- ESLint Updates:
- Included Prettier plugin and adjusted rules for consistent code style.
- Added browser and mocha environments.
- OAuth2 Enhancements:
- Removed unused crypto and circular reference replacer from
oauth2.js
. - Simplified axios POST request logic and added proxy support.
- Included response headers in the message payload for better context.
- Adjusted tests to reflect changes in
oauth2.js
and reduced timeout for faster execution. - Added new test cases for handling different grant types, network failures, custom headers, multiple scopes, and proxy settings.
- Removed unused crypto and circular reference replacer from
Update Dependencies and Refactor OAuth2 Node
- Improvements:
- Updated
oauth2.js
to handle additional edge cases and improve error handling. - Refactored
logger.js
for better readability and consistency. - Added new test cases in
oauth2_spec.js
to cover more scenarios and ensure robustness. - Removed unused dependencies and cleaned up
package.json
andyarn.lock
files. - Adjusted
package.json
scripts to include a new coverage script for test coverage reporting.
- Updated
Refactor oauth2.json and oauth2.html for Clarity and Add Debug Mode
- Configuration Enhancements:
- Added tips for debug mode, client credentials, and rejectUnauthorized in
oauth2.json
. - Updated labels in
oauth2.html
to be more concise. - Introduced a debug mode checkbox with corresponding help information.
- Added tips for debug mode, client credentials, and rejectUnauthorized in
- Logging Improvements:
- Removed
logger.js
and integrated logging directly intooauth2.js
. - Toggled debug mode via node configuration.
- Included more descriptive logging messages to aid in debugging.
- Removed
Add Refresh Token Support and Refactor OAuth2 Node Options
- Refresh Token Flow:
- Added a
refresh_token
field inoauth2.html
. - Updated
oauth2.js
to handle the new refresh token flow. - Refactored the
generateOptions
function inoauth2.js
for better readability and maintainability. - Enhanced localization file
oauth2.json
to include the new refresh token field.
- Added a
Update Dependencies and Adjust Code for Compatibility
- Dependency Updates:
- Updated
axios
,eslint
, andprettier
to their latest versions. - Adjusted eslint configuration to accommodate updated
eslint-plugin-n
andeslint-plugin-jsdoc
. - Modified
Logger.prototype.objectDump
method to handle invalid objects more gracefully.
- Updated
Remove Unused 'should' Require in oauth2-generate-options Tests
- Test Cleanup: Removed the unnecessary require statement for the 'should' library in
oauth2-generate-options_spec.js
.
Improve Error Handling and Remove Unused URL Import in oauth2.js
- Error Handling Improvements:
- Removed unused URL import.
- Added
URLSearchParams
import for handling form data. - Wrapped credentials retrieval in a try-catch block to handle potential errors.
- Adjusted response status codes: 404 for missing credentials, 500 for server errors, and 400 for missing credentials in token exchange endpoint.
- Updated success HTML response to use proper indentation and formatting.
v6.0.0
Release Notes for Version 6.0.0
Release Date: May 21, 2024
New Features and Enhancements:
-
Enhanced OAuth2 Node:
- Implemented support for the OAuth2 implicit flow, allowing client applications (typically SPAs) to obtain access tokens directly.
- Added new configuration fields:
access_type
,response_type
, andprompt
. These fields enhance flexibility in OAuth2 configurations, accommodating a wider range of authentication scenarios. - Improved input handling and proxy configuration within the OAuth2Node class for more reliable network request handling during the OAuth2 process.
-
Configuration Updates:
- Updated
.eslintrc.yml
to exclude console logs in test files, ensuring cleaner and more readable test outputs. - Bumped the package version in
package.json
to 6.0.0 to reflect significant updates and improvements. - Updated dependencies to include
mocha
for enhanced testing capabilities and additional dev dependencies for improved development workflows.
- Updated
-
Locales and UI Enhancements:
- Added support for new fields in
locales/en-US/oauth2.json
to enable comprehensive configuration options. - Updated the OAuth2 HTML file (
oauth2.html
) to include input fields foraccess_type
,response_type
, andprompt
, allowing users to configure these parameters through the Node-RED UI.
- Added support for new fields in
-
Testing and Documentation:
- Added extensive tests for the new fields and implicit flow to ensure robustness and functionality.
- Updated documentation to reflect new features, providing detailed examples of using the implicit flow and configuring the additional fields.
Bug Fixes:
- Issue #79:
- Resolved an issue with Google API authentication where users received an HTTP 200 response with an HTML sign-in page payload instead of the expected OAuth2 token.
- Properly handled the redirect to the Google sign-in page, including the additional confirmation screen, ensuring seamless user authentication.
Upgrade Notes:
- Breaking Changes:
- Users upgrading from previous versions should update their configurations to utilize the new fields and implicit flow support.
- Review the updated documentation for detailed guidance on configuring the OAuth2 node with the new enhancements.
For detailed information on the changes, please refer to the pull request and the updated documentation.
Contributors:
We appreciate the community's feedback and contributions. Thank you for helping us improve the node-red-contrib-oauth2
project!
What's Changed
- Hot fix/proxy by @caputomarcos in #67
- fix UI by @caputomarcos in #68
- Feature / Resource parameter for OAuth2 in Azure AD environment by @tglynx in #73
- Bump axios from 1.4.0 to 1.6.0 by @dependabot in #81
- Bump @babel/traverse from 7.21.5 to 7.23.2 by @dependabot in #80
- Update OAuth2 property names to camelCase by @caputomarcos in #85
- Bump follow-redirects from 1.15.2 to 1.15.6 by @caputomarcos in #86
- Feature/implicit flow support by @caputomarcos in #87
New Contributors
- @tglynx made their first contribution in #73
- @dependabot made their first contribution in #81
Full Changelog: 5.0.2...v6.0.0
5.0.2
bumped to version 5.0.2
5.0.1
bumped to version 5.0.1
5.0.0
bumped to version 5.0.0
v4.1.8
4.1.8
4.1.6
bumped to version 4.1.6
4.1.5
What's Changed
- 44 err depth zero self signed cert by @caputomarcos in #50
Full Changelog: 4.1.4...4.1.5
4.1.1
bumped to version 4.1.1
4.0.1: Merge pull request #31 from serotonie/master
unclutter the logs