overleaf
diff --git a/‎.gitignore
Lines changed: 4 additions & 1 deletion b/‎.gitignore
Lines changed: 4 additions & 1 deletion
diff --git a/‎CHANGELOG.md
Lines changed: 240 additions & 61 deletions b/‎CHANGELOG.md
Lines changed: 240 additions & 61 deletions
diff --git a/‎README.md
Lines changed: 7 additions & 16 deletions b/‎README.md
Lines changed: 7 additions & 16 deletions
@@ -5,4 +5,7 @@ node_modules/
 yarn-error.log
 .DS_Store 
 .eslintcache
-.dir-locals.el
+.dir-locals.el
+
+## Local VS code settings and debug profiles
+.vscode
@@ -127,7 +127,7 @@ type Profile = {
 - `additionalAuthorizeParams`: dictionary of additional query params to add to 'authorize' requests
 - `identifierFormat`: optional name identifier format to request from identity provider (default: `urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress`)
 - `wantAssertionsSigned`: if truthy, add `WantAssertionsSigned="true"` to the metadata, to specify that the IdP should always sign the assertions.
-- `acceptedClockSkewMs`: Time in milliseconds of skew that is acceptable between client and server when checking `OnBefore` and `NotOnOrAfter` assertion condition validity timestamps. Setting to `-1` will disable checking these conditions entirely. Default is `0`.
+- `acceptedClockSkewMs`: Time in milliseconds of skew that is acceptable between client and server when checking `NotBefore` and `NotOnOrAfter` assertion condition validity timestamps. Setting to `-1` will disable checking these conditions entirely. Default is `0`.
 - `maxAssertionAgeMs`: Amount of time after which the framework should consider an assertion expired. If the limit imposed by this variable is stricter than the limit imposed by `NotOnOrAfter`, this limit will be used when determining if an assertion is expired.
 - `attributeConsumingServiceIndex`: optional `AttributeConsumingServiceIndex` attribute to add to AuthnRequest to instruct the IDP which attribute set to attach to the response ([link](http://blog.aniljohn.com/2014/01/data-minimization-front-channel-saml-attribute-requests.html))
 - `disableRequestedAuthnContext`: if truthy, do not request a specific authentication context. This is [known to help when authenticating against Active Directory](https://github.com/node-saml/passport-saml/issues/226) (AD FS) servers.
@@ -359,28 +359,19 @@ To support this scenario you can provide an implementation for a cache provider
 
 ```javascript
 {
-    save: function(key, value, callback) {
-      // save the key with the optional value, invokes the callback with the value saves
+    saveAsync: async function(key, value) {
+      // saves the key with the optional value, returns the saved value
     },
-    get: function(key, callback) {
-      // invokes 'callback' and passes the value if found, null otherwise
+    getAsync: async function(key) {
+      // returns the value if found, null otherwise
     },
-    remove: function(key, callback) {
-      // removes the key from the cache, invokes `callback` with the
+    removeAsync: async function(key) {
+      // removes the key from the cache, returns the
       // key removed, null if no key is removed
     }
 }
 ```
 
-The `callback` argument is a function in the style of normal Node callbacks:
-
-```
-function callback(err, result)
-{
-
-}
-```
-
 Provide an instance of an object which has these functions passed to the `cacheProvider` config option when using Passport-SAML.
 
 ## SLO (single logout)