A JavaScript API for working with OAuth 2 and OpenID Connect, providing helpers for common authentication and authorization flows. It is useful for integrating with authorization servers, including metadata discovery, authorization code flow, refresh tokens, device authorization, CIBA, client credentials, and features like introspection, revocation, and pushed authorization requests.
Project status
- Actively maintained, with recent repository activity (last upstream push on 2026-05-28) and tagged updates continuing into 2026 (v6.8.4 on 2026-04-27).
- Apparent update cadence: small maintenance releases in relatively quick succession (v6.8.3 on 2026-04-13, v6.8.4 on 2026-04-27), with earlier updates spaced further apart (v6.8.2 on 2026-02-07).
AI summary generated Today
Recent updates
v6.8.4
1 month agov6.8.4 focuses on correctness fixes around generic grant handling, JWE decryption key selection, and abort-signal propagation during device and backchannel grant polling. The release notes enumerate four specific fixes, and the code diff shows corresponding internal refactors plus targeted tests for them.
v6.8.3
1 month agov6.8.3 is a small maintenance release focused on documentation and a passport integration fix. The release notes mention a documented workaround for `redirect_uri` edge cases and a passport callback change to remove one-time state after use.
v6.8.2
3 months agoRelease v6.8.2 primarily addresses a fetch-related issue involving streaming request bodies. The visible code diff also shows multiple TypeScript and documentation formatting-only adjustments, plus CI and dependency updates that are not mentioned in the release notes.