- 9dc2517: Fix removing cookies for specific paths and domains
- 1f632f3: Add cookienames option to CookieTokenSource constructor
- c28e91c: Delete refreshToken if invalid
- b528dd5: Delete RefreshToken when a token is invalid (but not expired)
- 438e344: Throw TokenInvalidError for invalid tokens
-
58ded5e: Check for values modified in deserializeAccessToken
When you only set a value in a service, the token did not get updated in the gateway. This was because the valueModified was only set after a token change, not just a value change. This changes improves the check to fix that.
- 280da10: Improve cookie security settings by using __Host- where needed
- 3df5163: Don't use a async call for getSubject
- 1d2b7b3: Make the serialization of tokens more robust
- c2020cd: Add ability to set a jwt subject
- 645d0e3: Added support for setting values on token
- cfde937: Fix issues when running with bun by converting KeyObject to uint8
- ad77b2a: Delete the access token cookie when the token is invalid
- 6248b79: Implement cookie domain options
- a7b27c2: Only add host prefix for strict same site
- 752d421: remove unused IIFE and CJS dist files
- eee2cd1: Use a generic for the FederatedGraphQLDataSource context
- eee2cd1: Fix peerDependencies range
- 910eced: Move to full ESM
- c9c16b9: Move dependencies to peer depdenencies
- 9dca6a8: Export PublicFederatedTokenContext type
- e604a1b: Fix exporting the KeyManager class
- 66b663e: Refactor the key handling by introducing a KeyManager object to handle one or multiple keys.
- 374194a: Refactor handling of public tokens
- ede342e: Only return refresh tokens if modified
- 5c1c1d9: Properly load the refresh token in the gateway if set
- c7f1159: Fix release by including dist files