Skip to content

Releases: HarperFast/oauth

v1.2.1

11 Feb 01:39
@heskew heskew
v1.2.1
742b72f
This commit was signed with the committer’s verified signature.
heskew Nathan Heskew
GPG key ID: 5C2EE0E7714610EA
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.2.1 Latest
Latest
  • Fix: Disambiguated session OAuth fields — added providerConfigId and providerType alongside existing provider to clarify config key vs provider type (#26)
  • Fix: Provider errors (e.g. GitHub 500 HTML pages) no longer leak raw response bodies to the browser — callback redirects with ?error=auth_failed&reason=token_exchange instead
  • Security: Open redirect prevention on all callback redirect paths (error and success) via sanitizeRedirect()
  • Security: Error reason codes in redirect URLs use safe constants instead of raw error messages
  • Fix: Response bodies drained in error paths to prevent undici socket/connection pool leaks
  • Fix: Error redirect URLs correctly place query params before hash fragments via buildErrorRedirect() helper
  • Fix: JSON parse failures in token exchange/refresh fall back gracefully to status code instead of crashing
Assets 2
Loading

v1.2.0

06 Feb 19:50
@heskew heskew
v1.2.0
996da05
This commit was signed with the committer’s verified signature.
heskew Nathan Heskew
GPG key ID: 5C2EE0E7714610EA
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.2.0

Changed npm org, from @harperdb to @harperfast

Loading