v2.14.0

• added current account id from OP session to interaction sessions
• added provider.setSessionAccountId(req, id, [ts]) helper for setting OP session from other contexts, such as interrupted interactions or password reset flows.

v2.13.1

• clientCacheDuration no longer has any effect on static clients passed through the #provider.initialize() call

v2.13.0

• #provider.Client.cacheClear([id]) can now optionally drop just one specific client from provider cache when provided its client_id

v2.12.0

• findById returned struct's #claims() method will is now called with two parameters (use and scope) allowing to fine-tune the returned claims depending on the intended place for these claims.

v2.11.2

• aligned oidc-provider:token DEBUG format
• exposed client validation schema prototype under provider.Client.Schema

v2.11.1

• fixed a bug where non global logouts would not trigger back and front-channel logout features for the one client that gets logged out
• added missing backchannel.success and backchannel.error events

v2.11.0

• added optional support for draft02 of Front-Channel Logout 1.0
  • enable with configuration features.frontchannelLogout = true;
  • adds new client properties frontchannel_logout_uri and frontchannel_logout_session_required
  • adds new discovery properties frontchannel_logout_supported and frontchannel_logout_session_supported
  • added frontchannelLogoutPendingSource helper for customizing the pending frontchannel web page HTML source
• added no-cache headers to userinfo responses

v2.10.0

• added audiences helper function to allow for pushing additional audiences to issued ID Tokens, this will additionally push an azp claim with the client_id value as per Core 1.0 spec defined ID Token validations.

v2.9.2

• added used http verb to error debug messages
• added a descriptive "method not allowed" error message

v2.9.1

• fixed useRequest to be a static method as documented