v2.5.1

• fixed already authorized application_type=native prompt=none authorizations to be able to check
  if the authorization is still present
• bumped session management jsSHA cdn dependency version

v2.5.0

• added an option to return metadata alongside with interaction results, this metadata is then
  retrievable i.e. during the interactionCheck call. #164, #165
• added an option to return error instead of the standard interaction results, the provider
  will take this error (and error_description when provided) and resolve the authorization request
  with it. #167, #168
• fixed Token#find() swallowing adapter#find errors
• fixed introspection swallowing rethrown adapter#find errors

v2.4.1

• fixed token upsert expiration to respect token's instance expiration

v2.4.0

• added BaseToken public API, this API enables advanced users in search of features such as JWT-formatted
  Bearer tokens or not being able to reconstruct client token values from a DB backup to overload
  these methods and get those features.
• fixed keystore initialize method to allow for servers only supporting authorization flow not needing
  RS256 signature key
• fixed token introspection disclosing details for expired but found tokens
• fixed exception during token introspection auth none clients looking up non-existing tokens

v2.3.2

• fixed interactionFinished, interactionDetails and Session#find expecting an id retrieved
  from a cookie. When not found will throw.

v2.3.1

• fixed devInteractions reported with the same grant uuid

v2.3.0

• added s_hash support for ID Tokens returned by authorization endpoint
• added Request Object symmetrical encryption support
• fixed PBES2 encryption to use client_secret derived symmetrical key instead of its full octet value
• fixed claims parameter handling when part of a Request object as an object
• removed bugged? and/or previously not working A(128|192|256)GCMKW symmetrical encryption algs

v2.2.1

• fixed encrypted parameters incorrectly assumed as signed (request object asymmetrical encryption)

v2.2.0

• added a clientCacheDuration option (defaults to Infinity), this option defines the time a client
  configuration loaded from an adapter will be kept in cache before being loaded again with the next
  request
• removed valid-url dependency in favor of STDLIB's WHATWG url.URL

v2.1.0

• added a third parameter for findById helper, when findById is used in relation to an access
  token or an authorization code the token instance will be passed
• added ctx.oidc.signed with an array of parameter names which were received using a signed or
  encrypted request/Uri parameter.
• signed array of strings is available in the short lived session for interactions
• added basic sequelize adapter example
• fixed a bug where extraParams weren't recognized when part of a request or request_uri parameters
• fixed a bug where client credential and refresh token adapter instances were used even if these
  grants/tokens weren't enabled
• fixed a bug which allowed for non-enabled scopes to be added in client_credential grants