v3.0.0

• Dropped support for Node 14 and 16.
• Full conversion to ESM.
• Support for the OpenID Connect id_token. If a server returns it, we expose it as idToken. This is a JWT and would require parsing by a JWT library to get access to its information. (@drev74, @redguardtoo).
• #171: client_id and client_secret are now percent-encoded with the most strict rules as specified by RFC 6749. We weren't doing any percent/urlencoding before. This is a a BC break if your secret used special characters, and the server you're talking is not compliant with the OAuth2 spec itself (@p2004a, @panva).
• Migrated the test suite from Mocha and Chai to node:test and node:assert (@Zen-cronic).
• Package now uses 'erasableSyntaxOnly' flag with Typescript, so it can be used with node --experimental-strip-types.

v2.4.2

• #161: Re-use old refresh_token if no new one was issued after a refresh.

v2.4.1

• #151: Add 'Accept' header on token requests to fix a Github compatibility issue.
• #151: Throw error when we get an invalid reply from a token endpoint.

v2.4.0

• More robust error handling. When an error is emitted, you now give you access to the emitted HTTP Response and response body.
• Support for response_mode=fragment in the authorization_code flow.

v2.3.0

• Fix for #128: If there's no secret, we should never use Basic auth to encode the client_id.
• Support for the resource parameter from RFC 8707.
• Add support for scope parameter to refresh().
• Support for RFC 7009, Token Revocation. (@adambom)

v2.2.4

• Added extraParams option to getAuthorizeUri, allowing users to add non-standard arguments to the authorization URI for servers that require this. (@pks1989)

v2.2.3

• Moved the tokenResponseToOAuth2Token function inside the OAuth2Client class, allowing users to override the parsing logic more easily.

v2.2.2

• #111 Some documentation fixes.
• #110: Fix race condition with getStoredToken and calling fetch() immediately after constructing FetchWrapper.

v2.2.1

• #15: Fix for TypeError: Failed to execute 'fetch' on 'Window': Illegal invocation at t.OAuth2Client.request.

v2.2.0

• Add an option to override which "fetch" implementation is used. (@bradjones1)