npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

@connectid-tools/rp-nodejs-sdk

v4.2.1

Published

Digital Identity Relying Party Node SDK

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

connectid-toolsconnectid-tools

Keywords

SDKDigitalIdentity

Readme

Relying Party Node.JS SDK

The rp-nodejs-sdk provides an SDK to allows Relying Parties easily integrate with the Digital Identity ecosystem.

Getting Started

A minimum of Node JS version 20.x is recommended. Download here.

Install the package in your nodejs project using:

npm install @connectid-tools/rp-nodejs-sdk

Update your package.json to use module:

{
  .
  .
  .
  "type": "module"
}

You can then import and instantiate an instance of the rp-nodejs-sdk using:

import { config } from './config.js'
import RelyingPartyClientSdk from './relying-party-client-sdk'

const rpClient = new RelyingPartyClientSdk(config)

The above code assumes that you have a config file called config.js in your project folder that contains the configuration required for the sdk, eg: the location of the certificate files, the client details, the callback urls, etc. The configuration attributes are described below.

Using Typescript

To use Node SDK with Typescript you need to make the following changes in your tsconfig.json:

  • Set "target: "es2016" or higher
  • Have "module": "ES2015" or higher
  • Have "moduleResolution": "Bundler"

Sample tsconfig:

{
  "compilerOptions": {
    "target": "es2016",
    "module": "ES2015",
    "moduleResolution": "Bundler",
    "strictNullChecks": true,
    "outDir": "dist/"
  },
  "include": ["**/*.ts"]
}

Setting up SDK config options

RelyingPartyClientSdkConfig has some fixed values, specially inside client object, to be able to set the config options for the SDK some type gymnastics will be needed as shown below (see as const):

// index.ts
import RelyingPartyClientSdk from '@connectid-tools/rp-nodejs-sdk'
import { config } from './config'

const relyingPartyClientSdk = new RelyingPartyClientSdk(config)
// config.ts
export const config = {
  data: {
  .
  .
  .
  log_level: 'info' as const,
  .
  .
  .
  client: {
      .
      .
      .
      application_type: 'web' as const,
      grant_types: ['client_credentials', 'authorization_code', 'implicit'] as  ['client_credentials', 'authorization_code', 'implicit'],
      id_token_signed_response_alg: 'PS256' as const,
      post_logout_redirect_uris: [] as [],
      require_auth_time: false as const,
      response_types: ['code id_token', 'code'] as ['code id_token', 'code'],
      subject_type: 'public' as const,
      token_endpoint_auth_method: 'private_key_jwt' as const,
      token_endpoint_auth_signing_alg: 'PS256' as const,
      introspection_endpoint_auth_method: 'private_key_jwt' as const,
      revocation_endpoint_auth_method: 'private_key_jwt' as const,
      request_object_signing_alg: 'PS256' as const,
      require_signed_request_object: true as const,
      require_pushed_authorization_requests: true as const,
      authorization_signed_response_alg: 'PS256' as const,
      tls_client_certificate_bound_access_tokens: true as const,
      backchannel_user_code_parameter: false as const,
      scope: 'openid' as const,
      software_roles: ['RP-CORE'] as ['RP-CORE'],
    },

rp-nodejs-sdk Configuration

The following properties can be configured for the sdk. Users of the sdk will need to generate their own transport and signing certificates to use with the sdk as per the Relying Party User Guide.

The configuration must be passed into the RelyingPartyClient when it is created. A reference file with the required the configuration properties is available from: https://github.com/connectid-tools/rp-nodejs-sdk/blob/main/src/config.ts. The simplest way to pass in the configuration is shown below (assumes the config.js file is in the project directory):

const config = require('./config')
const RelyingPartyClientSdk = require('@connectid-tools/rp-nodejs-sdk')
const rpClient = new RelyingPartyClientSdk(config)

| Property | Description | Example value | | ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | | ca_pem | The collection of trusted root certificates that can be used for certification validation. May be an absolute or relative path. | './conf/ca.pem' | | ca_pem_content | The collection of trusted root certificates content (string) that can be used for certification validation. Overrides ca_pem. | '-----BEGIN CERTIFICATE----- MIIFnTCCBIWgAwIBAgIUKl2OAbHVc1r9isRs6WIExS/1BLgwDQYJKoZIhvcNAQEL...' | | signing_kid | The id for the signing key in the JWKS. This can be found in the registry via Software Statements -> Client Details -> Certificates | 'Xf1Pf-GXyhryOY5wwg0ddL5yzUicIcQrOIxja0yHhpg' | | signing_key | The path to the signing key used when signing requests. May be an absolute or relative path. signing_key or signing_key_content must be used to provide the signing key. | './conf/signing.key' | | signing_key_content | The signing key content (string) used when signing requests. If supplied, will override the key data supplied via signing_key. | '-----BEGIN PRIVATE KEY----- MIIFnTCCBIWgAwIBAgIUKl2OAbHVc1r9isRs6WIExS/1BLgwDQYJKoZIhvcNAQEL...' | | registry_participants_uri | The URI for the registry endpoint that provides the participant list | https://data.directory.sandbox.connectid.com.au/participants | | signing_pem | The path to the signing certificate used when signing requests. May be an absolute or relative path. | './conf/signing.pem' | | transport_key | The path to the transport key used for mutual TLS. May be an absolute or relative path. transport_key or transport_key_content must be used to provide the transport key. | './conf/transport.key' | | transport_key_content | The transport key content (string) used for mutual TLS. If supplied, will override the key data supplied via transport_key. | '-----BEGIN PRIVATE KEY----- MIIFnTCCBIWgAwIBAgIUKl2OAbHVc1r9isRs6WIExS/1BLgwDQYJKoZIhvcNAQEL...' | | transport_pem | The path to the transport certificate used for mutual TLS. May be an absolute or relative path. tranport_pem or transport_pem_content must be used to provide the transport certificate | './conf/transport.pem' | | transport_pem_content | The transport certificate content (string) used for mutual TLS. If supplied, will override the certificate supplied via transport_pem. | '-----BEGIN CERTIFICATE----- MIIFnTCCBIWgAwIBAgIUKl2OAbHVc1r9isRs6WIExS/1BLgwDQYJKoZIhvcNAQEL...' | | application_redirect_uri | The specific redirect url used for all requests from this rp-nodejs-sdk instance. Must be one of the redirect_urls specified in the registry for the client | 'https://tpp.localhost/cb' | | client.client_id | Identifies the client. This value is available from the Registry via Software Statements -> Client Details -> Client ID | 'https://rp.directory.sandbox.connectid.com.au/openid_relying_party/280518db-9807-4824-b080-324d94b45f6a' | | client.organisation_id | Identifies the organisation. This value is available from the Registry via Organisation Details | 'ab837240-9618-4953-966e-90fd1fa63999' | | client.jwks_uri | The location of the JWKS for this client. Will be in the format: 'https://keystore.directory.sandbox.connectid.com.au/<organisation_id>/<client_id>/application.jwks' | 'https://keystore.directory.sandbox.connectid.com.au/ab837240-9618-4953-966e-90fd1fa63999/090d41c6-fc27-4b1e-91e9-0fecfc240601/application.jwks' | | client.redirect_uris | The list of redirect_uris supported by the client. Must only contain URIs specified in the registry. | ['https://demo.relyingpart.net/cb', 'https://tpp.localhost/cb',] | | log_level | The log level to use for console logs, eg: 'info', 'debug'. Enabling 'debug' will cause all requests and responses to remote servers to be logged. 'debug' must not be used in Production as it will log Personal Information. | 'info' | | cache_ttl | TTL for the participants list caching. Optional setting. Defaults to 600 seconds if not configured. | 600 | | enable_auto_compliance_verification | When running the OIDC FAPI compliance suite, it requires a call to userInfo after successfully decoding the response claims. If this is set to true, the SDK will automatically make the required call. | false | | purpose | The default purpose to be displayed to the consumer on the IDP consent screen to indicate why their data is being requested to be shared | 'verifying your identity' | | include_uncertified_participants | By default the SDK will filter out all authorisation servers that are not fully certified. If you wish to test one of the uncertified auth servers you will need to set this to true. If not provided, defaults to 'false' | false | | required_claims | The list of claims that the RP will be using and requires IDPs to support. If supplied, this will be used to filter the list of IDPs returned from getParticipants so that only IDPs supporting the claims are returned. If this value is not supplied, no filtering by claim support will be performed. | ['name', 'address'] | | required_participant_certifications | The list of required certifications a server must support for the IDP use case (eg: TDIF Certification). If supplied, this will be used to filter the list of IDPs returned from getParticipants so that only IDPs with the certification are returned. If this value is not supplied, no filtering for specific certifications will be performed. | [{ profileType: 'TDIF Accreditation', profileVariant: 'Identity Provider'}] |

Process Overview Sequence Diagram

The expected interactions between the Relying Party and RP Connector as part of a standard flow are shown in the diagram below.

The key steps are:

  • Retrieve the list of Participants so the user can be prompted to choose their bank
  • Send a pushed authorisation request to the selected bank with the requested claims and redirect the user to their bank
  • Use the callback querystring to retrieve the access token and identity token with the claims the user has consented to share
sequenceDiagram
    Customer->>+Relying Party: Use Digital ID
    Relying Party->>+rp-nodejs-sdk: getParticipants()
    rp-nodejs-sdk-->>-Relying Party: Participant metadata
    Relying Party-->>-Customer: Display Bank Selector
    Customer->>+Relying Party: Select Bank
    Relying Party->>+rp-nodejs-sdk: sendPushedAuthorisationRequest()
    rp-nodejs-sdk-->>-Relying Party: authUrl, codeVerifier, state, nonce
    Note right of Relying Party: The RP must associate the codeVerifier,<br/>state and nonce with the user<br/>to use when retrieving claims
    Relying Party-->>-Customer: redirect to Bank using authUrl
    Customer->>+Bank: redirect to AuthUrl
    Bank->>Bank: Authenticate & Capture Consent
    Bank-->>-Customer: Redirect customer to RP callback URI
    Customer->>+Relying Party: redirect to callback URL
    Relying Party->>+rp-nodejs-sdk: retrievetokens()
    rp-nodejs-sdk-->>-Relying Party: access and identity tokens
    Relying Party-->>-Customer: Display outcome

API Operations

getParticipants()

This allows the list of Identity Providers within the scheme to be retrieved, so that the Relying Party can display them to the user and allow the user to choose which Identity Provider they will use to prove their identity.

Note that by default the SDK is configured to only return Identity Providers that are fully certified. If you wish to test one of the uncertified Identity Providers you will need to set the include_uncertified_participants configuration option to true. (This should only be done in a test environment, and should never be done in production.)

You may also set the required_claims and required_participant_certifications configuration options to filter the list of IDPs returned based on the needs of your use case (eg: if you require IDPs to be TDIF certified).

const idps = await rpClient.getParticipants()

The response will contain an array of Organisations and their Authorisation Server, with an object structure similar to below.

They key fields of interest are:

  • CustomerFriendlyName - this is the name of the Bank to display to the customer
  • CustomerFriendlyLogoUri - this is a logo for the Bank that can be displayed alongside the bank name
  • AuthorisationServerId - this uniquely identifies the authorisation server. It will be needed as part of the next call in the flow to identify the Authorisation Server to send the PAR to.

Note that in the response there may be:

  • multiple organisations - each Bank will be its own organisation
  • multiple authorisation servers per bank - a Bank may have different authorisation servers for its different brands (or potentially to differentiate Business Banking from Retail Banking)
[
  {
    "Status": "Active",
    "OrgDomainRoleClaims": [],
    "AuthorisationServers": [
      {
        "PayloadSigningCertLocationUri": "https://auth.bank4.directory.sandbox.connectid.com.au/na",
        "ParentAuthorisationServerId": null,
        "OpenIDDiscoveryDocument": "https://auth.bank4.directory.sandbox.connectid.com.au/.well-known/openid-configuration",
        "CustomerFriendlyName": "Bank W",
        "CustomerFriendlyDescription": "Bank4",
        "TermsOfServiceUri": null,
        "ApiResources": [],
        "AutoRegistrationSupported": true,
        "CustomerFriendlyLogoUri": "https://static.relyingparty.net/BankW.svg",
        "SupportsDCR": false,
        "AuthorisationServerCertifications": [],
        "SupportsCiba": false,
        "DeveloperPortalUri": null,
        "NotificationWebhookAddedDate": null,
        "AuthorisationServerId": "cde44c30-9138-4b58-ba50-221833d14319"
      },
      {
        "PayloadSigningCertLocationUri": "https://auth.bank3.directory.sandbox.connectid.com.au/na",
        "ParentAuthorisationServerId": null,
        "OpenIDDiscoveryDocument": "https://auth.bank3.directory.sandbox.connectid.com.au/.well-known/openid-configuration",
        "CustomerFriendlyName": "Bank N",
        "CustomerFriendlyDescription": "Bank3",
        "TermsOfServiceUri": null,
        "ApiResources": [],
        "AutoRegistrationSupported": true,
        "CustomerFriendlyLogoUri": "https://static.relyingparty.net/BankN.svg",
        "SupportsDCR": false,
        "AuthorisationServerCertifications": [],
        "SupportsCiba": false,
        "DeveloperPortalUri": null,
        "NotificationWebhookAddedDate": null,
        "AuthorisationServerId": "22c2d67e-4d95-414a-b51a-ca863e9d691d"
      }
    ],
    "OrgDomainClaims": [],
    "Size": null,
    "RegistrationId": null,
    "OrganisationId": "ed63c5b4-4dcb-4867-bd8b-e2b04a0ab04b",
    "City": "Banksville",
    "Postcode": "4103",
    "AddressLine2": "Bank Town",
    "RegisteredName": "RefBank",
    "AddressLine1": "1 Reference Bank Street",
    "LegalEntityName": "Reference Bank",
    "OrganisationName": "Reference Banks",
    "Country": "AU",
    "RegistrationNumber": "ABN 123 456 7890",
    "CreatedOn": "2021-12-14T23:09:03.581Z",
    "Tag": null,
    "ParentOrganisationReference": "",
    "CompanyRegister": "ABN",
    "CountryOfRegistration": "AU"
  },
  {
    "Status": "Active",
    "OrgDomainRoleClaims": [],
    "AuthorisationServers": [
      {
        "PayloadSigningCertLocationUri": "https://mtls.partner.idp.test.commbank.com.au/pf/JWKS",
        "ParentAuthorisationServerId": null,
        "OpenIDDiscoveryDocument": "https://mtls.partner.idp.test.commbank.com.au/.well-known/openid-configuration",
        "CustomerFriendlyName": "Commonwealth Bank",
        "CustomerFriendlyDescription": "Test IDP for CBA",
        "TermsOfServiceUri": null,
        "ApiResources": [],
        "AutoRegistrationSupported": true,
        "CustomerFriendlyLogoUri": "https://www.commbank.com.au/test.svg",
        "SupportsDCR": false,
        "AuthorisationServerCertifications": [],
        "SupportsCiba": false,
        "DeveloperPortalUri": null,
        "NotificationWebhookAddedDate": null,
        "AuthorisationServerId": "355df9aa-bf8f-4cec-aa4d-78b10356762e"
      }
    ],
    "OrgDomainClaims": [],
    "Size": null,
    "RegistrationId": "",
    "OrganisationId": "adf2af89-2782-4058-86d9-ff3a9068e4a5",
    "City": "Sydney",
    "Postcode": "2000",
    "AddressLine2": "201 Sussex Street",
    "RegisteredName": "Commonwealth Bank of Australia",
    "AddressLine1": "Ground Floor Tower 1",
    "LegalEntityName": "Commonwealth Bank of Australia",
    "OrganisationName": "Commonwealth Bank of Australia",
    "Country": "AU",
    "RegistrationNumber": "ABN 48 123 123 124",
    "CreatedOn": "2022-03-14T00:42:29.202Z",
    "Tag": null,
    "ParentOrganisationReference": "",
    "CompanyRegister": "ABN",
    "CountryOfRegistration": "AU"
  }
]

getFallbackProviderParticipants()

This allows the list of Fallback Identity Providers (ie: manual document based verification) within the scheme to be retrieved, so that the Relying Party can use them as a fallback option if the user does not have a relationship with one of the identity providers. Note that there is only expected to be a single Fallback Provider authorisation server for the Scheme.

It is expected that clients will only use this method if they are building their own IDP selector and need to identify the scheme Fallback Identity Provider.

Note that there is only expected to be a single Fallback Provider for the scheme (so only one participant with one auth server should be returned here).

const fallbackProviders = await rpClient.getFallbackProviderParticipants()

The response will contain an array of Organisations and their Authorisation Servers, with the structure the same as that for getParticipants().

sendPushedAuthorisationRequest(authServerId: string, essentialClaims: string[], voluntaryClaims: string[] = [], purpose: string = '{default value from config}')

This sends a Pushed Authorisation Request to the specified Identity Server requesting the list of supplied claims. The response will include the authUrl which is the URL that the user needs to be redirected to so they can complete the authorisation process.

The required function parameters are:

  • authorisationServerId - identifies the authorisation server to send the PAR to
  • essentialClaims - a list of the identity essential claim names that being requested for the user. Note that permitted claim names are defined in section 6 of the Digital ID API Security Profile specification. When the IDP is obtaining user consent, the only method for a user to opt out of consenting to an essential claim is to cancel the entire transaction.
  • voluntaryClaims - a list of the identity voluntary claim names that are being requested for the user. Note that permitted claim names are defined in section 6 of the Digital ID API Security Profile specification. When the IDP is obtaining user consent, they may allow the user to opt out of consenting to providing each of the voluntary claims, while still consenting to all essential claims. If a user does not consent to voluntary claims, but does consent to essential claims, this will result in a successful transaction.
  • purpose - the purpose to be displayed to the consumer on the IDP consent screen to indicate why their data is being requested to be shared. If not supplied, the default purpose configured in the SDK config will be used.

The method will return: { authUrl, code_verifier, state, nonce, xFapiInteractionId }. The fields are:

  • authUrl - the URL the user must be redirected to in order to complete the authorisation process with their Identity Provider
  • codeVerifier
  • state
  • nonce
  • xFapiInteractionId - a unique identifier for this interaction with the Authorisation Server, that was sent in the x-fapi-interaction-id request header to the server. Intended as a correlation id for diagnosing issues between the client and the authorisation server.

The codeVerifier, state and nonce are all associated with this specific PAR and are required when retrieving the token claims when the user has authorised the request. You must securely associate these with your user request so that you can use them on the subsequent call.

retrieveTokens(authorisationServerId: string, requestParams: CallbackParamsType, codeVerifier: string, state: string, nonce: string)

interface CallbackParamsType {
  access_token?: string
  code?: string
  error?: string
  error_description?: string
  error_uri?: string
  expires_in?: string
  id_token?: string
  state?: string
  token_type?: string
  session_state?: string
  response?: string

  [key: string]: unknown
}

This retrieves the access and identity token containing the claims that the user has consented to share with the Relying Party. It uses the authorisation code provided in the callback from the IDP and exchanges this for the access and identity token with the claims. The tokens are then returned to the API caller.

The required function parameters are:

  • authorisationServerId - identifies the authorisation server providing the user information
  • requestParams - the full querystring from the callback to the Relying Party callback address
  • codeVerifier - from the response to the PAR for this identity request
  • state - from the response to the PAR for this identity request
  • nonce - from the response to the PAR for this identity request

The method will return a ConsolidatedTokenSet which extends Tokenset that contains the access_token and id_token. The user identity claims can be retrieved using the utility method claims() on the TokenSet. The ConsolidatedTokenSet provides a new method consolidatedClaims(), which will return a single object containing all the claims, including the extended claims, as a single object. The tokenset also contains an xFapiInteractionId which is a correlation id for the request that was sent to the IDP.

getUserInfo(authorisationServerId: string, accessToken: string)

This will call the userinfo endpoint using the supplied access token and return the parsed user information response.

Note that in the initial steel thread implementation, there is no requirement for the IDPs to support this endpoint. All user identity claims will be provided as part of the id_token returned by retrieveTokens.

The required function parameters are:

  • authorisationServerId - identifies the authorisation server providing the user information
  • accessToken - the access token provided by retrieveTokens

Release Notes

4.2.1 (Nov 27, 2025)

  • Updated dependencies.

4.2.0 (Aug 8, 2025)

  • cba_loyalty claim.

4.1.0 (Feb 25, 2025)

  • Implemented user-agent support.

4.0.5 (Feb 24, 2025)

  • Add README.md and license files to bundle.

4.0.4 (Feb 21, 2025)

  • Remove declarationMap.

4.0.3 (Nov 29, 2024)

  • Issuer value for aud in private_key_jwt.

4.0.2 (Oct 22, 2024)

  • Single string audience in the private key jwt.

4.0.1 (Oct 1, 2024)

  • Changed type of ApiResources from str to ApiResource.

4.0.0 (Sep 2, 2024)

  • Breaking change: removed essential claims default value. If you are relying on essential claims default value calling sendPushedAuthorisationRequest then you need to provide the claims explicitly. Otherwise, no need to change anything.

How it was:

const defaultClaimList: string[] = ['given_name', 'middle_name', 'family_name', 'phone_number', 'email', 'address', 'birthdate', 'txn']

async sendPushedAuthorisationRequest(authServerId: string, essentialClaims: string[] = defaultClaimList, voluntaryClaims: string[] = [], purpose: string = this.purpose) {

How it is now:

async sendPushedAuthorisationRequest(authServerId: string, essentialClaims: string[], voluntaryClaims: string[] = [], purpose: string = this.purpose) {

4.0.0 (Sep 23, 2024)

  • Updated Node version to 20.x.
  • Removed jest and axios dependencies.

3.0.0 (Aug 27, 2024)

  • Breaking change: removed name from essential claims default value. If you are relying on essential claims default value calling sendPushedAuthorisationRequest and use name claim then you need to provide name claim explicitly. Otherwise, no need to change anything.

2.15.0 (Jun 20, 2024)

  • Updated purpose statement.
  • Dependencies updated.

2.14.1 (Jun 17, 2024)

  • Removed got dependency and used fetch instead.

2.14.0 (Jun 12, 2024)

  • Added cache to getParticipants() method.

2.13.0 (April 17, 2024)

  • Updated dependencies

2.12.3 (Nov 8, 2023)

  • nonce should have 43 chars.

2.12.2 (Nov 8, 2023)

  • Updated README.md to include tsconfig suggestion.

2.12.1 (Nov 7, 2023)

  • Made ca_pem optional. Although either ca_pem or ca_pem_content must be provided.
  • Made signing_key optional. Although either signing_key or signing_key_content must be provided.
  • Made signing_pem optional. Although either signing_pem or signing_pem_content must be provided.
  • Made transport_key optional. Although either transport_key or transport_key_content must be provided.
  • Made transport_pem optional. Although either transport_pem or transport_pem_content must be provided.

2.12.0 (October 19, 2023)

  • Added support to Node 18.

2.11.2 (August 22, 2023)

  • Conformance test succeed on warnings.

2.11.1 (August 3, 2023)

  • Added automated Conformance test.

2.11.0 (August 1, 2023)

  • Updated trust_framework in the PAR to contain an object { value: 'au_connectid' } instead of having a string value. This is to bring it inline with OIDC4A spec that requires trust_framework to contain an object.

2.10.0 (July 31, 2023)

  • Updated documentation to include registry_participants_uri parameter.
  • Updated two testcases.

2.9.0 (July 17, 2023)

  • Updated getParticipants() so it only returns participants that are active in the network by default. Can be overridden using config to return all if required. Also allow filtering of Auth Servers by capabilities.
  • Added getFallbackProviderParticipants() to return the manual verification authorisation server.
  • Note that sendPushedAuthorisationRequest() will require the auth server id to be valid for the current filter config (eg: Active auth servers).

2.8.0 (June 7, 2023)

  • Ensured that the txn claim is always requested so clients always have a reference for the transaction.

2.7.2 (June 6, 2023)

  • Removed redirect_url and response_type authorization request parameters from the request to the authorization endpoint to comply with FAPI2 Security Profile Implementers Draft 3.

2.7.1 (June 5, 2023)

  • Removed scope authorization request parameter from the request to the authorization endpoint to comply with FAPI2 Security Profile Implementers Draft 3.

2.7.0 (May 31, 2023)

  • Enhanced logging so x-fapi-interaction-id logged for PAR and token requests.

2.6.1 (May 29, 2023)

  • Fixed invalid main file definition.

2.6.0 (May 29, 2023)

  • Added support for purpose as request object parameter on PAR requests. Can be supplied per request or use the default supplied via config.

2.5.0 (May 24, 2023)

  • Added support for x-fapi-interaction-id headers on PAR, token and userinfo requests.

2.4.1 (May 5, 2023)

  • Updated clientId details for testing and documentation to use a federated clientId.

2.4.0 (March 28, 2023)

  • Reimplemented extended claims, which now supports the following claims: over16, over18, over21, over25, over65, beneficiary_account_au, beneficiary_account_au_payid, beneficiary_account_international.
  • Implemented strict mode for TypeScript to prevent the use of any type and other unsafe types.
  • Fix for ClaimsRequest type to support non-verified claims in the type definition.

2.3.0 (March 10, 2023)

  • Added support for the following extended claims: over16, over18, over21, over25, over65, beneficiary_account, pay_id.

2.2.0 (Feb 20, 2023)

  • Maintenance update of dependencies to address CVE-2022-36083 in JOSE library.

2.1.0 (Feb 13, 2023)

  • Moved prompt=consent parameter to pushed authorisation request object instead of a URL parameter.

2.0.7 (Dec 22, 2022)

  • Run on Node 14 and 16 (openid-client lib does not support Node 18 yet).

2.0.6 (Dec 21, 2022)

  • Removed the need to use --experimental-specifier-resolution=node flag when importing the SDK.
  • Log SDK version.

2.0.5 (Dec 20, 2022)

  • Updated documentation.

2.0.4 (Dec 20, 2022)

  • Fixed RelyingPartyClientSdk is not a constructor.

2.0.3 (Dec 20, 2022)

  • Made ca_pem_content, signing_key_content, signing_pem_content, transport_key_content, transport_pem_content from RelyingPartyClientSdkConfig optional.

2.0.2 (Dec 20, 2022)

  • Removed version logging when SDK is created.

2.0.1 (Dec 20, 2022)

  • Fixed npm publish.

2.0.0 (Dec 19, 2022)

  • Typescript support.
  • Breaking change: SDK imported using require will need to add a default at the end of the import.
const RelyingPartyClientSdk = require('@idmvp/rp-nodejs-sdk').default

1.2.3 (Oct 24, 2022)

  • Code formatting. See .prettierrc.json.

1.2.2

<starting point>