Features

• Tested with Angular 8
• Code Flow + PKCE (RFC 7637) to align with OAuth 2.0 Security Best Current Practice
• Support for refresh_token and automatic refresh when using Code Flow
  • See mentioned Best Current Practices document for things to consinder

More information about this can be found in the docs:

• https://manfredsteyer.github.io/angular-oauth2-oidc/docs/additional-documentation/code-flow-+-pcke.html
• https://manfredsteyer.github.io/angular-oauth2-oidc/docs/additional-documentation/refreshing-a-token.html

PR

Big thanks to all contributors for providing 21 PRs for this release! You all are awesome!!!

Proposal: Add implicit flow through popup
#468 by leonardochaia

Improve default oauth interceptor investigating
#515 by simonmulser was merged

feat: Upgrade to angular 8
#573 by killzoner was merged

Improve documentation for events
#520 by jeroenheijmans

Added customUrlValidation
#331 by vytautas-pranskunas-

Properly implements openUri for implicit flow
#369 by nhance was merged

Refresh the timers after configuration has changed
#382 by FabienDehopre

Cleanup timers when OAuthService is destroyed
#463 by leonardochaia

Fixed HTTPS error messages in service
#510 by bobvandevijver

Calculate the timeout using now as a reference
#487 by filipvh

Add documentation about configuring custom OAuthStorage
#512 by dennisameling

update README re: discovery doc validation disabling
#521 by cconcannon

optionally use crypto to generate nonce
#540 by ChristianMurphy

Pause silent refresh if user has logged out
#526 by l1b3r

Skip issuer check in processIdToken if skipIssuerCheck is true
#527 by ismcagdas

Corrects how localStorage could be used
#533 by ManuelRauber

Add noPrompt parameter to setupAutomaticSilentRefresh method
#536 by remiburtin

feature: Abort current implicit flow
#537 by enricodeleo

Fix spelling mistake
#544 by peterneave

Only present the sendAccessToken interceptor mechanism in the Readme
#554 by nhumblot

Added clock skew parameter
#569 by nenadmaricic