Refactor

• avoid use of prototype attributes in keystore queries (#660) (47a549c)

Revert "fix: encode client_secret_basic - _ . ! ~ * ' ( ) characters"

This reverts commit 5a2ea80, even though it is the correct implementation some of the most widely used identity providers don't follow the specification.

Fixes

• encode client_secret_basic - _ . ! ~ * ' ( ) characters (5a2ea80)

Refactor

• issuer discovery (#637) (c228877)

Fixes

• add explicit Accept-Encoding header to http requests (abcb564), closes #648

Fixes

• consistent space encoding in authorizationUrl (#627) (ad68223), closes #626

Features

• experimental Bun support (a9d3a87), closes #622 #623

Features

• DPoP: remove experimental warning, DPoP is now RFC9449 (133a022)

Fixes

• handle empty client_secret with basic and post client auth (#610) (402c711), closes #609

Fixes

• bump oidc-token-hash (20607e9)

This release contains only code refactoring, dependency, or documentation updates. The release process now also uses provenance statements.