All Versions
225
Latest Version
Avg Release Cycle
5 days
Latest Release
1853 days ago

Changelog History
Page 4

  • v1.124.3 Changes

    November 05, 2018

    ๐Ÿ› Bug Fixes

    • oauth-sentry: arg to server.events.on is "channels" (plural) (51833e2)

  • v1.124.2 Changes

    November 02, 2018

    ๐Ÿ› Bug Fixes

    • errors: reinstate bounce error failures/messaging (42d165e)

    chore

    • ๐Ÿ“ฆ package: update deps (aa6c3be)

  • v1.124.1 Changes

    November 01, 2018

  • v1.124.0 Changes

    October 30, 2018

    ๐Ÿ› Bug Fixes

    • 2fa: Allow an explicit null value for acr_values param. (47f4c61)
    • api: accept and ignore client_secret param in /destroy (c797ed2)
    • api: allow application/x-form-urlencoded (6cc91e2)
    • api: Change InvalidAssertions error code to 401 (2781b3a)
    • api: clean up response of client-tokens delete endpoint (#3) (#449); r=rfk (9c63273), closes #3 #449
    • api: Correct the error codes changed in 2781b3a (d0dba7c)
    • api: ensure /destroy endpoint returns an empty object in response body. (6efd47d)
    • api: fail on invalid action parameters (0c73ae7)
    • api: reject requests with bad content-types (2667228), closes #199
    • api: reject requests with invalid parameters (3b4fa24), closes #210
    • api: remove stray payload restriction from authorization route (e0d5368)
    • api: set update to return an empty object (6f334c6)
    • api: tolerate an empty client_secret in /destroy (25a4d30)
    • api: use invalidRequestParameter instead of invalidRedirect for invalid redirect acti (55eff2d)
    • authorization: allow empty scope with implicit grant (1d6ac8e), closes #315
    • authorization: Correctly handle non-existing URL scopes during authorization. (#594) r=@vladiko (21654a3), closes #594 #593
    • authorization: handle action parameter in GET/authorization (cfa6d97)
    • buffer: #527 Migrate deprecated buffer calls (#528) r=@vladikoff (fd85207), closes #527 #528 #527
    • ๐Ÿ”„ changelog: Fixes #524 automated changelog is borked (#542) r=@vladikoff (d743721), closes #524 #542
    • ๐Ÿ”„ changelog: update to latest changelog version (#556) (bc9256e), closes #556
    • ci: remove geodb workaround (521f4fe)
    • ci: remove nsp (#602) (64ade86), closes #602 #596 #597
    • ci: Run MySQL tests in Circle (#586) r=@vbudhram (4b1c4e4), closes #586 #581
    • ci: turn on memcached in travis and circle (eb86a37), closes #2681
    • clients: fix server error when omitting optional fields in client registration (80768c5), closes #203
    • clients: fixes client endpoint for clients with no redirect_uri (6d47110), closes #228
    • clients: fixes client registration to use payload.whitelisted (83e145b)
    • clients: match the notes client with fxa-dev and other envs (#585); r=rfk (e24a582), closes #585
    • clients: support client/client_id route via the internal server (ce04da7)
    • clients: update email validation (92d4bfc)
    • codes: Remove authorization codes after use. (e0f8961)
    • config: Add environment config options (14a9b4a)
    • config: expose clients config as OAUTH_CLIENTS (04ebf6f)
    • config: expose more environment variables for config (7a1dd19)
    • config: For dev, the openid issuer is http://127.0.0.1:3030 (#583) r=@vladikoff (38e1d73), closes #583 mozilla/fxa-content-server#6362
    • config: mark config sentryDsn and mysql password sensitive (#511) r=@vladikoff (d98fbcd), closes #511
    • config: option autoUpdateClients, will be disable in prod/stage (802a0b2)
    • config: remove 00000... from hashedSecrets (8dcfd56), closes #339
    • config: reverting 'mark config sentryDsn and mysql password sensitive (#511) r=@vladikof (41bd7c0), closes #511
    • config: set expiration.accessToken default to 2 weeks (7a4742d)
    • config: update config to use getProperties (c2ed6eb), closes #349
    • config: Update contentUrl (e1622b2)
    • config: Update name and redirectUri (2a16cdd)
    • config: update redirect_uri values to not be blank (5267c62)
    • db: don't change client database at startup; footgun (8877f81)
    • db: Drop foreign key constraints. (7ee117c)
    • db: ensure strict mode (#448) r=rfk,seanmonstar (8d309c5), closes #448 #446
    • db: Fix an old db patch to apply cleanly in local dev. (c7fa633)
    • db: Fix case-consistency of SQL query from #612 (9e55714), closes #612
    • db: make schema.sql accuratley reflect latest patch state (b17b000)
    • db: make the clients key mandatory in the config file (ac7a39e)
    • db: remove db name from clients (c724439)
    • db: Restore foreign key constraints on core tables. (2bd0845)
    • db: we need to enforce only a minimum patch level (not {n,n+1}) (e12f54d)
    • dependencies: move fxa-jwtool from dev-dependencies to dependencies (79b0427), closes #345
    • dependencies: switch back to main generate-rsa-keypair now that my fix to it was merged (1c1268b)
    • deps: add filtered npm audit (71048b3), closes mozilla/fxa#303
    • deps: ignore npm advisories 39, 48, 658 (238b0a1), closes /github.com/mozilla/fxa-auth-server/pull/2643/files#r220807985
    • deps: switch from URIjs to urijs (ecdf31e), closes #347
    • deps: update mocha and other dev deps (b99e82d)
    • deps: update newrelic and request r=@shane-tomlinson (b6d6c93)
    • deps: update some dependencies (09aa7b0)
    • deps: update to hapi 14 and joi 9 (9bc87c0), closes #424
    • deps: update to hapi 16, add srinkwrap scripts, update other prod deps (c102046)
    • deps: update to mozlog 2.0.2 (29342a9), closes #337
    • doc: Putting a little emphasis on email first (#584) r=@shane-tomlinson (8ad17c1), closes #584
    • ๐Ÿณ docker: base image node:8-alpine and upgrade to npm6 (#567) r=@jbuck,@vladikoff (d4060be), closes #567
    • ๐Ÿ“„ docs: add git guidelines link (a00167c)
    • ๐Ÿ“„ docs: Change Status Code for Invalid Assertion based (780aaee)
    • ๐Ÿ“„ docs: document keys and verification_redirect options (ef8c47a)
    • ๐Ÿ“„ docs: minor spelling fixes (33ad1ec)
    • ๐Ÿ“„ docs: note that codes are single use (6fe39f7), closes #214
    • ๐Ÿ“„ docs: Update description of the action param to match latest reality. (b475fcb)
    • email: ensure mock senders take precedence over the email service (29f379d)
    • error: AppError uses Error.captureStackTrace (2337f80), closes #164
    • events: require events to be configured in production (1bef9e0)
    • fatal-error: Exit with non-zero exit code for fatal errors (7c90ff0), closes #244
    • headers: add cache-control headers to api endpoints; extend tests (5a81ef9)
    • headers: make "cache-control" value configurable (5ba82ea)
    • key-data: Correctly handle non-existent scopes when finding key data. (34d9493)
    • key-data: Fail cleanly when the client has no allowedScopes. (fafcef5)
    • keys: Generate unique 'kid' field when regenerating JWK keys (5b9acae)
    • keys: replace scope key TLD (#505) r=@rfk (a5e6d8f), closes #505
    • ๐ŸŒฒ log: add remoteAddressChain to summary (#417) (568cfa6), closes #417 #415
    • ๐ŸŒฒ log: avoid crashing on bad payload (#411) r=rfk,jrgm (19ebed5), closes #411 #410
    • ๐ŸŒฒ logging: log the reason for account deletions (3092ac1)
    • ๐ŸŒฒ logging: use route.path in debug message, not route.url (7d9efc2)
    • ๐ŸŒฒ logging: use space-free tokens for mozlog (11f73f9)
    • ๐Ÿ”Š logs: add scope and client_id logs to verify route (#447) r=seanmonstar (33eb39e), closes #447 #444
    • mailer: Fix the bulk-mailer, add lots of tests. (806129d)
    • memorydb: token createdAt used instead of client createdAt (#436) r=vladikoff,seanmonstar (02dec66), closes #436 #421
    • metrics: use correct format for email service notifications (ec3ff7b)
    • monorepo: Update CI config for oauth-server import. (6a5675c)
    • mysql: Correctly aggregate tokens by clientid. (#576) r=@vladikoff (2c2cd22), closes #576
    • ๐Ÿ†• newrelic: update to v2.1.0 (87a3aee)
    • node: use node 6.12.0 (#501) r=@vladikoff (167c973), closes #501
    • node: use node 6.12.3 (#510) r=@vladikoff (adc1fc0), closes #510
    • node: Use Node.js v6.14.0 (#537) (f32a3d7), closes #537
    • nodejs: update to 6.11.1 for security fixes (a0520c0)
    • oauth: another notes dev client (#546) (9d5ec8e), closes #546
    • openid: Generate openid keys on npm postinstall to file (5f15afa)
    • patcher: Fix patcher with no pre-loaded clients (dcc47b9)
    • pkce: Don't require PKCE in the direct grant flow. (#566) r=@vladikoff (d70fe6d), closes #566 #559
    • pkce: match pkce implementation to specifications (#498) r=rfk (cf1c836), closes #498 #495
    • profile: remove the profileChangedAt column on tokens table (5e87bce)
    • purge: add purgeExpiredTokensById to select, then delete by primary key (#580); r=rfk (adfff65), closes #580
    • purge-expired: accept a list of pocket-id's (1c843a9)
    • purge-expired: log uncaughtException; minimum log level of info (264271e)
    • purge-expired: moar logging (80c360e)
    • purge-expired: Promise.delay takes milliseconds; allow subsecond delay (10c6103)
    • purge-expired: set db.autoUpdateClients config to false (bc66fc3)
    • purge-expired: use db.getClient() to check for unknown clientId (c33f1d9)
    • route: make email false by default (#533) r=@rfk (aa68fb9), closes #533
    • scopes: Document scope-handling rules, use shared code to enforce them. (#551); r=vbudhr (237886d), closes #551
    • scopes: Dont treat foo:write as a sub-scope of foo. (b4b30c2)
    • scripts: Fix varname typo in test runner script. (#535) (02804a8), closes #535
    • scripts: Use pure JS module to generate RSA keypairs (#439) r=vladikoff (3380e1c), closes #439
    • ๐Ÿ”’ security: enable x-content-type-options nosniff (5ea5001)
    • ๐Ÿ”’ security: enable X-XSS-Protection 1; mode=block (52ca1e5)
    • ๐Ÿ”’ security: set x-frame-options deny (21ea05d)
    • server: exit if db patch level is wrong (78d6382)
    • shrinkwrap: restore deleted npm-shrinkwrap.json (6383481)
    • spelling: minor spelling fix in tests (#403) r=vladikoff (d4ff105), closes #403
    • sql: fix the schema issue with the trailing comma (069caeb), closes #299
    • sql: remove references to the whitelisted column; this is now the trusted column (6b4d1ec)
    • sql: undo 155d2ce; for mysql-patcher fix up that database (eb9f40d), closes #301
    • โœ… test: encrypt refresh_token on db query (#414) r=seanmonstar,vladikoff (7f52d46), closes #414 #413
    • โœ… test: fix unhandled rejection error with memory db impl (#454) r=vladikoff (c870eba), closes #454
    • โœ… tests: check insert of utf8mb4 (4e6a77a)
    • โœ… tests: double before hook timeout for tests on slow machines (2333416)
    • โœ… tests: mock outstanding error logs in test suite r=@vladikoff (6a5d3ce), closes #334
    • โœ… tests: More reliable generation of RSA keys for tests (981d0b7)
    • โœ… tests: Refactor use of process.exit() to be outside of code under test. (47f4f17)
    • โœ… tests: remove assertions of profileChangedAt property (60af54f)
    • โœ… tests: sleep additional half second to adjust for mysql round of timestamp (a02f516)
    • โœ… tests: speed up and upgrade the test runner (#467) r=seanmonstar (2e76c9e), closes #467
    • token: disable expiration error (c9547a8)
    • tokens: Added scripts that purge expired access tokens. (10bbb24)
    • tokens: Avoid quadratic behaviour when listing active clients. (#9); r=vladikoff (15c3065), closes #9
    • tokens: Begin expiring access tokens beyond a configurable epoch. (b346326)
    • tokens: invalidate refresh tokens on client-token DELETE action (#508) (df0ca82), closes #508 #507
    • tokens: ttl parameter must be positive (#429) r=vladikoff (1764d73), closes #429
    • travis: build on node 0.10, 0.12, 4, no allowed failures (6684e8c)
    • travis: install libgmp3-dev so optionaldep bigint will be built for browserid-crypto (a64cb18)
    • travis: remove broken validate shrinkwrap (1729764)
    • travis: run tests with 6 and 8 (#497) r=vladikoff (a49b272), closes #497
    • travis: test on node4/node6 with default npm & g++-4.8 (b4e1dd8)
    • validation: Allow redirect uris with existing query params. (#548); r=philbooth (b93e6a1), closes #548
    • validation: Restrict characters allowed in 'scope' parameter. (7dd2a39)
    • ๐Ÿ”– version: use cwd and env var to get version (#452) r=vladikoff (a3b1aa2), closes #452
    • ๐Ÿ”– version: use explicit path with git-config (e0af8bc)

    chore

    • api: remove metrics context data from deprecated endpoints (d884148), closes #2496
    • awsbox: remove unused awsbox (f053c9f)
    • ๐Ÿ— build: Bump eslint-config-fxa to latest version (fe45e0b)
    • ๐Ÿ— build: create changelogs each release (16f1f5b), closes #158
    • ๐Ÿ— build: switch to grunt-nsp (ac31672)
    • ci: drop node 4 as a supported env (#478) (176c828), closes #478
    • clients: add credentials for FF/FFOS/Fennec/FxA clients in dev (b501abe)
    • clients: remove deprecated 'whitelisted' column from clients table. (cf16f8a)
    • clients: rename "whitelisted" property to "trusted". (b8927a8)
    • config: add local loop dev credentials (70cc480)
    • config: add Notes trailing slash to redirect in dev.json (#536) (e8bf2e5), closes #536
    • config: add oauth console into dev config (14d7bab)
    • config: remove duplicate 'canGrant' field in config file (259da3d)
    • config: Update convict and switch on strict validation. (1f49ad4)
    • db: Add db migration to revert change that couldn't go to production. (9382239)
    • dep: replaced bidcrypto dep with fxa-jwtool (7d71239)
    • dependencies: bump hapi version (13c2d57)
    • dependencies: dependency upgrades (4430228)
    • dependencies: update 'jwcrypto' dependency to 'browserid-crypto' (b9bf102), closes #151
    • dependencies: update convict (8dfa52f)
    • dependencies: update most dependencies (ad61ecb)
    • dependencies: updating deps (e412925)
    • dependencies: upgrade mozlog to 2.0.3 (262bbc9)
    • deps: Generate shrinkwrap for latest dependency updates (84e69b5)
    • deps: update deps, fix nsp (#517) r=@philbooth (9f12267), closes #517
    • deps: Update hapi dependency. (#457), r=@vbudhram (24a570f), closes #457
    • deps: Update hapi to latest version (#482) r=vladikoff (6b2810e), closes #482
    • deps: Update hapi to v16.6.3 (#526) (78c88ad), closes #526
    • deps: Update request package to latest version (#407) r=vladikoff (b8ef1d7), closes #407
    • dev: add 321Done untrusted client (a291205)
    • dev: add Firefox Notes Web Extension client to development config (3960e5f)
    • dev: add Notes supprot scope in dev (#492) (85af2a2), closes #492
    • ๐Ÿณ docker: remove old docker self-host files (9f5247f)
    • ๐Ÿณ docker: Update to node 6.11.5 (#494) (6eb07cf), closes #494
    • ๐Ÿณ docker: Use official node image & update to Node.js v4.8.2 (#462) r=vladikoff (b1924b0), closes #462
    • ๐Ÿ“„ docs: Add a comment about privKey/pubKey confusion in gen_keys (d2edd4b)
    • ๐Ÿ“„ docs: add a note about dev envs (0663c19), closes #148
    • ๐Ÿ“„ docs: add CircleCI badge to readme (acff566)
    • ๐Ÿ“„ docs: move self-host docker file (2180f92)
    • ๐Ÿ“„ docs: remove older Docker files (#426) (370c898), closes #426
    • grunt: make 'grunt release' generate changelog also (87d5861)
    • license: Update license to be SPDX compliant (ff83ec2)
    • ๐Ÿ‘• lint: add ESLint (1531061), closes #274
    • ๐ŸŒฒ logging: Log additional details for debugging expired tokens (22cf3ab)
    • npm: update to npm5 (#522) r=@vbudhram (3783605), closes #522
    • ๐Ÿ“ฆ package: npm shrinkwrap (8ba20b0)
    • ๐Ÿ“ฆ package: pin blanket to 1.1.6 (072385b)
    • ๐Ÿ“ฆ package: remove main from package.json (ebc60a5), closes #206
    • ๐Ÿš€ release: add tasks "grunt version" and "grunt version:patch" to create release tags (1be1380)
    • ๐Ÿš€ release: use CHANGELOG.md instead of CHANGELOG during bump (520b39c)
    • โœ… tests: remove weird mocking magic (47389fa)
    • โœ… tests: Uniformly use promises rather than done() callback. (2a4731f)
    • tokens: add a comment about why we're inserting an empty string for email (eed414b)
    • travis: drop node 0.12 support (b4eba46)
    • travis: Only install libgmp3-dev on Travis (cfafb19)
    • travis: Tell Travis to use #fxa-bots (17134db)
    • travis: use npm@2 for more stable installs (3c3e127)
    • ๐Ÿ”– version: add /version route with source repo (37a08f2)
    • ๐Ÿ”– version: generate legacy-format output for ./config/version.json (51b5f3b)

    ๐Ÿ“„ docs

    • api: Update email behavior for GET /v1/authorization. (755ec9a)
    • authorization: Document email param in GET /authorization (fbf1eb7)
    • service-clients: Document Service Clients, JKUs, and JWTs (d2f1ef3), closes #329
    • service-clients: Document Service Clients, JKUs, and JWTs (799f0e2), closes #329
    • ๐Ÿ‘Œ verify: fix misnamed 'scopes' response property (b5728cf), closes #261
    • workflow: fixes workflow typo (318d9e1)

    ๐Ÿ”‹ Features

    • 2fa: check acr values during authorization flow (c20682a)
    • amr: Report amr and acr claims in the id_token. (#530); r=vbudhram (8181f7f), closes #530
    • api: Add action=force_auth to GET /v1/authorization. (33603bd), closes #190
    • api: add auth_at to token response schema. (bc8454d), closes #181
    • api: add ttl parameter to POST /authorization (36087fe)
    • api: allow destroying token without client_secret (7b4d01f)
    • auth: Accept client credentials in the Authorization header. (#514); r=philbooth (1c50807), closes #514
    • auth: redirect to content-server oauth root by default (34ad867), closes #245
    • authorization: add uri validation on the authorization endpoint (#428) r=jrgm,seanmonstar (fcc0b52), closes #428 #387 #388
    • authorization: Directly return code in authorization response. (#541); r=philbooth (7ad1e56), closes #541
    • authorization: exit early if assertion invalid returns first (5a27ee6)
    • authorization: Require tokenVerified=true for key-bearing scopes. (#561) r=@vladikoff (f9ad63e), closes #561 /github.com/mozilla-services/tokenserver/blob/master/tokenserver/views.py#L140
    • ci: move to CircleCI 2 (#554) r=@jbuck (97e4f62), closes #554
    • clients: add terms_uri and privacy_uri properties to clients. (51ae904)
    • clients: add notion of Service Clients in config (8cfdffe), closes #327
    • clients: Added initial support for using previous client secret (4f9df20)
    • clients: client registration apis (1a80294), closes #60
    • clients: move client management api to a separate port (07a61af)
    • clients: remove obsolete generate-client.js script (62ab0ad), closes #231
    • clients: report trusted property in GET /client/:id (c58d237)
    • codes: Delete authorization codes when revoking client access. (#578); r=philbooth (b905b7c), closes #578
    • config: add browserid pool maxSockets option (0bb40ba)
    • config: add mysql pool conectionLimit option (ca220ae)
    • db: add basic migration infrastructure to mysql backend (012e605), closes #183
    • db: remove clients.secret column (0e39d1e), closes #323
    • deps: update server dependencies (80ac3cf)
    • deps: update to bluebird 3 (8f4c664), closes #570
    • developers: adds support for oauth developers (abe0e52)
    • ๐Ÿณ docker: Add CloudOps Dockerfile & CircleCI build instructions (a80b4b4)
    • ๐Ÿณ docker: Additional Dockerfile for self-hosting (83a8b6c)
    • ๐Ÿณ docker: Dockerfile and README update for basic docker development workflow (342d87b)
    • ๐Ÿณ docker: Shrink Docker image size (#438) r=vladikoff (13d13b9), closes #438
    • ๐Ÿณ docker: support feature branches (#464) r=jrgm (f94fd61), closes #464
    • email-first: Add support for the email-first flow. (#540); r=philbooth,rfk (cb11145), closes #540 #539
    • error: add info property with link to docs (681044c)
    • hpkp: Add the hpkp headers to all requests (#416) r=vladikoff (6b8a8c8), closes #416
    • keys: Add created-at timestamp to our public keys. (#453); r=seanmonstar,vladikoff (511d9a6), closes #453
    • keys: add key-data docs, move client_id into payload (#491); r=rfk (a9152c3), closes #491
    • keys: add keys_jwe support (#486) r=rfk (6a4efd1), closes #486 #484
    • keys: Check lastAuthAt freshness when fetching key data. (#502) r=@vladikoff (855adee), closes #502
    • keys: Check lastAuthAt freshness when fetching key data. (#506) r=@vladikoff (e0de2f3), closes #506
    • lb: Add __lbheartbeat__ endpoint (#458), r=@jbuck (c387907), closes #458
    • ๐ŸŒฒ logging: add log of time taken in authorization endpoint (02ec0d2)
    • ๐ŸŒฒ logging: add log when mysql pool enqueues (461b5c1)
    • ๐ŸŒฒ logging: add method, payload, and auth to summary (df57e23), closes #174
    • ๐ŸŒฒ logging: log details when generating code (81933f7)
    • ๐ŸŒฒ logging: switch logging to mozlog (ec0f5db), closes #156
    • ๐Ÿ”Š logs: add sentry support (#499), r=@vbudhram (ef34859), closes #499
    • metrics: add code and config for email service notification queue (ccd5556), closes #2633
    • monorepo: Move everything into a subdirectory. (8453f6e)
    • node: update to node 8 (#544) r=@jrgm (e9b08ae), closes #544
    • node: upgrade to node 6 (57c61ab)
    • oauth: add methods to support oauth client management (#405) r=seanmonstar (2748510), closes #405
    • oauth: make server compatible with AppAuth (#534) r=@rfk (ff9e422), closes #534
    • oauth: Track last time refreshToken was used (#412) r=vladikoff,seanmonstar (25c455a), closes #412 #275
    • openid: add initial OpenID Connect support (93f8758), closes #362
    • openid: add profileChangedAt to claims (#607), r=@rfk (f6e93eb), closes #607
    • openid: Add support for OIDC login_hint query param. (200ce43)
    • openid: add the openid connect at_hash value (#598), r=@rfk (d08310e), closes #598
    • openid: Allow untrusted reliers to request openid scope. (#516), r=@vbudhram (f764dc8), closes #516
    • pkce: add ability for PKCE clients to use refresh_tokens (#476) r=seanmonstar (7b401eb), closes #476 #472
    • pkce: add PKCE support to the oauth server (#466) r=seanmonstar (ed59c0e), closes #466
    • refresh_tokens: add refresh_tokens to /token endpoint (16e787f), closes #209
    • scopes: add key-data and scope support (#487) r=rfk (f3fcae5), closes #487 #483
    • scopes: allow https:// scopes (#490); r=rfk (f892bcb), closes #490 #489
    • scripts: Add script to generate an oauth client (f21f657)
    • server: set HSTS header for 180 days (d43accb)
    • server: update to Hapi 17 (0ebfebe)
    • shared: add new locales (d6e88df)
    • ๐Ÿ”€ sync: add local test client for sync (#549) (61ed2e7), closes #549
    • ๐Ÿ”€ sync: add oldsync scope (#550) r=@rfk (f2e7bb4), closes #550
    • token: reject expired tokens (4f519ca), closes #365
    • tokens: add support for password change and reset event (#485) r=rfk (f5873f9), closes #485 #481
    • tokens: allow using JWT grants from Service Clients (55f88a9), closes #328
    • tokens: allow using JWT grants from Service Clients (0a0e303), closes #328
    • untrusted-clients: restrict scopes that untrusted clients can request (8fd228a), closes #243
    • ๐Ÿ‘Œ verify: add opt out parameter to verify endpoint (e4c54ff), closes #358
    • ๐Ÿ‘Œ verify: added 'client' to /verify response (4c57551), closes #149

    JsonFormatter

    • outputs JSON in same format as fxa-auth-server (c89ca92)

    ๐Ÿ”จ Refactor

    • client: scope added in memory and sql (#445) r=vladikoff (4efc383), closes #445 #431
    • clients: remove terms and privacy uris (5c1e0be), closes #406
    • config: Use human-readable duration values in config (20aa8fa)
    • db: add hashedSecret column to clients (9ceaf1f), closes #155
    • db: clients.secret to clients.hashedSecret, remove clients.whitelisted (155d2ce), closes #155 #267
    • email: Fixes #352 Remove ability to fetch email address (#543) r=@shane-tomlinson (068bd4b), closes #352 #543
    • keys: rename keyMaterial, timestamp to keyRotationSecret, kโ€ฆ (#500) r=@rfk (48ec2a3), closes #500
    • ๐Ÿ‘• lint: remove jscs, update eslint rules (#477), r=@vbudhram (8bc148a), closes #477

    โช Reverts

    • keys: Check lastAuthAt freshness when fetching key data (5d772f6)
    • โช service-tokens): Revert "docs(service-clients: Document Service Clients, JKUs, and JWTs" (6be9ac2)
    • โช service-tokens): Revert "feat(tokens: allow using JWT grants from Service Clients" (d3cc78a)
    • tokens: dont reject expired tokens, again (e8b563e)

    โœ… test

    • api: rename assertRequestParam to assertInvalidRequestParam (3f00eb3), closes #280
    • db: fixing db.removeUser tests for mysql (94f96bf)

    ๐Ÿ’ฅ BREAKING CHANGES

    • [object Object]
    • [object Object]
    • [object Object]

  • v1.123.3 Changes

    November 01, 2018

    ๐Ÿ› Bug Fixes

    • โœ… tests: fix the geodb location assertions again (90449d4)
    • โœ… tests: remove assertions of profileChangedAt property (565d2c8)

    chore

    • errors: make email-sending errors a 422 for new addresses (17e787b)

  • v1.123.2 Changes

    October 24, 2018

    ๐Ÿ› Bug Fixes

    • metrics: ensure metrics context is propagated from /account/reset (48ed7be)

  • v1.123.1 Changes

    October 23, 2018

    ๐Ÿ› Bug Fixes

    • metrics: ensure email events use stashed flow data where applicable (2168ea7)

  • v1.123.0 Changes

    October 16, 2018

    ๐Ÿ› Bug Fixes

    • email: handle the new error structure from fxa-email-service (787031f)
    • email: include data from headers in email sent events (28a4a53)
    • email: throw error for failed emails during account creation (75815f2), closes #2565
    • emails: expose config to append domain to verification emails (510bf08)

    chore

    • deps: Update commander, jsxgettext-recursive to remove security warnings. (7185ad8)

  • v1.122.2 Changes

    October 04, 2018

    ๐Ÿ› Bug Fixes

    • commands: Assign default TTL to send-tab commands (6afb0e3)

  • v1.122.1 Changes

    October 03, 2018

    chore

    • ๐Ÿ“„ docs: add missing private releases to change log (47ea091)
    • ๐Ÿ“ฆ package: npm shrinkwrap (081f7d8)