0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2024-12-16 20:26:19 -05:00
logto/.changeset/green-parents-switch.md
simeng-li 3d98852334
chore(core): bump oidc version (#3941)
* chore(core): bump oidc version

bump oidc version

* fix(core): fix userId not found bug

fix userId in session not found bug
2023-06-01 16:20:08 +08:00

11 lines
604 B
Markdown

---
"@logto/core": patch
---
## Bump oidc-provider version
Bump oidc-provider version to [v8.2.2](https://github.com/panva/node-oidc-provider/releases/tag/v8.2.2). This version fixes a bug that prevented the revoked scopes from being removed from the access token.
> Issued Access Tokens always only contain scopes that are defined on the respective Resource Server (returned from features.resourceIndicators.getResourceServerInfo).
If the scopes are revoked from the resource server, they should be removed from the newly granted access token. This is now fixed in the new version of oidc-provider.