Releases: AuthPlane/ts-sdk
Releases · AuthPlane/ts-sdk
Release list
v0.2.0
Released commit: c35c8f52b3e40b4bfdfef3ebcf12a1904185a280
@authplane/fastmcp: supportfastmcp4.x in addition to 3.35+. Consumers usingOAuthProxydirectly must setallowedRedirectUriPatternsthemselves — fastmcp 4.0 removed the default value (CWE-601 fix).@authplane/sdk:wwwAuthenticate(error, options)gainsresourceMetadataUrl(RFC 9728 §5.1) andscope(RFC 6750) options, sanitises interpolated values against header injection (RFC 9110 §11.4), and emits theBearerscheme forDPoPNotSupported.@authplane/fastmcpand@authplane/mcp: authentication failures now emit a per-errorWWW-Authenticatechallenge viahttpStatus+wwwAuthenticatefrom@authplane/sdk/core. DPoP failures use theDPoPscheme (RFC 9449 §7.1);resource_metadatais always included andscopewhenrequiredScopesis configured.@authplane/mcp: upstream authorization-server fetch failures (JWKSFetchError,MetadataFetchError) now return503with aWWW-Authenticatechallenge (RFC 7235 §4.1) instead of a generic500. Rely on the HTTP status, not the responseerrorfield, when deciding whether to retry.- Migration —
@authplane/fastmcp:AuthplaneTokenVerifier.verifyAccessTokennow propagatesAuthplaneErrorinstead of returningundefined; wrap directtokenVerifiercalls in try/catch. - Migration —
@authplane/mcp:AuthplaneTokenVerifier.verifyAccessTokennow propagatesAuthplaneErrorinstead of the MCP SDK'sInvalidTokenError; switchinstanceof InvalidTokenErrorchecks toinstanceof AuthplaneError, or adopt thebearerAuthmiddleware.