oauth4webapi 2.17.0 → 3.0.1

package/README.md

@@ -1,4 +1,6 @@
-# Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
+# oauth4webapi
+
+> Low-Level OAuth 2 / OpenID Connect Client API for JavaScript Runtimes
 
 This software provides a collection of routines that can be used to build client modules for OAuth 2.1, OAuth 2.0 with the latest Security Best Current Practices (BCP), and FAPI 2.0, as well as OpenID Connect where applicable. The primary goal of this software is to promote secure and up-to-date best practices while using only the capabilities common to both browser and non-browser JavaScript runtimes.
 
@@ -17,6 +19,16 @@ The following features are currently in scope and implemented in this software:
 - JWT Secured Introspection, Response Mode (JARM), Authorization Request (JAR), and UserInfo
 - Validating incoming JWT Access Tokens
 
+## Sponsor
+
+<picture>
+  <source media="(prefers-color-scheme: dark)" srcset="./sponsor/Auth0byOkta_dark.png">
+  <source media="(prefers-color-scheme: light)" srcset="./sponsor/Auth0byOkta_light.png">
+  <img height="65" align="left" alt="Auth0 by Okta" src="./sponsor/Auth0byOkta_light.png">
+</picture>
+
+If you want to quickly add authentication to JavaScript apps, feel free to check out Auth0's JavaScript SDK and free plan. [Create an Auth0 account; it's free!][sponsor-auth0]<br><br>
+
 ## [Certification](https://openid.net/certification/faq/)
 
 [<img width="96" height="50" align="right" src="https://user-images.githubusercontent.com/241506/166977513-7cd710a9-7f60-4944-aebe-a658e9f36375.png" alt="OpenID Certification">](#certification)
@@ -37,7 +49,7 @@ Support from the community to continue maintaining and improving this module is
 
 ## [Examples](examples/README.md)
 
-**`example`** ESM import
+**`example`** ESM import[^cjs]
 
 ```js
 import * as oauth from 'oauth4webapi'
@@ -64,7 +76,6 @@ import * as oauth from 'oauth4webapi'
   - FAPI 2.0 Security Profile - [source](examples/fapi2.ts) | [diff](examples/fapi2.diff)
   - FAPI 2.0 Message Signing - [source](examples/fapi2-message-signing.ts) | [diff](examples/fapi2-message-signing.diff)
 
-
 ## Supported Runtimes
 
 The supported JavaScript runtimes include those that support the utilized Web API globals and standard built-in objects. These are _(but are not limited to)_:
@@ -74,14 +85,17 @@ The supported JavaScript runtimes include those that support the utilized Web AP
 - Cloudflare Workers
 - Deno
 - Electron
-- Node.js ([runtime flags may be needed](https://github.com/panva/oauth4webapi/issues/8))
+- Node.js
 - Vercel's Edge Runtime
 
-## Out of scope
+## Supported Versions
+
+| Version                                                 | Security Fixes 🔑 | Other Bug Fixes 🐞 | New Features ⭐ |
+| ------------------------------------------------------- | ----------------- | ------------------ | --------------- |
+| [v3.x](https://github.com/panva/oauth4webapi/tree/v3.x) | ✅                | ✅                 | ✅              |
+| [v2.x](https://github.com/panva/oauth4webapi/tree/v2.x) | ❌                | ❌                 | ❌              |
+| [v1.x](https://github.com/panva/oauth4webapi/tree/v1.x) | ❌                | ❌                 | ❌              |
 
-The following features are currently out of scope:
+[sponsor-auth0]: https://auth0.com/signup?utm_source=external_sites&utm_medium=panva&utm_campaign=devn_signup
 
-- CommonJS
-- Implicit, Hybrid, and Resource Owner Password Credentials Flows
-- JSON Web Encryption (JWE)
-- Automatic polyfills of any kind
+[^cjs]: CJS style `let oauth = require('oauth4webapi')` is possible in Node.js versions where `process.features.require_module` is `true` or with the `--experimental-require-module` Node.js CLI flag.