Compatibility Notes
- [core] Stop using client credentials to fetch public keys for token verification.
- [core] Replace own implementation for requesting user tokens and client credential tokens from the XSUAA service with the
@sap/xssec
library.
New Functionality
- [core] Support authentication through client certificates (X.509) in client credentials grant requests.
Improvements
- [core] Reduce the number of warnings when selecting an XSUAA instance.
Fixed Issues
- [core] Fix verification key retrieval to match the given key id (
kid
). - [core] Fix the missing export for files under
http-agent
directory. - [core] Support using custom http(s)Agent when sending CSRF token requests.
- [core] Fix URL encoding for
$orderby
query parameter of OData requests.