- The
completeInTarget
authorize option defaults totrue
if the app was loaded in an iframe - The
redirectUri
option accepts absolute URLs and does not append "/" to them - The
refresh
client method will now use basic authorization for confidential clients - The
refresh
client method will now try to make its request both with and without credentials - The
request
client method will now return the response object if the response status is 201 (can get thelocation
header after create) - Added the
getState
method of theClient
for state introspections