All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog
- [Breaking change] Upgraded aws-sdk to v3 which has
SecretsManagerandKMSreplaced bySecretsManagerClientandKMSClientclass. The functionality and interface remains the same, the imports need to be changed.
HttpClient options now accept clientExceptionStatusCodeMapOverride which can be used to override the default HTTP error status code mapping. This is useful e.g. when a dependent service is not following REST-ful best practices and e.g. returns a 403 when there's an intermittent network error communicating with the authorization service
Error details of external HTTP error responses are propagated correctly
The getUserToken() and getUserPrincipal() order was wrongly set in version 5.3.0. The new fixed
priority order:
getUserToken()
request.authorizerContext.jwtrequest.authorizerContext.accessToken(new)request.headers.Authorization
getUserPrincipal()
authorizerContext.canonicalId(prefer canonicalId)authorizerContext.principalId(new)request.headers.Authorization
The getUserToken() and getUserPrincipal() methods now support multiple sources of for their values
getUserToken() in priority order:
request.authorizerContext.accessToken(new)request.authorizerContext.jwtrequest.headers.Authorization
getUserPrincipal() in priority order:
authorizerContext.principalId(new)authorizerContext.canonicalIdrequest.headers.Authorization
HttpClient now also logs unexpected (e.g. network) errors that are not coming from Axios
Tracking of canonicalId and correlationId in New Relic.
!IMPORTANT! You must exclude the newrelic module from webpack.config.ts like so:
externals: ['newrelic']
The DeleteRequest model.
The error middleware logs 4xx errors with log level WARN (previously INFO).
Upgraded jsonwebtoken version to 9.0.0 and aws-sdk to version 2.1287.0
Removed client_secret from API response
Add timeout option in HttpClient. If no value is provided the default is no timeout.
Removed logging of client_secret
The fix described in 5.1.4 missed one instance where the bug can occur. This change covers all known instances.
Using baseURL in the axios config without specifying the full URL resulted in an error in the exception handling. So the AxiosError was thrown instead of a customer ClientException.
RequestLogger now logs only Host, 'User-Agent, orion-correlation-id-parent, orion-correlation-id-root` headers.
Properties stageVariables, isBase64Encoded and route from openapi-factory are available in the Typescript definitions.
HttpApi payload version 2.0 events supported for openApiWrapper.
Dependencies aren't pinned to a fixed version to allow users of the library to independently upgrade minor (devDependencies) and patch (dependencies) versions. This will simplify fixing security alerts faster than in this library, for example by applying npm audit fix.
- [Breaking change]
TokenProviderwas replaced by more specificKmsTokenProviderclass. The functionality and interface remains the same, the imports need to be changed.
- New
SecretsManagerTokenProviderthat relies on AWS Secrets Manager to retrieve client ID and client secret. The advantage of using AWS Secrets Manager is that it can be supplied with a secret rotation function.
ClientException now maps HTTP 422 client responses to HTTP 422 server responses (was HTTP 503 before).
Expose the Location, Access-Control-Allow-Origin and orion-correlation-id-root headers
ApiResponsedefault content-type header was renamed toContent-Typeto overwrite the default header of openapi-factory.js- Also upgraded
openapi-factory.jsto get support of over-writing response headers
ApiResponsedefault content-type header was changed fromapplication/links+jsontoapplication/hal+json
HttpClientthe retryAdapterEnhancer axios adapter was replaced by the more flexible axios-cache-adapter.- [Breaking change]
HttpClientOptions.cacheOptionsnow accepts extensive cache configuration. - The cache is now partitioned by
canonical_idJWT claim.
- Downgraded Axios to 0.21.1 due to response interceptors not being applied correctly in 0.21.2. There has been a fix to axios but a version with the fix is not available yet.
HttpClientthe retryAdapterEnhancer axios adapter was replaced by the more flexible retry-axios interceptor.- [Breaking change]
HttpClientOptions.retryOptionsnow accepts extensive retry configuration such as specifying HTTP status codes that should be retried. - [Breaking change] All HTTP status codes are no longer retried by default. The new default are these ranges:
- [100, 199] Informational, request still processing
- [429, 429] Too Many Requests
- [500, 599] Server errors
- Some HTTP error log statements were throwing exceptions. This was due to accessing
error.request.headers[orionCorrelationIdRoot]from Axios error object, where theheadersobject wasundefined. The correct field waserror.config.headers.
HttpClientlogs additional request data (query parameters, body).
HttpClientOptionsnow acceptslogOptionsobject that allows enabling informational request and response (new) logs.
{
logOptions: {
enabledLogs: [HttpLogType.requests, HttpLogType.responses];
}
}- ClientException propagates the original status code and details through multiple services. E.g. instead of
error.detials?.data.details?.userDefinedPropuseerror.details?.userDefinedProp
- ClientException no longer wraps details in an
errorproperty. Instead oferror.details?.error.userDefinedPropuseerror.details?.userDefinedProp
- [IMPORTANT!] HttpClient throws serialized Axios errors through ClientExceptions.