v6.0.0 #702

2024-10-15T22:07:51Z

github-actions[bot]
bot Oct 15, 2024

⚠ BREAKING CHANGES

openid-client v6.x is a complete rewrite of the openid-client module, this is the first time since 0.1.0 (8 years ago) that the API has drastically changed. The new module structure and API focuses on three core principles:

runtime compatibility (adding support for Deno, Cloudflare Workers, Bun, and other Web API interoperable runtimes)
tree-shakeability (bundles should not contain features that don't end up being used)
less options (removing support for processing deprecated response types, cutting down on the number of combinations that need to handled)

To that end openid-client@6 no longer supports the full cartesian matrix of response types and response modes, it no longer supports issuing encrypted assertions, decrypting assertions is limited to only a few algorithms, it no longer supports Dynamic Client Registration or Management, and Self-Issued OpenID Provider responses are also not supported.

The new API makes basic setups simple while allowing some degree of complexity where needed.

openid-client@6 is an ESM module using ES2022 syntax and it depends on WebCryptoAPI and Fetch API globals being available in the JS runtime.

openid-client@6 is written in TypeScript and its exported types come with comment annotations.

(Node.js) Versions 20.x and newer have all the necessary globals.

(Node.js) CJS style let client = require('openid-client') is possible in versions where process.features.require_module is true. This is a new Node.js feature slated to be released without a CLI flag in 23.x and 22.x

This discussion was created from the release v6.0.0.

thw0rted · 2025-07-28T16:22:26Z

thw0rted
Jul 28, 2025

Hi @panva we just saw the news that 5.x is being discontinued, and based on these release notes it sounds like the API was changed for 6.x. Do the docs include a migration guide for 5.x users switching to 6.x? We are using your Passport strategy, if that makes a difference.

0 replies

Floriferous · 2025-07-31T19:25:03Z

Floriferous
Jul 31, 2025

Why remove support for dynamic client registration?

I'm kind of new to Oauth, but the MCP protocol requires this feature, and therefore I can not use v6, and have to use v5? Or did I miss something.

Source: https://modelcontextprotocol.io/specification/2025-03-26/basic/authorization#standards-compliance

2 replies

panva Jul 31, 2025
Maintainer

https://github.com/panva/openid-client/releases/tag/v6.4.0

Floriferous Jul 31, 2025

Awesome, just found it as well and wanted to come update my comment. Incredible work - thank you so much!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

v6.0.0 #702

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Replies: 2 comments 2 replies

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Uh oh!

v6.0.0 #702

Uh oh!

Uh oh!

github-actions[bot] bot Oct 15, 2024

⚠ BREAKING CHANGES

Replies: 2 comments · 2 replies

Uh oh!

Uh oh!

thw0rted Jul 28, 2025

Uh oh!

Floriferous Jul 31, 2025

Uh oh!

panva Jul 31, 2025 Maintainer

Uh oh!

Floriferous Jul 31, 2025

github-actions[bot]
bot Oct 15, 2024

Replies: 2 comments 2 replies

thw0rted
Jul 28, 2025

Floriferous
Jul 31, 2025

panva Jul 31, 2025
Maintainer