Bump @inrupt/solid-client-authn-core from 3.1.1 to 4.0.0

[dependabot]

Bumps @inrupt/solid-client-authn-core from 3.1.1 to 4.0.0.

Release notes

Sourced from @​inrupt/solid-client-authn-core's releases.

v4.0.0

Breaking changes

oidc-browser

Note that these changes are unlikely to impact a client application.

• Replaced @inrupt/oidc-client dependency with oidc-client-ts (^3.5.0), the actively maintained TypeScript successor.
• Removed re-exports: Version, CordovaPopupNavigator, CordovaIFrameNavigator (no longer available upstream).
• Changed SigninRequest and OidcClientSettings to type-only exports.

node

• A new signature was introduced for getSessionFromStorage in release 2.3.0. The legacy signature is deprecated, and will be removed with the 4.0.0 major release. Using the more recent API to manage Sessions based on the associated tokens should be preferred, as it allows to not rely on in-memory scale, making it easier to scale horizontally. Prefer using session.events.on(EVENTS.NEW_TOKENS, ...) to get the tokens, and Session.fromTokens to build the Session object.

// Deprecated signature
const session = await getSessionFromStorage(
  sessionId,
  storage,
  onNewRefreshToken,
  refresh,
);
// Replacement signature
const session = await getSessionFromStorage(sessionId, {
  storage,
  onNewRefreshToken,
  refresh,
});

• The event EVENTS.NEW_REFRESH_TOKEN is being replaced by EVENTS.NEW_TOKENS which returns all the tokens a client can store for refreshing a session.

Bugfix

core

• Fix issue using the library with Bun by adding missing extractable flag to the DPoP keys so that they can be serialized on the appropriate events. Thanks to @​NoelDeMartin for fixing this issue.

node

• Sessions built from Session.fromTokens now have a correct expiration time triggering refresh in the fetch. Thanks to @​NoelDeMartin for fixing this issue.

browser

... (truncated)

Changelog

Sourced from @​inrupt/solid-client-authn-core's changelog.

4.0.0 - 2026-03-30

Breaking changes

oidc-browser

Note that these changes are unlikely to impact a client application.

• Replaced @inrupt/oidc-client dependency with oidc-client-ts (^3.5.0), the actively maintained TypeScript successor.
• Removed re-exports: Version, CordovaPopupNavigator, CordovaIFrameNavigator (no longer available upstream).
• Changed SigninRequest and OidcClientSettings to type-only exports.

node

• A new signature was introduced for getSessionFromStorage in release 2.3.0. The legacy signature is deprecated, and will be removed with the 4.0.0 major release. Using the more recent API to manage Sessions based on the associated tokens should be preferred, as it allows to not rely on in-memory scale, making it easier to scale horizontally. Prefer using session.events.on(EVENTS.NEW_TOKENS, ...) to get the tokens, and Session.fromTokens to build the Session object.

// Deprecated signature
const session = await getSessionFromStorage(
  sessionId,
  storage,
  onNewRefreshToken,
  refresh,
);
// Replacement signature
const session = await getSessionFromStorage(sessionId, {
  storage,
  onNewRefreshToken,
  refresh,
});

• The event EVENTS.NEW_REFRESH_TOKEN is being replaced by EVENTS.NEW_TOKENS which returns all the tokens a client can store for refreshing a session.

Bugfix

core

• Fix issue using the library with Bun by adding missing extractable flag to the DPoP keys so that they can be serialized on the appropriate events. Thanks to @​NoelDeMartin for fixing this issue.

node

• Sessions built from Session.fromTokens now have a correct expiration time triggering refresh in the fetch. Thanks to @​NoelDeMartin for fixing this issue.

... (truncated)

Commits

• 0e92414 Release 4.0.0 (#4242)
• cfc2316 Bump @​rollup/plugin-commonjs from 29.0.0 to 29.0.2 (#4240)
• 5e3bbc6 Bump @​nx/nx-win32-x64-msvc from 22.6.1 to 22.6.3 (#4241)
• 898efa8 Bump actions/deploy-pages from 4 to 5 (#4238)
• 4940574 Fix silent auth redirect with expired client credentials (#4237)
• 5df8792 Bump next from 16.1.7 to 16.2.1 (#4234)
• 79e7620 Bump typedoc from 0.28.17 to 0.28.18 (#4235)
• 3360d69 Bump handlebars from 4.7.8 to 4.7.9 (#4236)
• 7fdea74 Bump picomatch from 2.3.1 to 2.3.2 (#4231)
• 07e1470 Migrate to oidc-client-ts (#4230)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)