[Question]: Should the changes in version 18.0.2 be considered breaking changes?

[iroman91]

What Version of the library are you using?
18.0.2

Question

Recently, we encountered a problem with our mobile apps which stemmed from the release of the angular-auth-oidc-client package version 18.0.2. In the Angular package.json file we use the caret (^) range specifier for nearly every package version. This means that the package manager installs any version compatible with the specified version, according to semantic versioning (SemVer) rules. In our case, ^18.0.1 means that the package manager can install any version between >=18.0.1 and <19.0.0. This allows updates for minor and patch versions, but not for major versions, as major versions may introduce breaking changes.
As a result, npm update command updates package to the minor version 18.0.2. In this version, a breaking change was introduced, which should not occur in a patch version and this broke our mobile apps. A new configuration property, checkRedirectUrlWhenCheckingIfIsCallback, was added and defaults to true. This property checks whether the current URL matches the redirect URI when determining if the current URL is the redirect URI. For mobile apps, we use scheme URLs that differ from the current URL, which causes the authentication process to fail. Setting this property to false in the mobile configuration resolves the issue and restores app functionality.
It was a significant challenge to identify the root cause!

Should the changes in version 18.0.2 be considered breaking changes?

[daze99]

I think it should. I experienced the same issue. @iroman91 Thanks for posting this, it saved me quite some investigation time.