v0.8.0

Proxying Support and Enhanced Security Features

This release introduces proxying support and scoped tokens to help secure frontend implementations when using Client Credentials authentication.

Major Features

Proxying Support

• Added baseUrl option to CortiClient and CortiAuth for routing requests through your proxy server
• Support for custom environment objects with fine-grained endpoint control
• Authentication is now optional when using baseUrl or custom environments

WebSocket Proxy Client

• New CortiWebSocketProxyClient for simplified WebSocket proxying with automatic message parsing and reconnection handling

Scoped Tokens

• Added scopes parameter to all authentication methods (getToken, getCodeFlowToken, getPkceFlowToken, getRopcFlowToken)
• Available scopes: "stream" and "transcribe" to limit token access to specific WebSocket endpoints

API Updates

• Updated AgentsMcpServerAuthorizationType: removed "oauth2.1", added "bearer" and "inherit"
• Exposed send() method in StreamSocket and TranscribeSocket for advanced use cases

Documentation

• Added comprehensive Proxying Guide
• Updated Authentication Guide with security notes for Client Credentials

Breaking Changes

None - This release is backward compatible.

v0.8.0-rc.1

SDK regeneration

v0.8.0-rc

Proxying Support and Enhanced Security Features

This release introduces proxying support and scoped tokens to help secure frontend implementations when using Client Credentials authentication.

Major Features

Proxying Support

• Added baseUrl option to CortiClient and CortiAuth for routing requests through your proxy server
• Support for custom environment objects with fine-grained endpoint control
• Authentication is now optional when using baseUrl or custom environments

WebSocket Proxy Client

• New CortiWebSocketProxyClient for simplified WebSocket proxying with automatic message parsing and reconnection handling

Scoped Tokens

• Added scopes parameter to all authentication methods (getToken, getCodeFlowToken, getPkceFlowToken, getRopcFlowToken)
• Available scopes: "stream" and "transcribe" to limit token access to specific WebSocket endpoints

API Updates

• Updated AgentsMcpServerAuthorizationType: removed "oauth2.1", added "bearer" and "inherit"
• Exposed send() method in StreamSocket and TranscribeSocket for advanced use cases

Documentation

• Added comprehensive Proxying Guide
• Updated Authentication Guide with security notes for Client Credentials

Breaking Changes

None - This release is backward compatible.

v0.7.0

What's Changed

• chore: updated npm publishing to use OIDC authentication #35 by @fern-support in #250
• feat: added "flush" and "flushed" events to /stream and /transcribe endpoints by @CortiDevOps in #258

New Contributors

• @fern-support made their first contribution in #250

Full Changelog: v0.6.1...v0.7.0

v0.7.0-rc

fix: comment out node version in CI configuration

v0.6.1

Release notes:

• Updated clientSecret to optional for AuthorizationRefreshServer to handle ROPC and PKCE flows.

v0.6.0

Release notes:

• Added PKCE (Proof Key for Code Exchange) flow support with authorizePkceUrl(), getCodeVerifier() and getPkceFlowToken() methods
• Added ROPC (Resource Owner Password Credentials) flow support with getRopcFlowToken() method
• Added CortiSDKError base class for SDK-specific runtime errors

v0.6.0-rc

refactor: added optional refreshToken

v0.5.0

What's Changed

Bearer token configuration improvements

The SDK now automatically extracts tenantName, environment, and expiry information from JWT tokens, making these parameters optional when using bearer token authentication.

PRs

• Parse token when passed and make other CortiClient parameters optional by @markitosha in #242

Full Changelog: v0.4.0...v0.5.0

v0.5.0-rc

What's Changed

• Parse token when passed and make other CortiClient parameters optional by @markitosha in #242

Full Changelog: v0.4.0...v0.5.0-rc