From 4dc70dd1a9960faa46587d3e2c1ab8cbbe070c3a Mon Sep 17 00:00:00 2001
From: Noel De Martin <noel@noeldemartin.com>
Date: Thu, 19 Feb 2026 07:31:18 +0100
Subject: [PATCH 1/2] Fix exporting jwk

---
 packages/core/src/authenticatedFetch/dpopUtils.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/packages/core/src/authenticatedFetch/dpopUtils.ts b/packages/core/src/authenticatedFetch/dpopUtils.ts
index f3e214d8f2..0ac454c56a 100644
--- a/packages/core/src/authenticatedFetch/dpopUtils.ts
+++ b/packages/core/src/authenticatedFetch/dpopUtils.ts
@@ -71,6 +71,7 @@ export async function createDpopHeader(
 export async function generateDpopKeyPair(): Promise<KeyPair> {
   const { privateKey, publicKey } = await generateKeyPair(
     PREFERRED_SIGNING_ALG[0],
+    { extractable: true },
   );
   const dpopKeyPair = {
     privateKey,

From f7ce96a3124a9fe2e7e1ad3b1cc6730a19da908e Mon Sep 17 00:00:00 2001
From: Nicolas Ayral Seydoux <nseydoux@inrupt.com>
Date: Wed, 25 Mar 2026 13:44:06 +0100
Subject: [PATCH 2/2] Update changelog

---
 CHANGELOG.md | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fd1ddd7e0d..1f45377f0b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -33,6 +33,17 @@ const session = await getSessionFromStorage(sessionId, {
 
 The following changes have been implemented but not released yet:
 
+### Bugfix
+
+#### core
+
+- Fix issue using the library with Bun by adding missing `extractable` flag to the DPoP keys so that they can be serialized on the
+  appropriate events. Thanks to @NoelDeMartin for fixing this issue.
+
+#### node
+
+- Sessions built from `Session.fromTokens` now have a correct expiration time triggering refresh in the fetch. Thanks to @NoelDeMartin for fixing this issue.
+
 ## [3.1.1](https://github.com/inrupt/solid-client-authn-js/releases/tag/v3.1.1) - 2025-10-29
 
 ### Bugfix