6.3.0

Features

#172 Adds errorComponent prop to SecureRoute to handle internal handleLogin related errors

6.2.0

Other

#159 Updates internal dependency

6.1.0

Features

#67 Adds loadingElement prop to LoginCallback component

Bug Fixes

#146 Fixed TypeScript definitions
#112 Only unsubscribe the AuthStateManager handler subscribed by <Security />
#152 Fix token auto renew by using @okta/okta-auth-js ^5.2.3

6.0.0

Breaking Changes

#120 Requires @okta/okta-auth-js 5.x
- Initial AuthState is null
- Removed isPending from AuthState
- Default value for originalUri is null
#127 Moves @okta/okta-auth-js from dependencies list to peerDependencies

5.1.2

Bug Fixes

#122 Locks the SDK with installed okta-auth-js major version

5.1.1

Bug Fixes

#105 Catches and displays errors in LoginCallback

5.1.0

Features

#104 Adds support for onAuthResume to LoginCallback for interaction_required OAuth errors (requires okta-auth-js 4.8+)

5.0.0

Breaking Changes

#71 Adds required prop restoreOriginalUri to Security that will override restoreOriginalUri callback of oktaAuth

4.1.1

Bug Fixes

#56 Fixes basename duplication on navigate from callback route.

4.1.0

Other

#56OktaContext::OnAuthRequiredFunction return type is updated to Promise<void> | void

4.0.0

Breaking Changes

#8 See MIGRATING for detailed information.
- Replaces authService with instance of @okta/okta-auth-js so all configuration options and public methods are available.
- By default isAuthenticated will be true if both accessToken and idToken are valid
- Changes @okta/okta-auth-js as peerDependency

Features

#8 Accepts onAuthRequired prop in SecureRoute component to override the existing callback for the route
#39 Exposes ES module bundle from package module field
#44 Adds support for Typescript

3.0.10

Bug Fixes

#36 fixes issue with SecureRoute that caused multiple calls to login()

3.0.9

Bug Fixes

#17 fixes authState.isPending issue in login/logout process

3.0.8

Other

Upgrades internal dependencies

3.0.7

Bug Fixes

#903 fixes SecureRoute to not require authentication unless the route matches

3.0.6

Bug Fixes

#884 Stores secureReferrerPath in sessionStorage to avoid race condition for multiple tabs

3.0.5

Bug Fixes

#872 Adjusts <SecureRoute> so that it enforces authentication requirement for components passed via "render" or "children" in addition to "component"
- NOTE: <SecureRoute>, like react-router <Route>, only wants ONE of the three ways of passing wrapped components per route
- This should also address cases where components loaded through SecureRoute were being unnecessarily unmounted/remounted

3.0.4

Bug Fixes

#848 Removes onSessionExpired behavior.

3.0.3

Bug Fixes

#826 Fix stale authState in React context by listening on expired event from authJs.tokenManager, then update the authState in context properly.

3.0.2

Bug Fixes

[#802]
- The minimum version of okta-auth-js is updated to 3.1.2 from 3.0.0 to help address an issue with overlapping PKCE renewal requests.
- <SecureRoute> should now pass the same react-router properties to wrapped components that <Route> does.
- Passing custom props to a component using the render property of <SecureRoute> should now work

3.0.1

Features

[#738] <LoginCallback/> now accepts an optional errorComponent prop that accepts a component that can be passed an error object.
- By default <LoginCallback/> will render with the <OktaError/> component

Bug Fixes

<LoginCallback> now triggers only after authState.isPending is false, removing the problem of as error message from parsing the tokens from the url being cleared by the pending authState determination. See #719
[#738] <Security> now memoizes if it creates an instance of AuthService so as to not create new instances on re-renders

3.0.0

Breaking Changes

Uses/requires @okta/okta-auth-js 3.x
- Notably, this means pkce now defaults to true
  - See the @okta/okta-auth-js README regarding PKCE OAuth2 Flow for requirements
  - The settings for the Application on your Okta Admin Dashboard must include allowing PKCE
  - If you are using the (previous default) Implicit Flow, you should set pkce: false
<Security> no longer creates a <div> wrapper around its children
- The className property of <Security> is no longer used
- Existing applications that rely on this <div> can add it themselves as a parent or direct child of <Security>

2.0.1

Bug Fixes

#700 LoginCallback: render error as string

2.0.0

Features

Now offers synchronous access to the authentication state (after the first asynchronous determination)
Now offers the following React Hook (2.x requires React 16.8+)
- useOktaAuth
Now can be used with other routers than react-router
- React Router 5 continues to be supported, but is now optional
- Routers other than React-Router will have to write their own version of LoginCallback component

Breaking Changes

Requires React 16.8+
If using react-router, requires react-router 5+
See the Migration from 1.x to 2.0 section of the README for details on migrating your applications
- Auth.js and the auth parameter to <Security> have been renamed to AuthService.js and authService
- <ImplicitCallback> has been replaced with <LoginCallback>
- auth.IsAuthenticated() has been removed
  - instead use the .isAuthenticated property of the authState object
- withAuth has been replaced with withOktaAuth, which gives slightly different parameters
  - provides authService instead of auth
  - also provides the authState object
- the arguments passed to the optional onAuthRequired() callback provided to the <Security> component have changed
- error handling for authentication is now handled by putting the error into the authState.error property
- auth.setFromUri() is now authService.setFromUri() and is passed a string (instead of an object)
- auth.getFromUri() is now authService.getFromUri() and returns a string (instead of an object)

1.4.1

Bug Fixes

#669 - Fixes ImplicitCallback component so it will not attempt redirect unless getFromUri returns a value. This can occur if multiple instances of the component are mounted.

1.4.0

Features

#648
- Adds a default handler for onSessionExpired
- Adds a new option isAuthenticated which works with onAuthRequired
- Expose TokenManager
- Adds documentation for postLogoutRedirectUri

1.3.1

Bug Fixes

3b95ed - Changes from deprecated 'componentWillMount' to 'componentDidMount'

1.3.0

Features

558696 - Upgrades to @okta/[email protected] which includes new options for signout: 3e8c65

1.2.3

Other

a2a7b3e - Configuration property scope (string) is deprecated in favor of scopes (array).

Bug Fixes

a2a7b3e - Normalize config format for the properties responseType and scopes, used in get token flows. Fully support deprecated config properties request_type and scope as previously documented and used within the okta-react samples.

1.2.2

Features

0453f1d - Adds support for PKCE flow

Other

654550 - All configuration options are now accepted. See Configuration Reference. Camel-case (clientId) is now the preferred syntax for all Okta OIDC libraries. Underscore syntax (client_id) will be deprecated in a future release.

1.2.1

internal version

1.2.0

Features

2ae1eff - Adds TokenManager configuration parameters.

1.1.4

Other

2945461 - Updates @okta/configuration-validation version.

1.1.3

Bug fixes

6242f2d - Fixes an issue where the library was not correctly building the /dist output before publishing to npm.

1.1.2

Features

4fcbdea - Adds configuration validation for issuer, client_id, and redirect_uri when passed into the security component.

Other

c8b7ab5a - Migrate dependencies to project root utilizing yarn workspaces.

1.1.1

Bug fixes

dbfb7de - Fixes an issue where the library would enter an error state when attempting to renew expired tokens (errorCode: login_required).

1.1.0

Features

30fbdd2 - Adds className prop to Security component to allow style overrides.
5603c1f - Allow additional OAuth 2.0 and OpenID request params to be passed in login and redirect methods.
fd42b01 - Allow route params to be passed through the SecureRouter into a nested Route.

1.0.3

Other

Updated @okta/okta-auth-js dependency to version 2.