4.1.0

Features

• #65 Supports lazy loaded routes in OktaAuthGuard
• #66 Adds lite role/group based authorization directive (*oktaHasAnyGroup) to only render content for authorized users (users in groups)

4.0.0

Breaking Changes

#60 See MIGRATING for detailed information

• Enables injecting oktaAuth instance via OktaConfig
• Replaces the OktaAuthService with the injected OktaAuth instance
• Removes oktaAuth related configs from OktaConfig
• Removes isAuthenticated callback option from OktaConfig
• Removes OktaLoginRedirectComponent

Features

#60 Adds OktaAuthStateService that exposes an observable authState$

3.2.2

Bug Fixes

#51 Fixes token auto renew by using @okta/okta-auth-js ^5.2.3

3.2.1

Bug Fixes

#48 fix: start tokenService on login redirect

3.2.0

Other

#40 Requires @okta/okta-auth-js 5.x

3.1.0

Features

#33 Adds option onAuthResume to resume authorization flow on custom login page.

3.0.1

Bug Fixes

#9 fix: handle --base-href option

3.0.0

#5 Release 3.0.0 - OktaAuthService now inherits from an instance of @okta/okta-auth-js so all configuration options and public methods are available. See MIGRATING for detailed information.

2.2.1

Bug Fixes

#2 Builds library using Angular 7 package format for compatiblity with Angular 7+.

Features

#794 OktaAuthService.getUser only uses /userinfo endpoint to retrieve user claims. OktaAuthService.getUser should be the recommended method to acquire user information as idToken.claims may become stale due to data updating.

#867 The current instance of the OktaAuthService is passed to isAuthenticated callback function.

2.0.0

#690

Features

• OktaCallbackComponent will catch and display exceptions thrown from handleAuthentication()
• onAuthRequired callbacks will now receive the Angular injector as the 2nd parameter. This change allows logic using any services available within your application.

Bug Fixes

• Saved URI is now stored in sessionStorage instead of localStorage. This fixes an issue which can occur when multiple instances of the app are loading at the same time.
• OktaCallbackComponent uses window.location.replace() to complete the login flow after handleAuthentication completes. This fixes an issue where the user could navigate back to the callback hander.

Breaking Changes

• Signature for onAuthRequired callback functions has changed. Callbacks will receive the OktaAuthService as the first argument, and the Angular Injector as the second argument.
• Static initializer OktaAuthModule.initAuth() has been removed. OKTA_CONFIG should be provided directly by your module.
• getFromUri now returns an absolute URI as a string
• setFromUri takes a string. If it is a relative path, it will be converted to an absolute URI before being saved.
• Legacy config formats are no longer supported. See Configuration Reference for supported values.
• The pkce option now defaults to true, using the Authorization Code w/PKCE flow
  • Those using the (previous default) Implicit Flow should pass pkce: false to their config
  • See the @okta/okta-auth-js README regarding PKCE OAuth2 Flow for PKCE requirements
    • Which include the Application settings in the Okta Admin Dashboard allowing for PKCE

Other

• Upgrades @okta/okta-auth-js to version 3.0.0