4.1.1

Bug Fixes

• #535 Respects scopes that are set in the constructor

4.1.0

Features

• #869
  • Implements AuthStateManager to evaluate and emit latest authState. Exposes new methods from AuthStateManager:
    • authStateManager.getAuthState
    • authStateManager.updateAuthState
    • authStateManager.subscribe
    • authStateManager.unsubscribe
  • Adds new methods in sdk browser scope:
    • sdk.signInWithCredentials
    • sdk.signInWithRedirect
    • sdk.isAuthenticated
    • sdk.getUser
    • sdk.getIdToken
    • sdk.getAccessToken
    • sdk.storeTokensFromRedirect
    • sdk.setOriginalUri
    • sdk.getOriginalUri
    • sdk.removeOriginalUri
    • sdk.isLoginRedirect
    • sdk.handleLoginRedirect
  • Deprecates method in sdk browser scope:
    • sdk.signIn
  • Adds new methods in sdk.tokenManager:
    • tokenManager.getTokens
    • tokenManager.setTokens
  • Accepts new options
    • transformAuthState
    • restoreOriginalUri
    • autoRemove
    • devMode
• #469 Adds "rate limiting" logic to token autoRenew process to prevent too many requests be sent out which may cause application rate limit issue.
• #503 Supports relative uri for options.redirectUri
• #478 Adds cross tabs communication to sync AuthState.
• #525 Adds new methods hasResponseType, isPKCE, isAuthorizationCodeFlow. The option responseType is now accepted in the constructor.

Bug Fixes

• #468 Fixes issue where HTTP headers with an undefined value were being sent with the value "undefined". These headers are now removed before the request is sent.
• #514 Fixes OAuth redirect params issue in legacy browsers.

4.0.3

Bug Fixes

• #468 Fixes issue where HTTP headers with an undefined value were being sent with the value "undefined". These headers are now removed before the request is sent.
• #514 Fixes OAuth redirect params issue in legacy browsers.
• #520 token.isLoginRedirect will check that current URL matches the redirectUri

3.2.6

Bug Fixes

• #522 Fixes token.isLoginRedirect issue with code query params in url
• #517 Fixes OAuth redirect params issue in legacy browsers

4.0.2

• #491 Fixes issue with OAuth param cookie when using self-hosted signin widget

• #489 Fixes sameSite cookie setting when running on HTTP connection

3.2.5

• #491 Fixes issue with OAuth param cookie when using self-hosted signin widget

• #489 Fixes sameSite cookie setting when running on HTTP connection

4.0.1

Bug Fixes

• #473 Fixes login issue when cookies are blocked or used as shared state storage

3.2.4

Bug Fixes

• #473 Fixes login issue when cookies are blocked or used as shared state storage

4.0.0

Features

• #413 Adds support for Typescript. Uses named exports instead of default export.
• #444 New method tokenManager.hasExpired to test if a token is expired

Breaking Changes

• #444
  • Implements "active" autoRenew. Previously tokens would be renewed or removed when calling tokenManager.get. Now they will be renewed or removed in the background. If autoRenew is true, tokens will be renewed before expiration. If autoRenew is false, tokens will be removed from storage on expiration.
  • onSessionExpired option has been removed. TokenManager events can be used to detect and handle token renewal errors.
  • tokenManager.get no longer implements autoRenew functionality (autoRenew is done by a separate process within TokenManager). Even with autoRenew, it is possible that the token returned from the TokenManager may be expired, since renewal is an asynchronous process. New method tokenManager.hasExpired can be used to test the token and avoid this potential race condition.

3.2.3

Bug Fixes

• signout XHR fallback logic: reloads if postLogoutRedirectUri === origin (#440)
• clears access token from storage after being revoked (#445)