1.8.0

Bug fixes:

• 8fd69c0 - Handles browsers without console APIs (#57 )

You can get the latest release from npm.

1.7.0

Bug fixes:

• 8177501 - Checks for the existence of localStorage or sessionStorage before attempting to use them (#54)

You can get the latest release from npm.

1.6.0

We've further expanded our OAuth 2.0 support to include Shared Authorization Servers (Beta). Now, you can pass a custom issuer, authorizeUrl or userinfoUrl to token.getWithRedirect, token.getWithoutPrompt or token.getWithPopup. We've also made it easier to validate idTokens server-side by using the okta-oauth-state and okta-oauth-nonce cookies. For additional browser-side validation of idTokens, token.verify will validate the signature in browsers that natively support cryptography (Chrome, Edge, Firefox, and Opera).

Features:

• e39e6cd - Adds Shared Authorization Server support (#47)
• 83f2675 - Adds token.verify (#49)
• 82e5a1d - Adds state and nonce cookies for server-side idToken validation (#51)

Other notable changes:

• af21c3b - Adds caching to well-known configuration requests (#48)
• 83f2675 - Deprecates idToken.verify (#49)
• 7310870 - Changes distributed filename from OktaAuth.min.js to okta-auth-js.min.js (#50)

You can get the latest release from npm.

1.5.0

We've expanded our OAuth 2.0 and OpenID Connect support. Now, you can retrieve user details with token.getUserInfo or create an authorization code for server-side flows. Additionally, the tokenManager is no longer necessary to refresh an access or ID token; token.refresh allows you to refresh the token directly.

Features:

• 1c598a6 - Added token.refresh (#39)
• e8ac02c - Added authorization code support (#40)
• a4147b3 - Added token.getUserInfo (#41)
• 28a1700 - Improved performance when refreshing tokens simultaneously (#44)

Bug fixes:

• 1dc62f8 - Made some validation errors easier to catch in the OAuth flows (#43)

Other notable changes:

• b21b9b7 - Deprecated idToken methods in favor of token methods (#42)

You can get the latest release from npm.

1.4.0

We've added support for accessTokens and two new namespaces, token and tokenManager, to handle both idTokens and accessTokens. The token namespace makes it easier to specify how to retrieve your tokens: getWithoutPrompt, getWithPopup, and getWithRedirect. The tokenManager allows tracking tokens and automatically refreshes them for you.

Features:

• 25241e2 - Emit "expired" events when autoRefresh is disabled (#37)
• 71aaf7f - Added tokenManager.on, tokenManager.off, tokenManager.clear, and autoRefresh (#36)
• be508d2 - Added tokenManager.refresh (#35)
• cde3065 - Added tokenManager.add, tokenManager.get, and tokenManager.remove (#31)
• d1b5e54 - Added token.getWithPopup, token.getWithRedirect, and token.parseFromUrl (#30)
• 96c5251 - Added accessToken support to getWithoutPrompt (#28)

Bug fixes:

• db02161 - Added maxClockSkew option (#34)
• ef205fd - Generate config.js instead of config.json (#33)
• 7026830 - Changed dist/browser, changed version header, added maxAge (#32)

You can get the latest release from npm.