Skip to content

Releases: okta/okta-auth-js

4.6.2

04 Feb 16:40
@aarongranick-okta aarongranick-okta
okta-auth-js-4.6.2
97a4627
This commit was signed with the committer’s verified signature.
eng-prod-CI-bot-okta
GPG key ID: 123C983BA145F2E1
Learn about vigilant mode.
Compare
Choose a tag to compare
4.6.2

Bug Fixes

  • #616 Fixes issue with fetch on IE Edge versions 14-17.
Assets 2
Loading

4.6.1

16 Jan 00:23
@swiftone swiftone
okta-auth-js-4.6.1
750f028
This commit was signed with the committer’s verified signature.
eng-prod-CI-bot-okta
GPG key ID: 123C983BA145F2E1
Learn about vigilant mode.
Compare
Choose a tag to compare
4.6.1

Bug Fixes

  • #595 Ports fix for overeager catch when using refresh token originally from #579
Assets 2
Loading

4.6.0

13 Jan 22:16
@aarongranick-okta aarongranick-okta
okta-auth-js-4.6.0
eec479f
This commit was signed with the committer’s verified signature.
eng-prod-CI-bot-okta
GPG key ID: 123C983BA145F2E1
Learn about vigilant mode.
Compare
Choose a tag to compare
4.6.0

Features

  • #585 Uses native fetch, if available

Other

  • #583 Better error handling for redirect flows: if redirect URI contains error or error_description then isLoginRedirect will return true and parseFromUrl will throw OAuthError
Assets 2
Loading

4.5.1

13 Jan 22:17
@aarongranick-okta aarongranick-okta
okta-auth-js-4.5.1
cf94b3a
This commit was signed with the committer’s verified signature.
eng-prod-CI-bot-okta
GPG key ID: 123C983BA145F2E1
Learn about vigilant mode.
Compare
Choose a tag to compare
4.5.1

Bug Fixes

  • #579 Removes overeager catch when using refresh token
Assets 2
Loading

4.5.0

17 Dec 21:17
@aarongranick-okta aarongranick-okta
okta-auth-js-4.5.0
d93cfc6
This commit was signed with the committer’s verified signature.
eng-prod-CI-bot-okta
GPG key ID: 123C983BA145F2E1
Learn about vigilant mode.
Compare
Choose a tag to compare
4.5.0

Features

  • #567 Adds new methods:
    • token.prepareTokenParams
    • token.exchangeCodeForTokens
    • pkce.generateVerifier
    • pkce.computeChallenge
      and constant:
    • pkce.DEFAULT_CODE_CHALLENGE_METHOD
      This API allows more control over the PKCE authorization flow and is enabled for both browser and nodeJS.
Assets 2
Loading

4.4.0

07 Dec 22:43
@shuowu shuowu
okta-auth-js-4.4.0
ddc36e5
This commit was signed with the committer’s verified signature.
eng-prod-CI-bot-okta
GPG key ID: 123C983BA145F2E1
Learn about vigilant mode.
Compare
Choose a tag to compare
4.4.0

Features

  • #554 Adds MFA types
Assets 2
Loading

4.3.0

03 Dec 16:31
@shuowu shuowu
okta-auth-js-4.3.0
bd83f8c
This commit was signed with the committer’s verified signature.
eng-prod-CI-bot-okta
GPG key ID: 123C983BA145F2E1
Learn about vigilant mode.
Compare
Choose a tag to compare
4.3.0

Features

  • #518 Adds claims to AccessToken
Assets 2
Loading

4.2.0

03 Dec 15:55
@shuowu shuowu
okta-auth-js-4.2.0
1f89502
This commit was signed with the committer’s verified signature.
eng-prod-CI-bot-okta
GPG key ID: 123C983BA145F2E1
Learn about vigilant mode.
Compare
Choose a tag to compare
4.2.0

Features

  • Adding the ability to use refresh tokens with single page applications (SPA) (Early Access feature - reach out to our support team)
    • scopes configuration option now handles 'offline_access' as an option, which will use refresh tokens IF your client app is configured to do so in the Okta settings
      • If you already have tokens (from a separate instance of auth-js or the okta-signin-widget) those tokens must already include a refresh token and have the 'offline_access' scope
      • 'offline_access' is not requested by default. Anyone using the default scopes and wishing to add 'offline_access' should pass scopes: ['openid', 'email', 'offline_access'] to their constructor
    • renewTokens() will now use an XHR call to replace tokens if the app has a refresh token. This does not rely on "3rd party cookies"
      • The autoRenew option (defaults to true) already calls renewTokens() shortly before tokens expire. The autoRenew feature will now automatically make use of the refresh token if present
    • signOut() now revokes the refresh token (if present) by default, which in turn will revoke all tokens minted with that refresh token
      • The revoke calls by signOut() follow the existing revokeAccessToken parameter - when true (the default) any refreshToken will be also be revoked, and when false, any tokens are not explicitly revoked. This parameter name becomes slightly misleading (as it controls both access AND refresh token revocation) and will change in a future version.
Assets 2
Loading

4.1.2

10 Nov 01:11
@aarongranick-okta aarongranick-okta
okta-auth-js-4.1.2
0a977ac
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
4.1.2

Bug Fixes

  • #541 Fixes type error in VerifyRecoveryTokenOptions
Assets 2
Loading

4.0.4

10 Nov 00:57
@aarongranick-okta aarongranick-okta
okta-auth-js-4.0.4
939d7c4
Compare
Choose a tag to compare
4.0.4

Bug Fixes

  • #535 Respects scopes that are set in the constructor
Assets 2
Loading