New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More

@okta/okta-auth-js

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@okta/okta-auth-js - npm Package Compare versions

Comparing version 2.6.1 to 2.6.3

# Changelog
## 2.6.3
### Other
- [(#235)](https://github.com/okta/okta-auth-js/pull/235) - Option `grantType` has been deprecated and will be removed in 3.0
## 2.6.2
### Features
- [(#233)](https://github.com/okta/okta-auth-js/pull/235) - New option `pkce`
### Bug Fixes
- [(#233)](https://github.com/okta/okta-auth-js/pull/233) The default `responseMode` was incorrectly set to `fragment` instead of `query` when the `responseType` was `code`. This regression was introduced in version `2.6.0`.
- [747216b](https://github.com/okta/okta-auth-js/commit/747216ba2d186d17a08b0f0482da7e3e94977e98) fix build process, so that /dist/okta-auth-js.min.js is for browsers (since version 2.2.0, dist/ output was being built for node.js applications, which was not intended)
## 2.6.1

@@ -4,0 +19,0 @@

@@ -14,2 +14,3 @@ var packageJson = require('./package.json');

'testPathIgnorePatterns': [
'./test/spec/browser.js',
'./test/spec/fingerprint.js',

@@ -16,0 +17,0 @@ './test/spec/general.js',

@@ -34,2 +34,4 @@ /*!

var url = builderUtil.getValidUrl(args);
// OKTA-242989: support for grantType will be removed in 3.0
var usePKCE = args.pkce || args.grantType === 'authorization_code';
this.options = {

@@ -42,3 +44,3 @@ url: util.removeTrailingSlash(url),

tokenUrl: util.removeTrailingSlash(args.tokenUrl),
grantType: args.grantType,
pkce: usePKCE,
redirectUri: args.redirectUri,

@@ -51,3 +53,3 @@ httpRequestClient: args.httpRequestClient,

if (this.options.grantType === 'authorization_code' && !sdk.features.isPKCESupported()) {
if (this.options.pkce && !sdk.features.isPKCESupported()) {
throw new AuthSdkError('This browser doesn\'t support PKCE');

@@ -54,0 +56,0 @@ }

@@ -13,3 +13,3 @@ module.exports = {

"PKCE_STORAGE_NAME": "okta-pkce-storage",
"SDK_VERSION": "2.6.1"
"SDK_VERSION": "2.6.3"
};

@@ -88,6 +88,2 @@ /*!

}
if (oauthOptions.grantType !== 'authorization_code') {
throw new AuthSdkError('Expecting "grantType" to equal "authorization_code"');
}
}

@@ -100,3 +96,3 @@

'redirect_uri': options.redirectUri,
'grant_type': options.grantType,
'grant_type': 'authorization_code',
'code': options.authorizationCode,

@@ -103,0 +99,0 @@ 'code_verifier': options.codeVerifier

@@ -24,3 +24,3 @@ /*!

var cookies = require('./browser/browserStorage').storage;
var pkce = require('./pkce');
var PKCE = require('./pkce');

@@ -135,6 +135,5 @@ function decodeToken(token) {

// Retrieve saved values and build oauthParams for call to /token
var meta = pkce.loadMeta(sdk);
var meta = PKCE.loadMeta(sdk);
var getTokenParams = {
clientId: oauthParams.clientId,
grantType: 'authorization_code',
authorizationCode: authorizationCode,

@@ -144,3 +143,3 @@ codeVerifier: meta.codeVerifier,

};
return pkce.getToken(sdk, getTokenParams, urls)
return PKCE.getToken(sdk, getTokenParams, urls)
.then(function(res) {

@@ -151,3 +150,3 @@ validateResponse(res, getTokenParams);

.fin(function() {
pkce.clearMeta(sdk);
PKCE.clearMeta(sdk);
});

@@ -252,12 +251,8 @@ }

function getDefaultOAuthParams(sdk, oauthOptions) {
oauthOptions = util.clone(oauthOptions) || {};
var grantType = sdk.options.grantType || 'implicit';
var responseType = grantType === 'authorization_code' ? 'code' : 'id_token';
var defaults = {
grantType: grantType,
function getDefaultOAuthParams(sdk) {
return {
pkce: sdk.options.pkce || false,
clientId: sdk.options.clientId,
redirectUri: sdk.options.redirectUri || window.location.href,
responseType: responseType,
responseType: 'id_token',
responseMode: 'okta_post_message',

@@ -269,9 +264,2 @@ state: oauthUtil.generateState(),

};
util.extend(defaults, oauthOptions);
if (defaults.grantType === 'authorization_code' && !defaults.codeChallengeMethod) {
defaults.codeChallengeMethod = pkce.DEFAULT_CODE_CHALLENGE_METHOD;
}
return defaults;
}

@@ -530,16 +518,19 @@

function prepareOauthParams(sdk, oauthOptions) {
var oauthParams = getDefaultOAuthParams(sdk, oauthOptions);
// clone and prepare options
oauthOptions = util.clone(oauthOptions) || {};
var responseType = oauthParams.responseType;
if (typeof responseType === 'string') {
responseType = [responseType];
// OKTA-242989: support for grantType will be removed in 3.0
if (oauthOptions.grantType === 'authorization_code') {
oauthOptions.pkce = true;
}
if (oauthParams.grantType !== 'authorization_code') {
if (responseType.includes('code')) {
return Q.reject(new AuthSdkError('When responseType is "code", grantType should be "authorization_code"'));
}
// build params using defaults + options
var oauthParams = getDefaultOAuthParams(sdk);
util.extend(oauthParams, oauthOptions);
if (oauthParams.pkce !== true) {
return Q.resolve(oauthParams);
}
// PKCE flow
if (!sdk.features.isPKCESupported()) {

@@ -549,6 +540,10 @@ return Q.reject(new AuthSdkError('This browser doesn\'t support PKCE'));

if (responseType.length !== 1 || responseType[0] !== 'code') {
return Q.reject(new AuthSdkError('When grantType is "authorization_code", responseType should be "code"'));
// set default code challenge method, if none provided
if (!oauthParams.codeChallengeMethod) {
oauthParams.codeChallengeMethod = PKCE.DEFAULT_CODE_CHALLENGE_METHOD;
}
// responseType is forced
oauthParams.responseType = 'code';
return oauthUtil.getWellKnown(sdk, null)

@@ -563,3 +558,3 @@ .then(function(res) {

// PKCE authorization_code flow
var codeVerifier = pkce.generateVerifier(oauthParams.codeVerifier);
var codeVerifier = PKCE.generateVerifier(oauthParams.codeVerifier);

@@ -571,9 +566,9 @@ // We will need these values after redirect when we call /token

};
pkce.saveMeta(sdk, meta);
PKCE.saveMeta(sdk, meta);
return pkce.computeChallenge(codeVerifier);
return PKCE.computeChallenge(codeVerifier);
})
.then(function(codeChallenge) {
// Clone/copy the params. Set codeChallenge and responseType for authorization_code
// Clone/copy the params. Set codeChallenge
var clonedParams = util.clone(oauthParams) || {};

@@ -589,7 +584,18 @@ util.extend(clonedParams, oauthParams, {

oauthOptions = util.clone(oauthOptions) || {};
if (!oauthOptions.responseMode) {
oauthOptions.responseMode = 'fragment';
}
return prepareOauthParams(sdk, oauthOptions)
.then(function(oauthParams) {
// Dynamically set the responseMode unless the user has provided one
// Server-side flow requires query. Client-side apps usually prefer fragment.
if (!oauthOptions.responseMode) {
if (oauthParams.responseType.includes('code') && !oauthParams.pkce) {
// server-side flows using authorization_code
oauthParams.responseMode = 'query';
} else {
// general case, client-side flow.
oauthParams.responseMode = 'fragment';
}
}
var urls = oauthUtil.getOAuthUrls(sdk, oauthParams, options);

@@ -626,3 +632,3 @@ var requestUrl = urls.authorizeUrl + buildAuthorizeParams(oauthParams);

var responseType;
if (sdk.options.grantType === 'authorization_code') {
if (sdk.options.pkce) {
responseType = 'code';

@@ -629,0 +635,0 @@ } else if (token.accessToken) {

{
"name": "@okta/okta-auth-js",
"description": "The Okta Auth SDK",
"version": "2.6.1",
"version": "2.6.3",
"homepage": "https://github.com/okta/okta-auth-js",

@@ -83,5 +83,5 @@ "license": "Apache-2.0",

"okta": {
"commitSha": "ea3f395ba375990bed79421561369904bd4b1333",
"fullVersion": "2.6.1-20190723001632-ea3f395"
"commitSha": "9e5b3a0a6b99de4dd87e12e102fcafdae6e80c9a",
"fullVersion": "2.6.3-20190808234314-9e5b3a0"
}
}

@@ -70,4 +70,6 @@ [<img src="https://devforum.okta.com/uploads/oktadev/original/1X/bf54a16b5fda189e4ad2706fb57cbb7a1e5b8deb.png" align="right" width="256px"/>](https://devforum.okta.com/)

After installing `@okta/okta-auth-js`, the minified auth client will be installed to `node_modules/@okta/okta-auth-js/dist`. You can copy the `dist` contents to a publicly hosted directory. However, if you're using a bundler like [Webpack](https://webpack.github.io/) or [Browserify](http://browserify.org/), you can simply import the module using CommonJS.
If you are using the JS on a web page from the browser, you can copy the `node_modules/@okta/okta-auth-js/dist` contents to publicly hosted directory, and include a reference to the `okta-auth-js.min.js` file in a `<script>` tag.
However, if you're using a bundler like [Webpack](https://webpack.github.io/) or [Browserify](http://browserify.org/), you can simply import the module using CommonJS.
```javascript

@@ -90,3 +92,3 @@ var OktaAuth = require('@okta/okta-auth-js');

For an overview of the client's features and authentication flows, check out [our developer docs](https://developer.okta.com/docs/guides/okta_auth_sdk). There, you will learn how to use the Auth SDK on a simple static page to:
For an overview of the client's features and authentication flows, check out [our developer docs](https://developer.okta.com/code/javascript/okta_auth_sdk). There, you will learn how to use the Auth SDK on a simple static page to:

@@ -176,3 +178,3 @@ * Retrieve and store an OpenID Connect (OIDC) token

| `redirectUri` | The url that is redirected to when using `token.getWithRedirect`. This must be pre-registered as part of client registration. If no `redirectUri` is provided, defaults to the current origin. |
| `grantType` | Specify `grantType` for this Application. Supported types are `implicit` and `authorization_code`. Defaults to `implicit` |
| `pkce` | If set to true, the authorization flow will automatically use PKCE. The authorize request will use `response_type=code`, and `grant_type=authorization_code` will be used on the token request. All these details are handled for you, including the creation and verification of code verifiers. |
| `authorizeUrl` | Specify a custom authorizeUrl to perform the OIDC flow. Defaults to the issuer plus "/v1/authorize". |

@@ -213,3 +215,3 @@ | `userinfoUrl` | Specify a custom userinfoUrl. Defaults to the issuer plus "/v1/userinfo". |

To use PKCE flow, set `grantType` to `authorization_code` in your config.
To use PKCE flow, set `pkce` to `true` in your config.

@@ -219,3 +221,3 @@ ```javascript

var config = {
grantType: 'authorization_code',
pkce: true,

@@ -1410,3 +1412,3 @@ // other config

| `responseMode` | Specify how the authorization response should be returned. You will generally not need to set this unless you want to override the default values for `token.getWithRedirect`. See [Parameter Details](https://developer.okta.com/docs/api/resources/oidc#parameter-details) for a list of available modes. |
| `responseType` | Specify the [response type](https://developer.okta.com/docs/api/resources/oidc#request-parameters) for OIDC authentication. The default value is based on the configured `grantType`. If `grantType` is `implicit` (the default setting), `responseType` will have a default value of `id_token`. If `grantType` is `authorization_code`, the default value will be `code`. |
| `responseType` | Specify the [response type](https://developer.okta.com/docs/api/resources/oidc#request-parameters) for OIDC authentication. The default value is `id_token`. If `pkce` is `true`, this option will be ingored. |
| | Use an array if specifying multiple response types - in this case, the response will contain both an ID Token and an Access Token. `responseType: ['id_token', 'token']` |

@@ -1413,0 +1415,0 @@ | `scopes` | Specify what information to make available in the returned `id_token` or `access_token`. For OIDC, you must include `openid` as one of the scopes. Defaults to `['openid', 'email']`. For a list of available scopes, see [Scopes and Claims](https://developer.okta.com/docs/api/resources/oidc#access-token-scopes-and-claims). |

Sorry, the diff of this file is too big to display

Sorry, the diff of this file is not supported yet