@okta/okta-auth-js - npm Package Versions

3.2.5

• #491 Fixes issue with OAuth param cookie when using self-hosted signin widget

• #489 Fixes sameSite cookie setting when running on HTTP connection

4.0.1

Bug Fixes

• #473 Fixes login issue when cookies are blocked or used as shared state storage

3.2.4

Bug Fixes

• #473 Fixes login issue when cookies are blocked or used as shared state storage

4.0.0

Features

• #413 Adds support for Typescript. Uses named exports instead of default export.
• #444 New method tokenManager.hasExpired to test if a token is expired

Breaking Changes

• #444
  • Implements "active" autoRenew. Previously tokens would be renewed or removed when calling tokenManager.get. Now they will be renewed or removed in the background. If autoRenew is true, tokens will be renewed before expiration. If autoRenew is false, tokens will be removed from storage on expiration.
  • onSessionExpired option has been removed. TokenManager events can be used to detect and handle token renewal errors.
  • tokenManager.get no longer implements autoRenew functionality (autoRenew is done by a separate process within TokenManager). Even with autoRenew, it is possible that the token returned from the TokenManager may be expired, since renewal is an asynchronous process. New method tokenManager.hasExpired can be used to test the token and avoid this potential race condition.

3.2.3

Bug Fixes

• #440 Fixes signOut XHR fallback to reload page only if postLogoutRedirectUri matches the current URI
• #445 Clears access token from storage after token revocation

3.2.2

Bug Fixes

• #422 Fixes revoke accessToken in signOut method
• #441 Fixes issue involving an "invalid grant" error: "PKCE verification failed."

3.2.1

Bug Fixes

• #431 Skips non parsable iframe messages for sdk.fingerprint

3.2.0

Features

-#408 Provides a polyfill for IE 11+

-#410 Add token.isLoginRedirect function to prevent app from starting new Oauth flow while already in OAuth callback state.

3.1.4

Bug Fixes

• #400 Allows an accessToken to be retrieved without an idToken. Also allows retrieving "default" scopes as defined by the custom authorization server.

• #402 Fixes tokenManager cookie storage size limitation issue by store tokens in separated cookies.

3.1.3

Bug Fixes

• #395 Prevents concurrent use of token API methods such as getWithoutPrompt, getWithRedirect or getWithPopup within a single running instance. These methods will be executed within a queue to ensure that they complete sequentially. This fix only affects a single instance. If there are several instances running (for example, in multiple tabs) it is still possible for token API methods to be executing concurrently.

• #399 Fixes an error involving PKCE flow and the signin widget.