@okta/okta-auth-js - npm Package Versions

6.5.0

Features

• #1186 Supports maxAge param in interaction code flow. This parameter can be passed in from either SDK level options or idx.interact options.
• #1189 IDX: includes options field in inputs scope, and deprecated top level options from nextStep field of the response (removal will happen in the next major version).

Fixes

• #1189 IDX: fixes input type indicator's field name for username and authenticator. Before the indicator was named as key, now it's fixed to type to follow input metadata with all other inputs.

6.4.3

Fixes

• #1182 Fixes security question verification to accept credentials.answer
• #1184 Fixes type declarations: ApiError, responseType, responseMode
• #1185 Fixes "cancel" and "skip" action called after receiving a terminal or error response

6.4.2

Fixes

• #1180 Fixes commonjs bundle dynamic import transpiling issue

6.4.1

Fixes

#1177 - fixes issue with repeated calls to oktaAuth.start()

6.4

Features

• #1161
  • IDX actions accept optional/additional parameters
  • requestDidSucceed is returned on IdxTransaction
  • adds IDX option shouldProceedWithEmailAuthenticator to disable email authenticator auto-selection

Fixes

• #1145

  • IDX: form field-level messages are now passed through via idxState
  • Type Fixes:
    • IdxContent: user property now optional
    • Input: added missing key property

• #1161

  • fixes for stateToken flow

Other

• #1145
  • refactor: IDX methods now use auth-js http client
  • refactor: idx-js methods have been refactored to idxState

6.3.2

Fixes

• #1169 Removes deleted file which was inadvertently added back in a merge

6.3.1

Fixes

• #1160
  • Fixes error handling for IDX actions
  • Fixes saved IDX transaction

6.3.0

Features

• #1090
  • An authenticator can be provided to IDX methods as either a string (representing the authenticator key) or an authenticator object
  • IDX functions will accept the "canonical" name for inputs (as defined by server response). For example a credentials object can be passed to satisfy an "identify" remediation instead of username and password
  • idx.proceed will continue without saved transaction meta if a stateHandle is available
  • Unknown remediations/values will proceed if the proper data is supplied by the caller
  • IDX response object has a new field requestDidSucceed which will be false if the XHR was returned with a non-2xx HTTP status

Fixes

• #1090
  • Fixes concurrency issue with transformAuthState. Concurrent auth state updates will now enqueue calls to transformAuthState so that they execute sequentially
  • Fixes issue with in-memory storage provider, where storage was shared between AuthJS instances in the same page/process. In-memory storage will now be unique per AuthJS instance.
  • Fixes issue with the step option in IDX flows: it will only be used for a single remediation cycle
• #1136 Fixes typo in security question enrollment

Other

• #1090 Removes runtime regenerator for development builds

6.2.0

Features

• #1113 Updates types for SigninWithCredentialsOptions and SignInOptions to support SP Initiated Auth
• #1125 IDX - Supports auto select methodType (when only one selection is available) for authenticator-verification-data remediation
• #1114 Exposes ESM node bundle

Fixes

• #1114 Fixes ESM browser bundle issue by only using ESM import syntax

Fixes

• #1130 state now stored in session during verifyEmail flow

Other

• #1124
  • Adds multi-tab "leadership" election to prevent all tabs from renewing tokens at the same time
  • Adds granular configurations for autoRenew (active vs passive)
  • Adds options to isAuthenticated to override client configuration
  • Fixes issue in token renew logic within isAuthenticated, tokens are now read from tokenManager (not memory) before expiration is checked

6.1.0

Features

• #1036 Adds webauthn authenticator support in idx module
• #1075 Adds top level invokeApiMethod method as an escape hatch to make arbitrary OKTA API request
• #1093 Allows passing device context headers (X-Forwarded-For, User-Agent, X-Okta-User-Agent-Extended and X-Device-Token) to idx.interact. Follow setHeaders section to add headers to http requests.

Fixes

• #1071 TypeScript: Adds fields for Input type in NextStep object
• #1094 TypeScript: Fixes SigninOptions.context type
• #1092 Call updateAuthState when handleLoginRedirect fails

Other

• #1073 Upgrades cross-fetch to resolve security vulnerability