@okta/okta-auth-js - npm Package Versions

6.2.0

Features

• #1113 Updates types for SigninWithCredentialsOptions and SignInOptions to support SP Initiated Auth
• #1125 IDX - Supports auto select methodType (when only one selection is available) for authenticator-verification-data remediation
• #1114 Exposes ESM node bundle

Fixes

• #1114 Fixes ESM browser bundle issue by only using ESM import syntax

Fixes

• #1130 state now stored in session during verifyEmail flow

Other

• #1124
  • Adds multi-tab "leadership" election to prevent all tabs from renewing tokens at the same time
  • Adds granular configurations for autoRenew (active vs passive)
  • Adds options to isAuthenticated to override client configuration
  • Fixes issue in token renew logic within isAuthenticated, tokens are now read from tokenManager (not memory) before expiration is checked

6.1.0

Features

• #1036 Adds webauthn authenticator support in idx module
• #1075 Adds top level invokeApiMethod method as an escape hatch to make arbitrary OKTA API request
• #1093 Allows passing device context headers (X-Forwarded-For, User-Agent, X-Okta-User-Agent-Extended and X-Device-Token) to idx.interact. Follow setHeaders section to add headers to http requests.

Fixes

• #1071 TypeScript: Adds fields for Input type in NextStep object
• #1094 TypeScript: Fixes SigninOptions.context type
• #1092 Call updateAuthState when handleLoginRedirect fails

Other

• #1073 Upgrades cross-fetch to resolve security vulnerability

6.0.0

Breaking Changes

• #1003 Supports generic UserClaims type. Custom claims should be extended by typescript generics, like UserClaims<{ groups: string[]; }>
• #1050 Removes userAgent field from oktaAuth instance
• #1014 Shared transaction storage is automatically cleared on success and error states. Storage is not cleared for "terminal" state which is neither success nor error.
• #1051 Removes useMultipleCookies from CookieStorage options
• #1059
  • Removes signOut option clearTokensAfterRedirect
  • Adds signOut option clearTokensBeforeRedirect (default: false) to remove local tokens before logout redirect happen
• #1057 Strict checks are now enabled in the Typescript compiler options. Some type signatures have been changed to match current behavior.
• #1062
  • Authn method introspect is renamed to introspectAuthn (still callable as tx.introspect)
  • IdxFeature enum is now defined as strings instead of numbers

Features

• #1014 Updates IDX API to support email verify and recovery/activation
  • adds new configuration options recoveryToken and activationToken
  • email verify callback:
    • adds support for passing otp to idx pipeline
    • updates samples to display error message with OTP code
  • idx methods support new options:
    • exchangeCodeForTokens. If false, interactionCode will be returned on the transaction at the end of the flow instead of tokens.
    • autoRemediate. If false, there will be no attempt to satisfy remediations even if values have been passed.
  • TransactionManager supports new option:
    • saveLastResponse. If false, IDX responses will not be cached.
• #1062
  • All IDX methods are exported.
  • useInteractionCodeFlow defaults to true for sample and test apps.

5.11.0

• #1064 Supports skip authenticator in idx authentication flow

5.10.1

Fixes

• #1054 Fixes Typescript build error

5.10.0

Features

• #1010 Supports clearPendingRemoveTokens option in signOut method. This option can be used to avoid cross tabs sign out issue with Okta's downstream client SDK's SecureRoute component
• #1035 Adds security question authenticator support in idx module

Fixes

• #1028 Any error caught in token.renew() will be emitted and contain tokenKey property
• #1027 Don't reject isAuthenticated() because of failed token renewal
• #1032 Fixes idx recover password flow with identifier first org policy
• #1048 Points browser field to UMD bundle

5.9.1

Other

• #1021 Removes type field in package.json. As okta-auth-js includes multiple bundles (cjs, esm, umd) in the package, explicit type field causes error for some type of bundlers. This change fixes issue with @angular/cli.

5.9.0

Features

• #1004 Allows extra query parameters to be added to the authorize url

Other

• #1000
  • Fixes broken ES module bundle
  • Updates browser field in package.json to enable bundlers to use the ES module bundle by default

Fixes

• #1005
  • Handles rememberMe boolean in IDX Identify remediation adapter
  • Typescript: Adds type field for Input type in NextStep object
• #1012 Fixes null access when crypto is not present

5.8.0

Features

• #990 Supports email verify callback

5.7.0

Features

• #983 Adds new method setHeaders
• #990 Supports email verify callback

Fixes

• #988 Fixes Safari & Firefox browsers block getWithPopup issue
• #995 Sends cookie for authn related requests
• #985 Fixes issue with renewTokens that would drop scopes passed to getToken

Other

• #981 TypeScript: Allows optional paramters for IDX methods
• #986 TypeScript: Interface SignInWithRedirectOptions should extend TokenParams
• #992 TypeScript: Adds fields for Input type in NextStep object
• #997 Validates scopes config param is an array