		# Changelog

		## v3.0.0-rc.3 (2018-05-14)

		### Fixes

		* [#38](https://github.com/schibsted/account-sdk-browser/issues/38) — Source maps are now included
		for generated ES5 files
		* [#22](https://github.com/schibsted/account-sdk-browser/issues/22) — Documented that varnish
		cookies need an Origin that is `!== localhost` for the logic to work in most (all?) browsers
		* [#21](https://github.com/schibsted/account-sdk-browser/issues/21) — Fix documentation issue on
		`Monetization.hasProduct` and `Monetization.hasSubscription`

		### Changes

		* Documentation (the main README.md file) has been updated to point to the SDK Example project in
		case people might want to go look at it
		* Be more explicit about the browsers supported in our ES5 generated files. In package.json for
		those who are curious

		## v3.0.0-rc.2 (2018-04-30)
		@@ -4,0 +22,0 @@

package.json

		{
		"name": "@schibsted/account-sdk-browser",
		"version": "3.0.0-rc.2",
		"version": "3.0.0-rc.3",
		"description": "Schibsted Account SDK for browsers",
		@@ -51,4 +51,10 @@ "main": "index.js",
		"browsers": [
		"last 2 major versions",
		"ie 9"
		"> 1%",
		"last 10 chrome major versions",
		"last 10 firefox major versions",
		"last 10 opera major versions",
		"last 2 safari major versions",
		"last 2 ios major versions",
		"last 2 ie major versions",
		"last 5 edge major versions"
		]
		@@ -55,0 +61,0 @@ }

README.md

		@@ -55,4 +55,5 @@ [![logo](https://www.schibsted.com/Global/LogoTypes/Logos%202014/SMG_Small_2014_RGB.png)](https://github.com/schibsted/account-sdk-browser)
		There is a function `enableVarnishCookie` that you can call on an `Identity` instance. This will
		enable setting the `SP_ID` cookie whenever `hasSession()` is called. Any other cookie that you
		need set, you will have to set yourself
		enable setting the `SP_ID` cookie whenever `hasSession()` is called (though most browsers require
		that you are on a "real domain" for this to work — so, not `localhost`). Any other cookie
		that you need set, you will have to set yourself
		* You no longer `subscribe` to events but `listen` (using a function `.on` that's compatible with
		@@ -96,2 +97,22 @@ Node's `EventEmitter`). For example `SPiD.event.subscribe('SPiD.login', handler)` becomes

		## Example project

		There is an example that demonstrates how the SDK can be used. The code is
		[here](https://github.com/schibsted/sdk-example), and you can see it live
		[here](https://pro.sdk-example.com). You have a use-case that we haven't thought of? Ask us to add
		it by creating an [issue](https://github.com/schibsted/sdk-example/issues/new).

		You can use that code as inspiration or just fork and play with it. The account-sdk-browser NPM
		module is used for authenticating the user with Schibsted Account. Take a look at how the SDK is
		initialized.

		When a user wants to log in to your site, you direct them to a UI flow that is hosted by Schibsted
		Account. We authenticate the user and redirect them back to your site. This final redirect back to
		your site is done in accordance with the OAuth2 spec. That means that we pass a `code` in the query
		string in that redirect uri. You can use that `code` on your site backend along with your client
		credentials (client id & secret) to get an Access Token (AT) and Refresh Token (RT). You don't
		send the AT (and never ever the RT!) to the browser but rather keep it on the server side and
		associate it with that particular user session in order to be able to call Schibsted Account APIs on
		behalf of that user.

		## Events
		@@ -189,3 +210,5 @@
		similar — to indicate that the user is logged in. If the popup window fails to open, it'll
		automatically fall back to the redirect flow.
		automatically fall back to the redirect flow. The SDK Example project mentioned above demonstrates
		how it can work. Again, you can see [sdk-example](https://github.com/schibsted/sdk-example) if you
		want a working example.

		@@ -192,0 +215,0 @@ #### Is the user logged in?

src/identity.js

		@@ -281,3 +281,4 @@ /* Copyright 2018 Schibsted Products & Technology AS. Licensed under the terms of the MIT license.
		/**
		* Set the Varnish cookie (`SP_ID`) when hasSession() is called.
		* Set the Varnish cookie (`SP_ID`) when hasSession() is called. Note that most browsers require
		* that you are on a "real domain" for this to work — so, not `localhost`
		* @returns {void}
		@@ -528,3 +529,10 @@ */
		/**
		* Logs the user out from the Identity platform
		* @summary Logs the user out from the Identity platform
		* @description Note: Your site origin should be listed as a redirect_uri in selfservice for
		* this to work. On the Schibsted Account side, we check CORS headers against the list of
		* redirect_uris. For most sites, this will work already, since this matching is only done on
		* the origin part of the uri, and most sites already have that in their redirect_uri list. So
		* if you have a redirect_uri `https://mysite.news/article`, then this will work when coming
		* from any `https://mysite.news` location. Note however, that the protocol matters, so it will
		* not work for `http://mysite.news` (only `https`).
		* @return {void}
		@@ -531,0 +539,0 @@ */

src/monetization.js

		@@ -59,3 +59,4 @@ /* Copyright 2018 Schibsted Products & Technology AS. Licensed under the terms of the MIT license.
		* @param {string} spId - The spId that was obtained from {@link Identity#hasSession}
		* @returns {Object} The data object returned from Schibsted Account
		* @returns {Object\|null} The data object returned from Schibsted Account (or `null` if the user
		* doesn't have access to the given product)
		*/
		@@ -86,3 +87,4 @@ async hasProduct(productId, spId) {
		* @param {string} spId - The spid that was obtained from {@link Identity#hasSession}
		* @returns {Object} The data object returned from Schibsted Account
		* @returns {Object\|null} The data object returned from Schibsted Account (or `null` if the user
		* doesn't have access to the given subscription)
		*/
		@@ -89,0 +91,0 @@ async hasSubscription(subscriptionId, spId) {

@schibsted/account-sdk-browser - npm Package Compare versions

Improved metrics