🚀 Big News: Socket Acquires Coana to Bring Reachability Analysis to Every Appsec Team.Learn more
Socket
DemoInstallSign in
Socket
DemoInstallSign in

auth0-guardian-js

Package Overview
Dependencies
Maintainers
2
Versions
16
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

auth0-guardian-js - npm Package Versions

2

1.3.3

Diff
auth0npm
 published 1.3.3 •

1.3.2

Diff
auth0npm
 published 1.3.2 •

Changelog

Source

v1.3.2 (2018-06-14)

Full Changelog

  • Bump dependency version for superagent from 3.5.1 to 3.8.3 (no breaking changes)

1.3.1

Diff
auth0npm
 published 1.3.1 •

Changelog

Source

v1.3.1 (2018-03-27)

Full Changelog

Fixed

  • polling transport stops polling after the first 401 response code is returned.

1.3.0

Diff
auth0npm
 published 1.3.0 •

Changelog

Source

v1.3.0 (2018-02-13)

Full Changelog

Added

  • enrollment.getAvailableAuthenticatorTypes() to replace enrollment.getAvailableMethods() #47 (dafortune).
  • transaction.requestAuth(...) support for recovery-code type (a.k.a. method). Recovery code can be used the same way as otp, push, sms; it has become its own autenticator type.

Changed

  • enrollment.getAvailableMethods() was deprecated in favor of enrollment.getAvailableAuthenticatorTypes() #47 (dafortune).

Migration notes:

As an step to support multiple authenticators associated to a single user, since version 1.3.0 recovery code has become its own authenticator type (previously known as method), this means that we have to allow the user to verify the recovery code as the only authenticator (instead of solely as a fallback for other authenticator types). Recovery code can be the only authenticator type if the user removes all the authenticators but the recovery code.

If you are using current Auth0 management API, we prevent you from being affected by this change by keeping the old behavior of the API (the recovery-code authenticator is removed together with the non-recovery authenticators as it used to be).

There is a case where you could still have recovery code as the only authenticator: when you remove all the other authenticators from guardian app. For this case the API fallbacks to suggest TOTP on enrollment.getAvailableMethod() (deprecated) because that should allow user to enter the recovery code and recover from this condition, on the other hand enrollment.getAvailableAuthenticatorTypes() will suggest that recovery-code is the only available type.

Since we now support method: recovery-code on .requestAuth, the suggested approach is to switch from enrollment.getAvailableMethods() to enrollment.getAvailableAuthenticatorTypes() to select what method to use when you start challenge / verification.

1.2.0

Diff
auth0npm
 published 1.2.0 •

Changelog

Source

v1.2.0 (2017-07-18)

Full Changelog

Added

1.1.1

Diff
auth0npm
 published 1.1.1 •

Changelog

Source

v1.1.1 (2017-06-13)

Full Changelog

Fix

  • Bump dependencies versions (no breaking changes) #37 (dafortune).

1.1.0

Diff
auth0brokkr
 published 1.1.0 •

Changelog

Source

v1.1.0 (2017-03-22)

Full Changelog

1.0.2

Diff
auth0
 published 1.0.2 •

Changelog

Source

v1.0.2 (2017-03-21)

Full Changelog

Fix

  • Fix uncaught error event thrown even when there is a listener #30 (dafortune).

1.0.1

Diff
auth0
 published 1.0.1 •

Changelog

Source

v1.0.1 (2017-03-01)

Full Changelog

Fix

  • Callback with invalid token error when resuming transaction instead of throwing it #29 (dafortune).

1.0.0

Diff
auth0
 published 1.0.0 •

Changelog

Source

v1.0.0 (2017-03-01)

Full Changelog

Added

  • Support manually checking server side state #27 (dafortune):
    • Manual transaction state checking: call transaction.getState to get the state without relying on an open websocket or automatic polling.
    • Know the result of otp code validation (SMS / TOTP) without relying on a socket.
    • Allow to confirm the enrollment after serializing the transaction.
2