Skip to content

@okta/okta-auth-js@3.0.0
Compare
Choose a tag to compare
@swiftone swiftone released this 04 Mar 18:39
· 694 commits to master since this release
@okta/okta-auth-js@3.0.0
1b317b6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Features

New option cookies allows overriding default secure and sameSite values.

Breaking Changes

  • #308 - Removed jquery and reqwest httpRequesters

  • #309 - Removed Q library, now using standard Promise. IE11 will require a polyfill for the Promise object. Use of Promise.prototype.finally requires Node > 10.3 for server-side use.

  • #310 - New behavior for signOut()

  • #311 - parseFromUrl() now returns tokens in an object hash (instead of array). The state parameter (passed to authorize request) is also returned.

  • #313 - An HTTPS origin will be enforced unless running on http://localhost or cookies.secure is set to false

  • #316 - Option issuer is required. Option url has been deprecated and is no longer used.

  • #317 - pkce option is now true by default. grantType option is removed.

  • #320 - getWithRedirect, getWithPopup, and getWithoutPrompt previously took 2 sets of option objects as parameters, a set of "oauthOptions" and additional options. These methods now take a single options object which can hold all available options. Passing a second options object will cause an exception to be thrown.

  • #321

    • Default responseType when using implicit flow is now ['token', 'id_token'].
    • When both access token and id token are returned, the id token's at_hash claim will be validated against the access token

  • #325 - Previously, the default responseMode for PKCE was "fragment". It is now "query". Unless explicitly specified using the responseMode option, the response_mode parameter is no longer passed by token.getWithRedirect to the /authorize endpoint. The response_mode will be set by the backend according to the OpenID specification. Implicit flow will use "fragment" and PKCE will use "query". If previous behavior is desired, PKCE can set the responseMode option to "fragment".

  • #329 - Fix internal fetch implementation. responseText will always be a string, regardless of headers or response type. If a JSON object was returned, the object will be returned as responseJSON and responseType will be set to "json". Invalid/malformed JSON server response will no longer throw a raw TypeError but will return a well structured error response which includes the status code returned from the server.

Other

Assets 2
Loading