6.3.2

Fixes

• #1169 Removes deleted file which was inadvertently added back in a merge

6.3.1

Fixes

• #1160
  • Fixes error handling for IDX actions
  • Fixes saved IDX transaction

6.3.0

Features

• #1090
  • An authenticator can be provided to IDX methods as either a string (representing the authenticator key) or an authenticator object
  • IDX functions will accept the "canonical" name for inputs (as defined by server response). For example a credentials object can be passed to satisfy an "identify" remediation instead of username and password
  • idx.proceed will continue without saved transaction meta if a stateHandle is available
  • Unknown remediations/values will proceed if the proper data is supplied by the caller
  • IDX response object has a new field requestDidSucceed which will be false if the XHR was returned with a non-2xx HTTP status

Fixes

• #1090
  • Fixes concurrency issue with transformAuthState. Concurrent auth state updates will now enqueue calls to transformAuthState so that they execute sequentially
  • Fixes issue with in-memory storage provider, where storage was shared between AuthJS instances in the same page/process. In-memory storage will now be unique per AuthJS instance.
  • Fixes issue with the step option in IDX flows: it will only be used for a single remediation cycle
• #1136 Fixes typo in security question enrollment

Other

• #1090 Removes runtime regenerator for development builds

6.2.0

6.2.0

Features

• #1113 Updates types for SigninWithCredentialsOptions and SignInOptions to support SP Initiated Auth
• #1125 IDX - Supports auto select methodType (when only one selection is available) for authenticator-verification-data remediation
• #1114 Exposes ESM node bundle

Fixes

• #1114 Fixes ESM browser bundle issue by only using ESM import syntax
• #1130 state now stored in session during verifyEmail flow

Other

• #1124
  • Adds multi-tab "leadership" election to prevent all tabs from renewing tokens at the same time
  • Adds granular configurations for autoRenew (active vs passive)
  • Adds options to isAuthenticated to override client configuration
  • Fixes issue in token renew logic within isAuthenticated, tokens are now read from tokenManager (not memory) before expiration is checked

6.1.0

Features

• #1036 Adds webauthn authenticator support in idx module
• #1075 Adds top level invokeApiMethod method as an escape hatch to make arbitrary OKTA API request
• #1093 Allows passing device context headers (X-Forwarded-For, User-Agent, X-Okta-User-Agent-Extended and X-Device-Token) to idx.interact. Follow setHeaders section to add headers to http requests.

Fixes

• #1071 TypeScript: Adds fields for Input type in NextStep object
• #1094 TypeScript: Fixes SigninOptions.context type
• #1092 Call updateAuthState when handleLoginRedirect fails

Other

• #1073 Upgrades cross-fetch to resolve security vulnerability

6.0.0

Breaking Changes

• #1003 Supports generic UserClaims type. Custom claims should be extended by typescript generics, like UserClaims<{ groups: string[]; }>
• #1050 Removes userAgent field from oktaAuth instance
• #1014 Shared transaction storage is automatically cleared on success and error states. Storage is not cleared for "terminal" state which is neither success nor error.
• #1051 Removes useMultipleCookies from CookieStorage options
• #1059
  • Removes signOut option clearTokensAfterRedirect
  • Adds signOut option clearTokensBeforeRedirect (default: false) to remove local tokens before logout redirect happen
• #1057 Strict checks are now enabled in the Typescript compiler options. Some type signatures have been changed to match current behavior.
• #1062
  • Authn method introspect is renamed to introspectAuthn (still callable as tx.introspect)
  • IdxFeature enum is now defined as strings instead of numbers

Features

• #1014 Updates IDX API to support email verify and recovery/activation
  • adds new configuration options recoveryToken and activationToken
  • email verify callback:
    • adds support for passing otp to idx pipeline
    • updates samples to display error message with OTP code
  • idx methods support new options:
    • exchangeCodeForTokens. If false, interactionCode will be returned on the transaction at the end of the flow instead of tokens.
    • autoRemediate. If false, there will be no attempt to satisfy remediations even if values have been passed.
  • TransactionManager supports new option:
    • saveLastResponse. If false, IDX responses will not be cached.
• #1062
  • All IDX methods are exported.
  • useInteractionCodeFlow defaults to true for sample and test apps.

5.11.0

• #1064 Supports skip authenticator in idx authentication flow

5.10.1

Fixes

• #1054 Fixes Typescript build error

5.10.0

Features

• #1010 Supports clearPendingRemoveTokens option in signOut method. This option can be used to avoid cross tabs sign out issue with Okta's downstream client SDK's SecureRoute component
• #1035 Adds security question authenticator support in idx module

Fixes

• #1028 Any error caught in token.renew() will be emitted and contain tokenKey property
• #1027 Don't reject isAuthenticated() because of failed token renewal
• #1032 Fixes idx recover password flow with identifier first org policy
• #1048 Points browser field to UMD bundle

5.9.1

Other

• #1021 Removes type field in package.json. As okta-auth-js includes multiple bundles (cjs, esm, umd) in the package, explicit type field causes error for some type of bundlers. This change fixes issue with @angular/cli.