@okta/[email protected]

3.0.3

Bug Fixes

• #826 Fix stale authState in React context by listening on expired event from authJs.tokenManager, then update the authState in context properly.

@okta/[email protected]

3.0.2

Bug Fixes

• [#802]
  • The minimum version of okta-auth-js is updated to 3.1.2 from 3.0.0 to help address an issue with overlapping PKCE renewal requests.
  • <SecureRoute> should now pass the same react-router properties to wrapped components that <Route> does.
  • Passing custom props to a component using the render property of <SecureRoute> should now work

@okta/[email protected]

1.4.1

Bug fix

• #790 Pass consistent UA header in http request

@okta/[email protected]

Features

• #751
  • Support primary authentication flow
  • Add getAuthClient method to expose @okta/okta-auth-js client instance
  • Add Promise support for authenticate method

@okta/okta-react-3.0.1

Features

• [#738] <LoginCallback/> now accepts an optional errorComponent prop that accepts a component that can be passed an error object.
  • By default <LoginCallback/> will render with the <OktaError/> component

Bug Fixes

• <LoginCallback> now triggers only after authState.isPending is false, removing the problem of an error message from parsing the tokens from the url being cleared by the pending authState determination. See #719
• [#738] <Security> now memoizes if it creates an instance of AuthService so as to not create new instances on re-renders

@okta/[email protected]

Breaking Changes

• Uses/requires @okta/okta-auth-js 3.x
  • The pkce option now defaults to true, using the Authorization Code w/PKCE flow
    • Those using the (previous default) Implicit Flow should pass pkce: false to their config
    • See the @okta/okta-auth-js README regarding PKCE OAuth2 Flow for PKCE requirements
      • Which include the Application settings in the Okta Admin Dashboard allowing for PKCE
• The previously deprecated scope option is now fully unsupported
• The scopes option now defaults to ['openid', 'email', 'profile'] instead of the previous ['openid']
  • This default continues to be overridden by any explicit scopes passed in the config

@okta/[email protected]

Breaking Changes

• Uses/requires @okta/okta-auth-js 3.x
  • Notably, this means pkce now defaults to true
  • See the @okta/okta-auth-js README regarding PKCE OAuth2 Flow for requirements
  • The settings for the Application on your Okta Admin Dashboard must include allowing PKCE
  • If you are using the (previous default) Implicit Flow, you should set pkce: false
• <Security> no longer creates a <div> wrapper around its children
  • The className property of <Security> is no longer used
  • Existing applications that rely on this <div> can add it themselves as a parent or direct child of <Security>

@okta/[email protected]

Bug Fixes

• LoginCallback: render error as string (#700)

@okta/[email protected]

#690

Features

• OktaCallbackComponent will catch and display exceptions thrown from handleAuthentication()
• onAuthRequired callbacks will now receive the Angular injector as the 2nd parameter. This change allows logic using any services available within your application.

Bug Fixes

• Saved URI is now stored in sessionStorage instead of localStorage. This fixes an issue which can occur when multiple instances of the app are loading at the same time.
• OktaCallbackComponent uses window.location.replace() to complete the login flow after handleAuthentication completes. This fixes an issue where the user could navigate back to the callback hander.

Breaking Changes

• Signature for onAuthRequired callback functions has changed. Callbacks will receive the OktaAuthService as the first argument, and the Angular Injector as the second argument.
• Static initializer OktaAuthModule.initAuth() has been removed. OKTA_CONFIG should be provided directly by your module.
• getFromUri now returns an absolute URI as a string
• setFromUri takes a string. If it is a relative path, it will be converted to an absolute URI before being saved.
• Legacy config formats are no longer supported. See Configuration Reference for supported values.
• The pkce option now defaults to true, using the Authorization Code w/PKCE flow
  • Those using the (previous default) Implicit Flow should pass pkce: false to their config
  • See the @okta/okta-auth-js README regarding PKCE OAuth2 Flow for PKCE requirements
    • Which include the Application settings in the Okta Admin Dashboard allowing for PKCE

Other

• Upgrades @okta/okta-auth-js to version 3.0.0

@okta/[email protected]

Features

• Now offers synchronous access to the authentication state (after the first asynchronous determination)
• Now offers the following React Hook (2.x requires React 16.8+)
  • useOktaAuth
• Now can be used with other routers than react-router
  • React Router 5 continues to be supported, but is now optional
  • Routers other than React-Router will have to write their own version of LoginCallback component

Breaking Changes

• Requires React 16.8+
• If using react-router, requires react-router 5+
• See the Migration from 1.x to 2.0 section of the README for details on migrating your applications
  • Auth.js and the auth parameter to <Security> have been renamed to AuthService.js and authService
  • <ImplicitCallback> has been replaced with <LoginCallback>
  • auth.IsAuthenticated() has been removed
    • instead use the .isAuthenticated property of the authState object
  • withAuth has been replaced with withOktaAuth, which gives slightly different parameters
    • provides authService instead of auth
    • also provides the authState object
  • the arguments passed to the optional onAuthRequired() callback provided to the <Security> component have changed
  • error handling for authentication is now handled by putting the error into the authState.error property
  • auth.setFromUri() is now authService.setFromUri() and is passed a string (instead of an object)
  • auth.getFromUri() is now authService.getFromUri() and returns a string (instead of an object)