v1.13.6 (2021-01-07)
Changed
- Update docs for getIdTokenClaims and getUser #690 (adamjmcgrath)
- [SDK-2238] Only use timeout promise when using fetchWithTimeout without a worker #689 (frederikprijck)
- Do not use AbortController in the worker if not available #679 (stevehobbsdev)
- Do not send useCookiesForTransactions to authorize request #673 (frederikprijck)
Fixed
- Remove the nonce check in handleRedirectCallback #678 (stevehobbsdev)
Security
- Update wait-on to solve security vulnerability #687 (frederikprijck)
- [Security] Bump ini from 1.3.5 to 1.3.7 #672 (dependabot-preview[bot])
v1.13.5 (2020-12-08)
Changed
- [SDK-2173] Expand on behaviour of checkSession in docs #666 (stevehobbsdev)
- [SDK-2183] Add warning when requested scopes differ from retrieved scopes #665 (frederikprijck)
- [SDK-2170] Avoid the possibility to do simultaneous calls to the token endpoint #664 (frederikprijck)
- [SDK-2025] Internal module refactor #661 (stevehobbsdev)
- [SDK-2039] Change cache lookup mechanism #652 (frederikprijck)
Fixed
- [SDK-1739] Recover and logout when throwing invalid_grant on Refresh Token #668 (frederikprijck)
Remarks
This release updates the getUser return type to be more correct. Instead of returning Promise<TUser>, it now returns Promise<TUser | undefined>, which might lead to an Object is possible 'undefined' compiler error in situation where the return value is not checked for being undefined while having set the TypeScript's --strictNullChecks compiler flag to true.
v1.13.4 (2020-12-02)
Added
- [SDK-2172] Add SDK metrics to all API calls #659 (frederikprijck)
Changed
- [SDK-1159] Use generics for getUser #651 (frederikprijck)
v1.13.3 (2020-11-13)
Fixed
- [SDK-2156] Heed timeoutInSeconds when calling getTokenSilently with refresh tokens #639 (stevehobbsdev)
v1.13.2 (2020-11-09)
Added
- [SDK-2121] Add support for token validation for Organizations #631 (stevehobbsdev)
v1.13.1 (2020-10-29)
Changed
- [SDK-2037] Remove cacheLocation guard from checkSession #613 (frederikprijck)
- [SDK-2092] Do not use Web Worker for Safari < 12.1 #612 (frederikprijck)
Fixed
v1.13.0 (2020-10-21)
Added
- [SDK-2042] Fallback option for transactions using cookies #603 (stevehobbsdev)
- Refactor logout to use buildLogoutUrl #595 (rnwolfe)
- Add an option to extend cookie expire day #586 (luisfmsouza)
Fixed
- Use AbortController polyfill in Web Worker #598 (frederikprijck)
- [SDK-1994] GMaps breaks SPA JS on IE11 #592 (adamjmcgrath)
v1.12.1 (2020-09-17)
Fixed
- Remove
sessionStoragerequirement from instantiation to fix SSR environments #578 (adamjmcgrath)
v1.12.0 (2020-09-04)
Added
- [SDK-1858] Create legacy samsite cookie by default #568 (adamjmcgrath)
Changed
- Dependency updates #569 (stevehobbsdev)
- Update FAQ.md with information on silent authentication problems #550 (stevehobbsdev)
Fixed
- [SDK-1837] Session storage support for transactions #564 (stevehobbsdev)
- [SDK-1924] client methods should handle partially filled arguments #561 (adamjmcgrath)
- [SDK-1885] Add some additional state validation #560 (adamjmcgrath)
- [SDK-1912] Unnecessary latency in
getTokenSilentlywith primed cache #558 (adamjmcgrath) - fix: add missing types to utils.ts and errors.ts #547 (SeyyedKhandon)
- Exclude windows absolute paths as well as posix #534 (adamjmcgrath)
v1.11.0 (2020-07-21)
Added
- [SDK-1560] Allow issuer as url #523 (adamjmcgrath)
- [SDK-1790] use refresh_tokens with multiple audiences #521 (adamjmcgrath)
- [SDK-1650] Add
messageto errors that don't have one #520 (adamjmcgrath)
Fixed
- [SDK-1798] prevent unnecessary token requests #525 (adamjmcgrath)
- [SDK-1789] Add custom initial options to the 2 getToken methods #524 (adamjmcgrath)
v1.10.0 (2020-06-17)
Changed
- [SDK-1696] Allow caller of cache.get to specify an expiry time adjustment #491 (stevehobbsdev)
Fixed
- Don't include mocks in build #503 (adamjmcgrath)
- [SDK-1699] Fix ID token validation for auth_time #497 (stevehobbsdev)
- Add secure attribute to cookies if served over HTTPS #472 (ties-v)
v1.9.0 (2020-06-02)
Added
- [SDK-1695] Add
auth0Clientoption so wrapper libraries can send their own client info #490 (adamjmcgrath) - Add
checkSessionand ignore recoverable errors #482 (adamjmcgrath)
Fixed
- Update docs for returnTo and client_id params on logout #484 (stevehobbsdev)
v1.8.2 (2020-05-26)
Fixed
- [SDK-1640] Allow the client to be constructed in a Node SSR environment #471 (adamjmcgrath)
- [SDK-1634] Pass custom options to the token endpoint #465 (stevehobbsdev)
- [SDK-1649] Fix issue where cache was missed when scope parameter was provided #461 (adamjmcgrath)
v1.8.1 (2020-05-06)
Fixed
- Fix issue with create-react-app webpack build #451 (adamjmcgrath)
v1.8.0 (2020-04-30)
Added
- [SDK-1417] Customizable default scopes #435 (stevehobbsdev)
- include polyfill for Set #426 (tony-aq)
Fixed
- Update rollup-plugin-web-worker-loader to 1.1.1 #443 (stevehobbsdev)
- Updated
login_hintjs docs to clarify usage with Lock #441 (stevehobbsdev)
v1.7.0 (2020-04-15)
Added
- Support for rotating refresh tokens #315 (stevehobbsdev)
- Export types from global TypeScript file. #310 (maxswa)
- Local Storage caching mechanism #303 (stevehobbsdev)
Changed
- Use Web Workers for token endpoint call for in-memory storage #409 (adamjmcgrath)
- Export constructor #385 (adamjmcgrath)
- Fall back to iframe method if no refresh token is available #364 (stevehobbsdev)
- Removed setTimeout cache removal in favour of removal-on-read #354 (stevehobbsdev)
- Stop checking
isAuthenticatedcookie on initialization when using local storage #352 (stevehobbsdev) - getTokenSilently retry logic #336 (stevehobbsdev)
- Fixed issue with cache not retaining refresh token #333 (stevehobbsdev)
Fixed
- Check if source of event exists before closing it #410 (gerritdeperrit)
- Check if iframe is still in body before removing #399 (paulfalgout)
- Fix typings to allow custom claims in ID token #386 (picosam)
- Fix error in library type definitions #367 (devoto13)
Security
- Dependency upgrade #405 (stevehobbsdev)
v1.7.0-beta.5 (2020-03-26)
Changed
- [SDK-1379] Export constructor #385 (adamjmcgrath)
v1.7.0-beta.4 (2020-03-03)
Changed
- [SDK-1386] Fall back to iframe method if no refresh token is available #364 (stevehobbsdev)
Fixed
v1.7.0-beta.3 (2020-02-17)
Added
Changed
- [SDK-1352] Removed setTimeout cache removal in favour of removal-on-read #354 (stevehobbsdev)
- [SDK-1352] Stop checking
isAuthenticatedcookie on initialization when using local storage #352 (stevehobbsdev) - [SDK-1279] getTokenSilently retry logic #336 (stevehobbsdev)
v1.7.0-beta.2 (2020-01-16)
Changed
- Fixed issue with cache not retaining refresh token #333 (stevehobbsdev)
v1.7.0-beta.1 (2020-01-08)
Added
- Ability to use either an in-memory cache (the default) or localstorage to store tokens - stevehobbsdev - auth0#303
- Added support for rotating refresh tokens - stevehobbsdev - auth0#315
v1.6.5 (2020-03-19)
Changed
- [SDK-1395] Refactor loginWithPopup to optionally accept an existing popup window #368 (stevehobbsdev)
- handleRedirectCallback wont pass redirect_uri undefined if not set in transaction #374 (albertlockett)
- Update dependencies within semver ranges #371 (stevehobbsdev)
- [SDK-1099] Add
localOnlylogout option #362 (adamjmcgrath) - center popup over owner window #356 (ggascoigne)
Fixed
- [SDK-1127] Delay removal of iframe to prevent Chrome hanging status bug #240 #376 (adamjmcgrath)
- [SDK-1125] createAuth0Client now throws errors that are not login_required #369 (stevehobbsdev)
v1.6.4 (2020-02-10)
Changed
- [SDK-1308] Return appState value on error from handleRedirectCallback #348 (stevehobbsdev)
- Configurable timeout for getTokenSilently() #347 (Serjlee)
v1.6.3 (2020-01-28)
Fixed
- Send same redirect_uri as /authorize to /token #341 (stevehobbsdev)
- No longer acquires a browser lock if there was a hit on the cache #339 (stevehobbsdev)
- Use user provided params on silent login #318 (nkete)
v1.6.2 (2020-01-13)
Removed
Removed future issued-at claim check stevehobbsdev - auth0#329
v1.6.1 (2020-01-07)
Fixed
Included core-js polyfill for String.includes to fix an issue with browser-tabs-lock in IE11 stevehobbsdev - auth0#325
Added import definition to Getting Started section in the Readme for clarity thundermiracle - auth0#294
v1.6.0 (2019-11-19)
Added Added buildAuthorizeUrl and url parameter to handleRedirectCallback - austin43 - auth0#280
Fixed Released browser lock on getTokenSilently error - auth0#276 Updates browser-tabs-lock to fix issue of long acquired lock - super-tokens - https://github.com/auth0/auth0-spa-js/commit/3413e30bdb5955c818989cdc050079fa6efb6050
v1.5.0 (2019-10-31)
Added Add a new property 'fragment' to be appended to the authorize URL on redirect - auth0#249
v1.4.2 (2019-10-30)
Fixed Update typescript definition for max_age param - auth0#260 Fix for typings files in packaged SDK - auth0#263
v1.4.1 (2019-10-30)
Fixed Updated types path in package.json auth0#261
v1.4.0 (2019-10-30)
Added
Add 'lock' to prevent getTokenSilently to be invoked in parallel auth0#238
Improved OIDC compliance auth0#248
Fixed
Fix for race condition when using sha256 on IE11 auth0#252
Fixed the codeowners file with the correct group auth0#253
Document leeway default value auth0#256
Clear transaction data on error auth0#254
v1.3.2 (2019-10-17)
Fixed
parseQueryString now removes hash fragment on query before parsing auth0#246
v1.3.1 (2019-10-14)
Fixed Fix IE msCrypto.subtle usage auth0#242
v1.3.0 (2019-10-10)
Fixed Add missing char for nonce/state generation auth0#230 Fix query parsing when using hash routing auth0#231 Fix safari10 initialization error auth0#232
Changed Add early expiration of Access Token in cache auth0#233
v1.2.4 (2019-09-24)
Fixed
Fix empty PKCE code challenge auth0#221
v1.2.3 (2019-09-02)
Fixed
Fix incorrect state extraction from query string auth0#197
v1.2.2 (2019-08-28)
Fixed
Fix SSR errors with fetch polyfill usage auth0#184
v1.2.1 (2019-08-27)
Fixed
Replace promise polyfill for a pure one. This fixes using this library with zone.js. auth0#180
v1.2.0 (2019-08-26)
Fixed
- Expose raw id_token in the getIdTokenClaims method auth0#175
- Fix bug where oauth/token call ignores
options.audienceauth0#134
Added
- Add IE11 polyfills auth0#154
- Add popup timeout config auth0#133
- Add ?federated logout param auth0#129
v1.1.1 (2019-07-22)
Fixed
- Make sure the production bundle is ES5 compatible. auth0#98
v1.1.0 (2019-07-15)
Changed
- Allow redirect_uri override in loginWithRedirect - auth0#66
- Make options argument for popup and redirect optional - auth0#61
- Mark redirect_uri optional in RedirectLoginOptions - auth0#53
v1.0.2 (2019-07-02)
Changed
- Add polyfill for TextEncoder - auth0#46
v1.0.1 (2019-06-24)
Changed
- Reduce transaction cookie size - auth0#32
v1.0.0 (2019-06-19)
Initial Release