-#83 fix: upgrades express to pull in latest [email protected]
-#82 fix: includes types in output bundle (#75 wasn't properly backported)
-#78 fix: replaces deprecated csurf package
-#81 fix: includes types in output bundle (#75 wasn't properly backported)
-#77 upgrades openid-client
-#75 fix: includes types in output bundle
- #74 feat: adds Node 20 support
-#64 Added type declarations
-#60 chore: dependency updates -#61 chore: adds Node 18 support
- # Requires Node >= 12.19.0. Update production dependencies:
[email protected](was 3.12.2)
-#53 Fix: prevents open redirects
- #43 fix: correctly preprends
appBaseUrlto redirect url whenappBaseUrlcontains a base path
- #40 Allows passing
loginHinttoensureAuthenticated
- #42 Fixes
appBaseUrloption not prepending to login redirect url
- #34 Fixes Org AS login issue
- #3 Call
res.redirect()after customroutes.loginCallback.handler - #37 fix:
.logoutno longer throws error without valid credentials
- Release after migrating from monorepo
- #1020 Fixes issue with UUID returning null
- #989 adds callback to allow custom error handling
- #962
- fixes options.timeout for requests to /token
- #949
- oidcUtil: support for passport strategy callback without userinfo
- #731
- Fix redirect issue after login
- Remove dependency
connect-ensure-login
- #661 Requires Node >= 10.13.0. Add support for Node 12. Update production dependencies:
[email protected](was 2.5.0)[email protected](was 0.3.2)@okta/[email protected](was 0.2.0)
See "Updating" in the README for migration steps
- Logout callback route has been removed (
/logout/callback). Local session is now cleared before redirect to Okta and the default logout redirect Uri is the app base URL. #644
- Support for Org Authorization Servers. #590 - See composing your base url for more information on Authorization Servers.
-
Errors during logout would cause the user to receive an empty page and remain logged in. #585 -
Due to this bug, errors during logout were being incorrectly suppressed and would not have been seen by the server process. Instead, the user would see a blank page. With this fix, the user will be logged out correctly, but the error event will also now be emitted to the server process.
Your server code should be prepared to either log or ignore this error.
-
a4b54f7- adds Okta logout capability -
a999b95- adds appBaseUrl, removes redirect_uri -
Adds Okta logout capability (informing Okta that the session is ended rather than just locally forgetting the current session) (#162)
See "Updating" in the README for migration steps
redirect_uriconfig option is dropped. The value is either automatically derived from theappBaseUrland the appropriateroutesoption, or explicitly set asloginRedirectUri- Two new routes are automatically generated and will override manually created routes of the same path. Unless
routesis customized, they are/logout(POST only) and/logout/callback routes.callbackis renamed toroutes.loginCallbackroutes.callback.defaultRedirectis renamed toroutes.loginCallback.afterCallback
2945461- Updates@okta/configuration-validationversion.
ed29bf5- Adds configuration validation forissuer,client_id,client_secret, andredirect_uriwhen passed into the middleware.
c37b9cf- Updates the TCK version to support new integration tests.3582f25- Rely on shared environment configuration from project root.c8b7ab5a- Migrate dependencies to project root utilizing yarn workspaces.8494be0- Migrate mocha tests to jest.
-
Attach the requested tokens to the user context object (#226)
app.get('/', (req, res) => { if (req.userContext) { const tokenSet = req.userContext.tokens; const userinfo = req.userContext.userinfo; console.log(`Access Token: ${tokenSet.access_token}`); console.log(`Id Token: ${tokenSet.id_token}`); console.log(`Claims: ${tokenSet.claims}`); console.log(`Userinfo Response: ${userinfo}`); res.send(`Hi ${userinfo.sub}!`); } else { res.send('Hi!'); } });
-
Basic configuration validation for catching common input mistakes.
req.userinfois now nested withinreq.userContext(#226). Please update any use ofreq.userinfotoreq.userContext.userinfo.