Auth0 authentication for Single Page Applications (SPA) with PKCE
MIT License
Bot releases are visible (Hide)
Published by frederikprijck almost 4 years ago
Added
Changed
Published by stevehobbsdev almost 4 years ago
Fixed
Published by stevehobbsdev almost 4 years ago
[SDK-2121] Add support for ID token validation for Organizations #631 (stevehobbsdev)
Note: This relates to a product feature that is not yet generally available
for public consumption.
Published by stevehobbsdev almost 4 years ago
Changed
Fixed
Published by frederikprijck almost 4 years ago
Added
Fixed
Published by adamjmcgrath about 4 years ago
Fixed
sessionStorage
requirement from instantiation to fix SSR environments #578 (adamjmcgrath)Published by adamjmcgrath about 4 years ago
Added
Changed
Fixed
getTokenSilently
with primed cache #558 (adamjmcgrath)Published by adamjmcgrath about 4 years ago
Added
message
to errors that don't have one #520 (adamjmcgrath)Fixed
Published by stevehobbsdev over 4 years ago
Changed
Fixed
Published by adamjmcgrath over 4 years ago
Added
auth0Client
option so wrapper libraries can send their own client info #490 (adamjmcgrath)checkSession
and ignore recoverable errors #482 (adamjmcgrath)Fixed
Published by adamjmcgrath over 4 years ago
Fixed
Published by adamjmcgrath over 4 years ago
Fixed
Published by stevehobbsdev over 4 years ago
This version fixes a problem using the SDK within a Gatsby site, which would fail a build with a "Blob
is not defined" error, as well as introducing the ability to specify custom default scopes.
Usage:
await createAuth0Client({
domain: 'your-domain.auth0.com',
client_id: 'some-client-id-xyz',
advancedOptions: {
defaultScope: 'email'
}
}
Added
Fixed
login_hint
js docs to clarify usage with Lock #441 (stevehobbsdev)Published by stevehobbsdev over 4 years ago
This release introduces a number of new features; two of these are detailed below:
This feature adds support for rotating Refresh Tokens, which can be used to mitigate the effects of modern browser privacy tools, such as Safari's ITP technology. Refresh tokens do not depend on the user's session cookie and thus are unaffected by third-party cookie blocking.
To turn on the use of Refresh Tokens in the SDK, use the useRefreshTokens
option when configuring the SDK client:
await createAuth0Client({
domain: '<YOUR AUTH0 DOMAIN>',
client_id: '<YOUR AUTH0 CLIENT ID>',
useRefreshTokens: true // the default is 'false'
})
From this release, you will be able to opt-in to using local storage to store the tokens that are returned from the authorization server. The default is to use the in-memory cache.
Note: Enabling local storage changes the security characteristics of your application; please read and understand the implications of enabling use of local storage to store tokens.
To do this, configure the cacheLocation
to localstorage
when configuring the SDK client:
await createAuth0Client({
domain: '<YOUR AUTH0 DOMAIN>',
client_id: '<YOUR AUTH0 CLIENT ID>',
cacheLocation: 'localstorage'
})
The full changelog is below.
Added
Changed
isAuthenticated
cookie on initialization when using local storage #352 (stevehobbsdev)Fixed
Security
Published by adamjmcgrath over 4 years ago
Changed
Published by adamjmcgrath over 4 years ago
Changed
localOnly
logout option #362 (adamjmcgrath)Fixed
Published by stevehobbsdev over 4 years ago
Changed
Fixed
Published by stevehobbsdev over 4 years ago
Added
Changed
isAuthenticated
cookie on initialization when using local storage #352 (stevehobbsdev)Published by stevehobbsdev over 4 years ago
Published by stevehobbsdev over 4 years ago
Fixed