v1.19.0

Added

• SDK-2794 Return token response in getTokenSilently #803 (stevehobbsdev)
• SDK-2793 Ability to define a custom now provider #802 (frederikprijck)

v1.18.0

Added

• SDK-2750 Expose mfa_token from the mfa_required error when getting new tokens #789 (frederikprijck)

Changed

• SDK-2759 Re-scoping cookies and transactions to client ID #796 (stevehobbsdev)
• SDK-2320 Throw login_required error in SPA SDK if running in a cross-origin is… #790 (frederikprijck)

Fixed

• SDK-2692 Remember organization ID for silent authentication #788 (stevehobbsdev)

v1.17.1

Fixed

• Correct cache interface #779 (employee451)

v1.17.0

Added

• Add useFormData to enable application/x-www-form-urlencoded requests #768 (stevehobbsdev)

Changed

• Allow providing a domain that includes http or https. #768 (stevehobbsdev)

Release v1.16.1

This release fixes an edge case when using logout({ localOnly: true }), where it generates a race condition if you happen to query for SDK state directly after logging out.

Now, logout can return a Promise when using a custom cache implementation. In general, if you're interested in accurately assessing SDK state after logging out locally, you should await the result and act afterwards.

const logout = async () => {
  await auth0.logout({ localOnly: true });
  
  const authed = await isAuthenticated();
}

Fixed

• Changes to logout and cache synchronicity #758 (stevehobbsdev)

v1.16.0

This release adds a new extensible cache API, that enables you to bring your own cache implementation instead of relying on our built-in in-memory storage and localStorage implementations.

It's a Promise-based API that opens up the possibility to provide a more secure and complex cache to the SDK.

Here's a simple example that shows how sessionStorage support can be added to the cache:

const sessionStorageCache = {
  get(key) {
    return Promise.resolve(JSON.parse(sessionStorage.getItem(key)));
  },

  set(key, value) {
    return Promise.resolve(sessionStorage.setItem(key, JSON.stringify(value)));
  },

  remove(key) {
    sessionStorage.removeItem(key);
    return Promise.resolve();
  },
};

await createAuth0Client({
  domain: '<AUTH0_DOMAIN>',
  client_id: '<AUTH0_CLIENT_ID>',
  redirect_uri: '<MY_CALLBACK_URL>',
  cache: sessionStorageCache
});

You can read more about the cache API in the readme doc.

Added

• [SDK-2555] Extensible cache #743 (stevehobbsdev)

v1.15.0

Added

• Add Popup cancelled event #724 (degrammer)

Fixed

• Fix popup blocker showing for loginWithPopup in Firefox & Safari #732 (stevehobbsdev)

v1.14.0

Full Changelog

Added

• Add redirectMethod option to loginWithRedirect #717 (slaywell)
• Export errors for type checking #716 (adamjmcgrath)
• Add support for Organizations #720 (stevehobbsdev)

Changed

• Add screen_hint parameter to BaseLoginOptions #721 (damieng)

Fixed

• Updated minor syntax, to allow for TypeScript compiler to be happier #714 (kachihro)
• Revert [SDK-2183] Add warning when requested scopes differ from retrieved scopes #712 (frederikprijck)

v1.13.6

Changed

• Update docs for getIdTokenClaims and getUser #690 (adamjmcgrath)
• [SDK-2238] Only use timeout promise when using fetchWithTimeout without a worker #689 (frederikprijck)
• Do not use AbortController in the worker if not available #679 (stevehobbsdev)
• Do not send useCookiesForTransactions to authorize request #673 (frederikprijck)

Fixed

• Remove the nonce check in handleRedirectCallback #678 (stevehobbsdev)

Security

• Update wait-on to solve security vulnerability #687 (frederikprijck)
• [Security] Bump ini from 1.3.5 to 1.3.7 #672 (dependabot-preview[bot])

v1.13.5

Changed

• [SDK-2173] Expand on behaviour of checkSession in docs #666 (stevehobbsdev)
• [SDK-2183] Add warning when requested scopes differ from retrieved scopes #665 (frederikprijck)
• [SDK-2170] Avoid the possibility to do simultaneous calls to the token endpoint #664 (frederikprijck)
• [SDK-2025] Internal module refactor #661 (stevehobbsdev)
• [SDK-2039] Change cache lookup mechanism #652 (frederikprijck)

Fixed

• [SDK-1739] Recover and logout when throwing invalid_grant on Refresh Token #668 (frederikprijck)

Remarks

This release updates the getUser return type to be more correct. Instead of returning Promise<TUser>, it now returns Promise<TUser | undefined>, which might lead to an Object is possible 'undefined' compiler error in situation where the return value is not checked for being undefined while having set the TypeScript's --strictNullChecks compiler flag to true.