5.5.1

-#93 fix: upgrades express and lodash to resolve CVEs

5.5.0

-#88 feat: adds Node 22 support

5.4.2

-#83 fix: upgrades express to pull in latest body-parser@1.20.3

5.4.1

-#82 fix: includes types in output bundle (#75 wasn't properly backported)

5.4.0

-#78 fix: replaces deprecated csurf package

5.3.1

-#81 fix: includes types in output bundle (#75 wasn't properly backported)

5.3.0

-#77 upgrades openid-client

5.2.1

-#75 fix: includes types in output bundle

5.2.0

#74 feat: adds Node 20 support

5.1.0

-#64 Added type declarations

5.0.1

-#60 chore: dependency updates -#61 chore: adds Node 18 support

5.0.0

Breaking Changes

# Requires Node >= 12.19.0. Update production dependencies:
- openid-client@5.1.9 (was 3.12.2)

4.6

-#53 Fix: prevents open redirects

4.5.1

Bug Fixes

#43 fix: correctly preprends appBaseUrl to redirect url when appBaseUrl contains a base path

4.5.0

Features

#40 Allows passing loginHint to ensureAuthenticated

Bug Fixes

#42 Fixes appBaseUrl option not prepending to login redirect url

4.4.0

Bug Fixes

#34 Fixes Org AS login issue
#3 Call res.redirect() after custom routes.loginCallback.handler
#37 fix: .logout no longer throws error without valid credentials

4.3.0

Other

Release after migrating from monorepo

4.2.0

Bug Fixes

#1020 Fixes issue with UUID returning null

4.1.0

Features

#989 adds callback to allow custom error handling

4.0.3

Bug Fixes

#962
- fixes options.timeout for requests to /token

4.0.2

Bug Fixes

#949
- oidcUtil: support for passport strategy callback without userinfo

4.0.1

Bug Fixes

#731
- Fix redirect issue after login
- Remove dependency connect-ensure-login

4.0.0

Breaking Changes

#661 Requires Node >= 10.13.0. Add support for Node 12. Update production dependencies:
- openid-client@3.12.2 (was 2.5.0)
- passport@0.4.1 (was 0.3.2)
- @okta/configuration-validation@0.4.1 (was 0.2.0)

3.0.0

Breaking Changes

See "Updating" in the README for migration steps

Logout callback route has been removed (/logout/callback). Local session is now cleared before redirect to Okta and the default logout redirect Uri is the app base URL. #644

2.1.0

Features

Support for Org Authorization Servers. #590 - See composing your base url for more information on Authorization Servers.

Bug Fixes

Errors during logout would cause the user to receive an empty page and remain logged in. #585 -

Due to this bug, errors during logout were being incorrectly suppressed and would not have been seen by the server process. Instead, the user would see a blank page. With this fix, the user will be logged out correctly, but the error event will also now be emitted to the server process.

Your server code should be prepared to either log or ignore this error.

2.0.0

Features

a4b54f7 - adds Okta logout capability
a999b95 - adds appBaseUrl, removes redirect_uri
Adds Okta logout capability (informing Okta that the session is ended rather than just locally forgetting the current session) (#162)

Breaking Changes

See "Updating" in the README for migration steps

redirect_uri config option is dropped. The value is either automatically derived from the appBaseUrl and the appropriate routes option, or explicitly set as loginRedirectUri
Two new routes are automatically generated and will override manually created routes of the same path. Unless routes is customized, they are /logout (POST only) and /logout/callback
routes.callback is renamed to routes.loginCallback
routes.callback.defaultRedirect is renamed to routes.loginCallback.afterCallback

1.0.2

Other

2945461 - Updates @okta/configuration-validation version.

1.0.1

Features

ed29bf5 - Adds configuration validation for issuer, client_id, client_secret, and redirect_uri when passed into the middleware.

Other

c37b9cf - Updates the TCK version to support new integration tests.
3582f25 - Rely on shared environment configuration from project root.
c8b7ab5a - Migrate dependencies to project root utilizing yarn workspaces.
8494be0 - Migrate mocha tests to jest.

1.0.0

Features

Attach the requested tokens to the user context object (#226)

app.get('/', (req, res) => {
  if (req.userContext) {
    const tokenSet = req.userContext.tokens;
    const userinfo = req.userContext.userinfo;

    console.log(`Access Token: ${tokenSet.access_token}`);
    console.log(`Id Token: ${tokenSet.id_token}`);
    console.log(`Claims: ${tokenSet.claims}`);
    console.log(`Userinfo Response: ${userinfo}`);

    res.send(`Hi ${userinfo.sub}!`);
  } else {
    res.send('Hi!');
  }
});

Basic configuration validation for catching common input mistakes.

Breaking Changes

req.userinfo is now nested within req.userContext (#226). Please update any use of req.userinfo to req.userContext.userinfo.

FilesExpand file tree

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

5.5.1

5.5.0

5.4.2

5.4.1

5.4.0

5.3.1

5.3.0

5.2.1

5.2.0

5.1.0

5.0.1

5.0.0

Breaking Changes

4.6

4.5.1

Bug Fixes

4.5.0

Features

Bug Fixes

4.4.0

Bug Fixes

4.3.0

Other

4.2.0

Bug Fixes

4.1.0

Features

4.0.3

Bug Fixes

4.0.2

Bug Fixes

4.0.1

Bug Fixes

4.0.0

Breaking Changes

3.0.0

Breaking Changes

2.1.0

Features

Bug Fixes

2.0.0

Features

Breaking Changes

1.0.2

Other

1.0.1

Features

Other

1.0.0

Features

Breaking Changes

0.1.3

Bug Fixes

Other