Releases: ForgeRock/forgerock-javascript-sdk
@forgerock/[email protected]
[4.2.0] - 2023-09-11
Security: - Proxy config declaring URLs is now required and will be used to generate an allow list of origins to check again prior to fowarding a request.
[4.1.2] - 2023-07-24
Features:
- Initial release of Token Vault
- Initial NPM deployment for latest version (4.1.2)
- Token vault is sync'd to the same version of the SDK.
- @forgerock/javascript-sdk is a peer dependency of Token vault, meaning the application must install it independently.
@forgerock/[email protected]
Changelog
v4.6.0 (2024-08-15)
🚀 Features
- support-metadata-marketplace-protect (a3494b9)
❤️ Thank You
- ryanbas21
[4.4.2] - 2024-05-15
fix(ping-protect): update-module-type by @ryanbas21 in #434
fix(ping-protect): update-signals-sdk by @ryanbas21 in #437
fix(ping-protect): bundling by @ryanbas21 in #440
fix(ping-protect): update-ping-protect-signals-sdk by @ryanbas21 in #441
fix(ping-protect): dynamically load ping protect in start and transpile as esmodule
[4.4.0] - 2024-03-12
feat(ping-protect): Add a new module for Ping Protect and allow for use of .wellknown endpoint for configuration of PingOne as an oauth server
@forgerock/[email protected]
Changelog
[4.6.0] - 2024-08-15
🚀 Features
-
ping-fed-central-login (57e7c80)
-
recaptcha-enterprise-callback (006cec9)
-
support-metadata-marketplace-protect (a3494b9)
-
javascript-sdk: refactor authorize URL utilities for DaVinci (b34e458)
-
javascript-sdk: recaptcha-enterprise (8b4656c)
🩹 Fixes
-
javascript-sdk: allowed-error-messages (88ece3f)
-
javascript-sdk: change pkce utility to return storage function (b4e0fbe)
❤️ Thank You
- Justin Lowery
- ryanbas21
[4.4.2] - 2024-05-15
Features:
feat: new request header by @juangarmendia05 in #432
Fixes:
fix(javascript-sdk): fix-exports-update-protect by @ryanbas21 in #433
fix(javascript-sdk): circular-dep by @ryanbas21 in #435
fix(javascript-sdk): change x-requested-platform to opt-in by @cerebrl in #438
fix(javascript-sdk): add logout redirect for pingone by @cerebrl in #443
[4.4.1] - 2024-03-27
Fixes:
fix(javascript-sdk): Export the classes of ping-protect callbacks from index
[4.4.0] - 2024-03-12
Features:
feat(javascript-sdk): add config.setAsync for wellknown endpoint support
feat(javascript-sdk): handle-device-name-in-response
Fixes
fix(javascript-sdk): add PingOne login error to allowed errors
fix(javascript-sdk): sessionStorage conflict
fix(javascript-sdk): circular-dependency
[4.3.0] - 2024-01-04
Features
- Make a prefix to the storage keys configurable via the Config class
- Added a QR Code utility class to determine if a step has a QR Code and handle QR Codes in SDK
Fixes
- Fix main and module fields in package.json being undefined
[4.2.0] - 2023-09-11
Features:
- Added ability for SDK to accept a logLevel and customLogger option in the config. The default to the logger is
none
which means the SDK will no longer output to the console messages/warnings/console.error calls.
[4.1.2] - 2023-07-20
Features:
- Minor changes to prepare for an upcoming Token Vault release
Fixes:
- fix(javascript-sdk): get-tokens-default-destructure (360df99)
[4.1.1] - 2023-06-29
Features:
- Transaction Authorization advices information adds support for JSON, HTTPClient modified to support this change
Fixes:
- Improved types when in strict mode of Typescript
[4.0.0] - 2023-05-23
Breaking Changes:
- Dropped UMD bundle support, if you would like to use a UMD bundle it's available in 3.4 or you can produce your own by git cloning the repo and setting up the ability to do so.
- Removed Event and FRUI modules
Deprecated:
- JavaScript support configuration property deprecated.
Features:
- Updated the esmodule bundle
- Added interface to register a name to a webauthn device
Fixes:
- Fixed Policy Types so that a PolicyRequirement array is outputted from
failedPolicies
Infrastructure:
- Updated tags in github to be prefixed with package name
Changelog
[3.4.0] - 2022-10-18
- Fixed HTTP headers by capitalizing all header names
- Add support for TextInput Callback
- Fix object checks for device profile callback and use globalThis instead of window
[3.3.1] - 2022-05-18
- Fixed issue where UMD bundle namespace changed
[3.3.0] - 2022-04-25
Added:
- OAuth token threshold config property and proactive refresh of tokens expiring soon
- Add Angular sample app to the repo
[3.2.2] - 2022-1-31
Fixed
- Fixed typescript transpilation bug in esmodule config
[3.2.1] - 2022-1-31
Fixed
- Updated readme
[3.2.0] - 2022-1-31
Fixed
/authorize
call not honoring middleware overwrites- expand middleware passing to call-site so that it overwrites middleware set in
config
Added:
- Refactor of end-to-end test suite to use playwright test runner instead of jest
- Upgrade rxjs version from 6 to 7 in
autoscript
files for e2e tests - Remove SSL certificate dependency in CI
- Move to using Github Actions for CI
- Convert to monorepo using
nx
- Add react sample app to the repo
- Remove certificate dependency across all sample apps
- Replaced development bundle with a rollup production bundle in javascript-sdk package
- Update Readme's in all packages / samples
- Added a CONTRIBUTING.MD file
- Added a pull request template for contributors
[3.0.0] - 2021-6-24
Added
- "Native" Social Login callbacks for both the original AM nodes in 6.5 and the new IDM nodes in 7.0
- SDK Social Login feature officially supports Apple, Facebook and Google
- New
FRAuth
methods for handing redirection to provider and resuming an authentication journeyFRAuth.redirect
for redirecting to an Identity Provider for authenticationFRAuth.resume
supports both return from an IdP and returning from Email Suspend node
- New
FRAuth.start
method that aliasesFRAuth.next
to align native mobile SDKs - E2E test pages will now follow your OS's dark mode setting
Fixed
- Arbitrary query parameters are now passed along through to the
/authorize
endpoint supporting the use of ACR values for tree specificity - Fixed build issue when using Windows PowerShell
- WebAuthn error handling is now standardized according to the WebAuthn spec
- When WebAuthn encounters an error, the SDK now formats the error appropriately for AM and sets it into the hiddenValueCallback; this allows the developer to just send it to AM "as is" or handle it specially when catching the thrown error
- Changed the default behavior in case of unidentified storage, to be the localStorage option
- Increased timeout (20 to 60 seconds) for E2E tests to avoid pure timeout failures
Breaking
- WebAuthn's thrown error message text has been changed to align with spec, so check all conditionals comparing error message strings
- Renamed
getAuthorizeUrl
method togetAuthCodeByIframe
- Removed the single parameter from
createVerifier
function - Removal of
nonce
function
[2.2.0] - 2020-12-18
Added
- Centralized login support has been added
- OAuth authorize endpoint now supports both iframe and fetch through the new
support
property in the config - Support for TypeScript 4.0
Fixed
step.getStage()
is no longer used in sample app;getStage(step)
is now used for better compatibility with AM 6.5FRUser.logout
now uses a try-catch around each endpoint call, rather than a single try-catch, ensuring an error in one doesn't interrupt other endpoints being called- Paths for sample app now point to correct favicon image
- Improved automation testing
- Compatibility with AM 6.5.3 WebAuthn nodes
- Step detection with
getWebAuthnStepType
and "usernameless" configuration getTokens
method withforceRenew
now revokes existing tokens, if present, before requesting new ones
[2.1.0] - 2020-08-25
Added
- Support for "usernameless" login (storing username on WebAuthn capable tech)
- Support for the recovery code display node and the parsing of the codes from the TextOutputCallback
- Support for user verification property for WebAuthn
- Updated support for new IDM nodes for registration and self-service: BooleanAttributeInputCallback and NumberAttributeInputCallback support
- Added SuspendedTextOutputCallback support for the new Email Suspended Node
- Added SessionManager.logout() call back to FRUser.logout()
Fixed
- Conditionally set user verification, relying party and allow credentials to WebAuthn key options
- Added exclude credentials to script parsing for WebAuthn key options
- Ensure display name and username are correctly parsed and added to WebAuthn key options
- Add authenticator attachment to WebAuthn and other WebAuthn fixes for custom configuration
- Increased entropy for cryptographic functions related to PKCE for both state and verifier
- Improved instructions for cert creation for sample app
Deprecated
- Name change for
getAuthorizeUrl
: method's name will change to better reflect its behavior in v3 - Removal of
nonce
: this utility is no longer used in the SDK, and therefore will be removed in v3 - Function signature change for
createVerifier
: the parameter will be removed in v3.
[2.0.0] - 2020-06-22
Added
- Support for authorization by transaction
- Support for authorization by tree
- Support for device profile collection callback
- Allow server paths to be configurable
- Allow OAuth token storage to be configurable
- Support for request "middleware" for modifying request from SDK
- "Containerize" code base for easier development
- End-to-end tests now use Playwright and mock Node.js server
- Support for WebAuthn script-based authentication
Fixed
- Increased default timeout to accommodate development/debugging
- Provide alternative token store for Firefox Private IndexedDB bug
- Aligned json-based WebAuthn with 7.0 release of AM
[1.0.5] - 2020-01-16
Added
- Support for additional querystring parameters (e.g.
suspendedId
) when invoking authentication trees
[1.0.4] - 2020-01-06
Fixed
- Renamed
getWebAuthStepType
togetWebAuthnStepType
inFRWebAuthn
module
[1.0.3] - 2020-01-06
Added
- Replaced
url
andquerystring
dependencies to avoid build issues in some environments
[1.0.2] - 2019-12-20
Added
- Exported
Deferred
andnonce
[1.0.1] - 2019-12-19
Added
- Server mocking with Mirage JS for E2E tests
- Version header to all OpenAM calls to avo...
v4.6.0
What's Changed
- Develop -> Master 4.4.0 by @ryanbas21 in #431
- fix(javascript-sdk): fix-exports-update-protect by @ryanbas21 in #433
- feat: new request header by @juangarmendia05 in #432
- fix(ping-protect): update-module-type by @ryanbas21 in #434
- fix(javascript-sdk): circular-dep by @ryanbas21 in #435
- fix(javascript-sdk): change x-requested-platform to opt-in by @cerebrl in #438
- fix(ping-protect): update-signals-sdk by @ryanbas21 in #437
- build(ping-protect): update-module-resolution by @ryanbas21 in #439
- fix(ping-protect): bundling by @ryanbas21 in #440
- refactor: update-nx-e2e-tests-builds by @ryanbas21 in #423
- fix(ping-protect): update-ping-protect-signals-sdk by @ryanbas21 in #441
- fix(javascript-sdk): add logout redirect for pingone by @cerebrl in #443
- build(javascript-sdk): update-build-to-vite-lib by @ryanbas21 in #442
- chore(javascript-sdk): package-versions by @ryanbas21 in #444
- chore(javascript-sdk): changelogs by @ryanbas21 in #445
- feat(javascript-sdk): refactor authorize URL utilities for DaVinci by @cerebrl in #449
- Mock api v2 by @ryanbas21 in #450
- chore: update-nx by @ryanbas21 in #451
- feat: ping-fed-central-login by @ryanbas21 in #452
- Recaptcha enterprise by @ryanbas21 in #459
- feat: support-metadata-marketplace-protect by @ryanbas21 in #453
- chore: update-nx by @ryanbas21 in #461
- chore: fix-deps by @ryanbas21 in #465
- chore: fix-side-effects by @ryanbas21 in #469
- chore: fix-subpath by @ryanbas21 in #470
- fix(javascript-sdk): allowed-error-messages by @ryanbas21 in #471
- fix(javascript-sdk): change pkce utility to return storage function by @cerebrl in #472
- chore: update-changelogandpackage by @ryanbas21 in #475
- release 4.5 by @ryanbas21 in #473
New Contributors
- @juangarmendia05 made their first contribution in #432
Full Changelog: v4.4.0...v4.6.0
v4.4.2
What's Changed
- fix(javascript-sdk): fix-exports-update-protect by @ryanbas21 in #433
- feat: new request header by @juangarmendia05 in #432
- fix(ping-protect): update-module-type by @ryanbas21 in #434
- fix(javascript-sdk): circular-dep by @ryanbas21 in #435
- fix(javascript-sdk): change x-requested-platform to opt-in by @cerebrl in #438
- fix(ping-protect): update-signals-sdk by @ryanbas21 in #437
- build(ping-protect): update-module-resolution by @ryanbas21 in #439
- fix(ping-protect): bundling by @ryanbas21 in #440
- refactor: update-nx-e2e-tests-builds by @ryanbas21 in #423
- fix(ping-protect): update-ping-protect-signals-sdk by @ryanbas21 in #441
- fix(javascript-sdk): add logout redirect for pingone by @cerebrl in #443
- build(javascript-sdk): update-build-to-vite-lib by @ryanbas21 in #442
- chore(javascript-sdk): package-versions by @ryanbas21 in #444
- chore(javascript-sdk): changelogs by @ryanbas21 in #445
New Contributors
- @juangarmendia05 made their first contribution in #432
Full Changelog: v4.4.0...v4.4.2
v4.4.0
What's Changed
- feat(javascript-sdk): add-getdisplayname-to-recoverycodes by @ryanbas21 in #414
- feat(ping-protect): new module for Ping Protect by @cerebrl in #415
- fix(javascript-sdk): circular-dependency by @ryanbas21 in #418
- test: update tests for ping protect and add some for sdk. e2e tests f… by @ryanbas21 in #421
- fix(javascript-sdk): sessionStorage conflict by @cerebrl in #419
- feat(javascript-sdk): export-step-options-type by @ryanbas21 in #426
- fix(javascript-sdk): add PingOne login error to allowed errors by @cerebrl in #427
- feat(javascript-sdk): add config.setAsync for wellknown endpoint support by @cerebrl in #429
- chore: release-work by @ryanbas21 in #430
Full Changelog: 4.3.0...v4.4.0
@forgerock/javascript-sdk 4.3.0
What's Changed
- feat(javascript-sdk): add QR Code utility class by @cerebrl in #390
- build: remove-access-token-nx by @ryanbas21 in #391
- build: remove-cloud-commands by @ryanbas21 in #392
- Remove token for master by @ryanbas21 in #393
- feat(reactjs-todo): add WebAuthn support for react todo sample app by @juanManuel05 in #394
- fix(mock-api): fix-introspect-call by @ryanbas21 in #396
- feat(javascript-sdk): make-prefix-configurable by @ryanbas21 in #398
- feat(reactjs-todo): add social login for react todo sample app by @juanManuel05 in #399
- feat(reactjs-todo): fix bugs by @juanManuel05 in #401
- fix(javascript-sdk): package-json by @ryanbas21 in #403
- docs(javascript-sdk): update-changelog-and-version by @ryanbas21 in #407
- ci: remove-previews by @ryanbas21 in #408
Full Changelog: 4.2.0...4.3.0
@forgerock/[email protected]
What's Changed
- docs(javascript-sdk): fix-changelog by @ryanbas21 in #382
- [Sample App] Create a social login sample app in SDK by @juanManuel05 in #380
- feat(angular-todo): add support for social login by @juanManuel05 in #383
- feat(javascript-sdk): add-logger-functionality by @ryanbas21 in #381
- Fix proxy origins check by @ryanbas21 in #385
- feat(angular-todo): webAuthn support for Angular by @juanManuel05 in #384
- fix(javascript-sdk): expose-logger-functions-type by @ryanbas21 in #386
- chore: update-versions by @ryanbas21 in #388
- docs: update-changelogs by @ryanbas21 in #389
- Release 4.2.0 by @ryanbas21 in #387
New Contributors
- @juanManuel05 made their first contribution in #380
Full Changelog: @forgerock/[email protected]
@forgerock/[email protected]
What's Changed
- docs(token-vault): add readme by @cerebrl in #375
- chore(token-vault): update-metadata-for-release by @ryanbas21 in #376
- Release Token Vault 4.1.2 by @ryanbas21 in #378
Full Changelog: https://github.com/ForgeRock/forgerock-javascript-sdk/compare/@forgerock/[email protected]...@forgerock/[email protected]
@forgerock/[email protected]
What's Changed
- test(token-vault): improve e2e automation feature testing by @cerebrl in #358
- fix(token-vault): removing /sessions endpoint from interception by @cerebrl in #365
- fix(javascript-sdk): get-tokens-default-destructure by @ryanbas21 in #368
- chore: update-package-version by @ryanbas21 in #370
- chore(javascript-sdk): remove-extra-return by @ryanbas21 in #372
- chore(javascript-sdk): update-changelog by @ryanbas21 in #373
Full Changelog: https://github.com/ForgeRock/forgerock-javascript-sdk/compare/@forgerock/[email protected]...@forgerock/[email protected]