Skip to content

Releases: ForgeRock/forgerock-javascript-sdk

@forgerock/[email protected]

13 Dec 00:00
210d647
Compare
Choose a tag to compare

Major Changes

@forgerock/[email protected]

11 Dec 21:50
3502c2a
Compare
Choose a tag to compare

Patch Changes

@forgerock/[email protected]

07 Nov 17:13
d4cc59b
Compare
Choose a tag to compare

[4.2.0] - 2023-09-11

Security: - Proxy config declaring URLs is now required and will be used to generate an allow list of origins to check again prior to fowarding a request.

[4.1.2] - 2023-07-24

Features:

  • Initial release of Token Vault
  • Initial NPM deployment for latest version (4.1.2)
  • Token vault is sync'd to the same version of the SDK.
  • @forgerock/javascript-sdk is a peer dependency of Token vault, meaning the application must install it independently.

@forgerock/[email protected]

07 Nov 17:13
d4cc59b
Compare
Choose a tag to compare

Changelog

v4.6.0 (2024-08-15)

🚀 Features

  • support-metadata-marketplace-protect (a3494b9)

❤️ Thank You

  • ryanbas21

[4.4.2] - 2024-05-15

fix(ping-protect): update-module-type by @ryanbas21 in #434
fix(ping-protect): update-signals-sdk by @ryanbas21 in #437
fix(ping-protect): bundling by @ryanbas21 in #440
fix(ping-protect): update-ping-protect-signals-sdk by @ryanbas21 in #441
fix(ping-protect): dynamically load ping protect in start and transpile as esmodule

[4.4.0] - 2024-03-12

feat(ping-protect): Add a new module for Ping Protect and allow for use of .wellknown endpoint for configuration of PingOne as an oauth server

@forgerock/[email protected]

07 Nov 17:13
d4cc59b
Compare
Choose a tag to compare

Changelog

[4.6.0] - 2024-08-15

🚀 Features

  • ping-fed-central-login (57e7c80)

  • recaptcha-enterprise-callback (006cec9)

  • support-metadata-marketplace-protect (a3494b9)

  • javascript-sdk: refactor authorize URL utilities for DaVinci (b34e458)

  • javascript-sdk: recaptcha-enterprise (8b4656c)

🩹 Fixes

  • javascript-sdk: allowed-error-messages (88ece3f)

  • javascript-sdk: change pkce utility to return storage function (b4e0fbe)

❤️ Thank You

  • Justin Lowery
  • ryanbas21

[4.4.2] - 2024-05-15

Features:
feat: new request header by @juangarmendia05 in #432

Fixes:
fix(javascript-sdk): fix-exports-update-protect by @ryanbas21 in #433
fix(javascript-sdk): circular-dep by @ryanbas21 in #435
fix(javascript-sdk): change x-requested-platform to opt-in by @cerebrl in #438
fix(javascript-sdk): add logout redirect for pingone by @cerebrl in #443

[4.4.1] - 2024-03-27

Fixes:
fix(javascript-sdk): Export the classes of ping-protect callbacks from index

[4.4.0] - 2024-03-12

Features:

feat(javascript-sdk): add config.setAsync for wellknown endpoint support
feat(javascript-sdk): handle-device-name-in-response

Fixes
fix(javascript-sdk): add PingOne login error to allowed errors
fix(javascript-sdk): sessionStorage conflict
fix(javascript-sdk): circular-dependency

[4.3.0] - 2024-01-04

Features

  • Make a prefix to the storage keys configurable via the Config class
  • Added a QR Code utility class to determine if a step has a QR Code and handle QR Codes in SDK

Fixes

  • Fix main and module fields in package.json being undefined

[4.2.0] - 2023-09-11

Features:

  • Added ability for SDK to accept a logLevel and customLogger option in the config. The default to the logger is none which means the SDK will no longer output to the console messages/warnings/console.error calls.

[4.1.2] - 2023-07-20

Features:

  • Minor changes to prepare for an upcoming Token Vault release

Fixes:

  • fix(javascript-sdk): get-tokens-default-destructure (360df99)

[4.1.1] - 2023-06-29

Features:

  • Transaction Authorization advices information adds support for JSON, HTTPClient modified to support this change

Fixes:

  • Improved types when in strict mode of Typescript

[4.0.0] - 2023-05-23

Breaking Changes:

  • Dropped UMD bundle support, if you would like to use a UMD bundle it's available in 3.4 or you can produce your own by git cloning the repo and setting up the ability to do so.
  • Removed Event and FRUI modules

Deprecated:

  • JavaScript support configuration property deprecated.

Features:

  • Updated the esmodule bundle
  • Added interface to register a name to a webauthn device

Fixes:

  • Fixed Policy Types so that a PolicyRequirement array is outputted from failedPolicies

Infrastructure:

  • Updated tags in github to be prefixed with package name

Changelog

[3.4.0] - 2022-10-18

  • Fixed HTTP headers by capitalizing all header names
  • Add support for TextInput Callback
  • Fix object checks for device profile callback and use globalThis instead of window

[3.3.1] - 2022-05-18

  • Fixed issue where UMD bundle namespace changed

[3.3.0] - 2022-04-25

Added:

  • OAuth token threshold config property and proactive refresh of tokens expiring soon
  • Add Angular sample app to the repo

[3.2.2] - 2022-1-31

Fixed

  • Fixed typescript transpilation bug in esmodule config

[3.2.1] - 2022-1-31

Fixed

  • Updated readme

[3.2.0] - 2022-1-31

Fixed

  • /authorize call not honoring middleware overwrites
  • expand middleware passing to call-site so that it overwrites middleware set in config

Added:

  • Refactor of end-to-end test suite to use playwright test runner instead of jest
  • Upgrade rxjs version from 6 to 7 in autoscript files for e2e tests
  • Remove SSL certificate dependency in CI
  • Move to using Github Actions for CI
  • Convert to monorepo using nx
  • Add react sample app to the repo
  • Remove certificate dependency across all sample apps
  • Replaced development bundle with a rollup production bundle in javascript-sdk package
  • Update Readme's in all packages / samples
  • Added a CONTRIBUTING.MD file
  • Added a pull request template for contributors

[3.0.0] - 2021-6-24

Added

  • "Native" Social Login callbacks for both the original AM nodes in 6.5 and the new IDM nodes in 7.0
  • SDK Social Login feature officially supports Apple, Facebook and Google
  • New FRAuth methods for handing redirection to provider and resuming an authentication journey
    • FRAuth.redirect for redirecting to an Identity Provider for authentication
    • FRAuth.resume supports both return from an IdP and returning from Email Suspend node
  • New FRAuth.start method that aliases FRAuth.next to align native mobile SDKs
  • E2E test pages will now follow your OS's dark mode setting

Fixed

  • Arbitrary query parameters are now passed along through to the /authorize endpoint supporting the use of ACR values for tree specificity
  • Fixed build issue when using Windows PowerShell
  • WebAuthn error handling is now standardized according to the WebAuthn spec
  • When WebAuthn encounters an error, the SDK now formats the error appropriately for AM and sets it into the hiddenValueCallback; this allows the developer to just send it to AM "as is" or handle it specially when catching the thrown error
  • Changed the default behavior in case of unidentified storage, to be the localStorage option
  • Increased timeout (20 to 60 seconds) for E2E tests to avoid pure timeout failures

Breaking

  • WebAuthn's thrown error message text has been changed to align with spec, so check all conditionals comparing error message strings
  • Renamed getAuthorizeUrl method to getAuthCodeByIframe
  • Removed the single parameter from createVerifier function
  • Removal of nonce function

[2.2.0] - 2020-12-18

Added

  • Centralized login support has been added
  • OAuth authorize endpoint now supports both iframe and fetch through the new support property in the config
  • Support for TypeScript 4.0

Fixed

  • step.getStage() is no longer used in sample app; getStage(step) is now used for better compatibility with AM 6.5
  • FRUser.logout now uses a try-catch around each endpoint call, rather than a single try-catch, ensuring an error in one doesn't interrupt other endpoints being called
  • Paths for sample app now point to correct favicon image
  • Improved automation testing
  • Compatibility with AM 6.5.3 WebAuthn nodes
  • Step detection with getWebAuthnStepType and "usernameless" configuration
  • getTokens method with forceRenew now revokes existing tokens, if present, before requesting new ones

[2.1.0] - 2020-08-25

Added

  • Support for "usernameless" login (storing username on WebAuthn capable tech)
  • Support for the recovery code display node and the parsing of the codes from the TextOutputCallback
  • Support for user verification property for WebAuthn
  • Updated support for new IDM nodes for registration and self-service: BooleanAttributeInputCallback and NumberAttributeInputCallback support
  • Added SuspendedTextOutputCallback support for the new Email Suspended Node
  • Added SessionManager.logout() call back to FRUser.logout()

Fixed

  • Conditionally set user verification, relying party and allow credentials to WebAuthn key options
  • Added exclude credentials to script parsing for WebAuthn key options
  • Ensure display name and username are correctly parsed and added to WebAuthn key options
  • Add authenticator attachment to WebAuthn and other WebAuthn fixes for custom configuration
  • Increased entropy for cryptographic functions related to PKCE for both state and verifier
  • Improved instructions for cert creation for sample app

Deprecated

  • Name change for getAuthorizeUrl: method's name will change to better reflect its behavior in v3
  • Removal of nonce: this utility is no longer used in the SDK, and therefore will be removed in v3
  • Function signature change for createVerifier: the parameter will be removed in v3.

[2.0.0] - 2020-06-22

Added

  • Support for authorization by transaction
  • Support for authorization by tree
  • Support for device profile collection callback
  • Allow server paths to be configurable
  • Allow OAuth token storage to be configurable
  • Support for request "middleware" for modifying request from SDK
  • "Containerize" code base for easier development
  • End-to-end tests now use Playwright and mock Node.js server
  • Support for WebAuthn script-based authentication

Fixed

  • Increased default timeout to accommodate development/debugging
  • Provide alternative token store for Firefox Private IndexedDB bug
  • Aligned json-based WebAuthn with 7.0 release of AM

[1.0.5] - 2020-01-16

Added

  • Support for additional querystring parameters (e.g. suspendedId) when invoking authentication trees

[1.0.4] - 2020-01-06

Fixed

  • Renamed getWebAuthStepType to getWebAuthnStepType in FRWebAuthn module

[1.0.3] - 2020-01-06

Added

  • Replaced url and querystring dependencies to avoid build issues in some environments

[1.0.2] - 2019-12-20

Added

  • Exported Deferred and nonce

[1.0.1] - 2019-12-19

Added

  • Server mocking with Mirage JS for E2E tests
  • Version header to all OpenAM calls to avo...
Read more

v4.6.0

16 Oct 20:19
836665e
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v4.4.0...v4.6.0

v4.4.2

15 May 20:33
6eac0fc
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v4.4.0...v4.4.2

v4.4.0

13 Mar 15:22
1592197
Compare
Choose a tag to compare

What's Changed

  • feat(javascript-sdk): add-getdisplayname-to-recoverycodes by @ryanbas21 in #414
  • feat(ping-protect): new module for Ping Protect by @cerebrl in #415
  • fix(javascript-sdk): circular-dependency by @ryanbas21 in #418
  • test: update tests for ping protect and add some for sdk. e2e tests f… by @ryanbas21 in #421
  • fix(javascript-sdk): sessionStorage conflict by @cerebrl in #419
  • feat(javascript-sdk): export-step-options-type by @ryanbas21 in #426
  • fix(javascript-sdk): add PingOne login error to allowed errors by @cerebrl in #427
  • feat(javascript-sdk): add config.setAsync for wellknown endpoint support by @cerebrl in #429
  • chore: release-work by @ryanbas21 in #430

Full Changelog: 4.3.0...v4.4.0

@forgerock/javascript-sdk 4.3.0

05 Jan 16:07
2568fe9
Compare
Choose a tag to compare

What's Changed

Full Changelog: 4.2.0...4.3.0

@forgerock/[email protected]

18 Sep 18:12
2de41db
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: @forgerock/[email protected]