github auth0/auth0-spa-js v1.7.0
on GitHub

latest releases: v2.1.3, v2.1.2, v2.1.1...
4 years ago

Highlights

This release introduces a number of new features; two of these are detailed below:

Rotating Refresh Tokens

This feature adds support for rotating Refresh Tokens, which can be used to mitigate the effects of modern browser privacy tools, such as Safari's ITP technology. Refresh tokens do not depend on the user's session cookie and thus are unaffected by third-party cookie blocking.

To turn on the use of Refresh Tokens in the SDK, use the useRefreshTokens option when configuring the SDK client: 

await createAuth0Client({
  domain: '<YOUR AUTH0 DOMAIN>',
  client_id: '<YOUR AUTH0 CLIENT ID>',
  useRefreshTokens: true    // the default is 'false'
})

Local Storage

From this release, you will be able to opt-in to using local storage to store the tokens that are returned from the authorization server. The default is to use the in-memory cache.

Note: Enabling local storage changes the security characteristics of your application; please read and understand the implications of enabling use of local storage to store tokens.

To do this, configure the cacheLocation to localstorage when configuring the SDK client: 

await createAuth0Client({
  domain: '<YOUR AUTH0 DOMAIN>',
  client_id: '<YOUR AUTH0 CLIENT ID>',
  cacheLocation: 'localstorage'
})

The full changelog is below.

Added

Changed

Fixed

Security

Check out latest releases or
releases around auth0/auth0-spa-js v1.7.0

Don't miss a new auth0-spa-js release

NewReleases is sending notifications on new releases.

Get notifications