Releases: edx/frontend-auth
v9.0.3
v9.0.2
v9.0.1
v9.0.0
9.0.0 (2019-11-05)
Features
BREAKING CHANGES
- (Behavior Change) Frontend-auth intercepts outbound requests and attempts to refresh the jwt token if it does not exist or is expired. In the case of a 401 response indicating that the user is logged out, frontend auth will not redirect the user to login, and will allow the outbound request to proceed. Prior behavior: Upon receiving a 401 response, frontend-auth would block the request and redirect the user to login.
ensureAuthenticatedUser continues to redirect if the user is logged out.
API Changes
getAuthenticatedAPIClienthas been renamed togetAuthenticatedApiClient. Note the capitalization changes: API > Api.redirectToLogout(formerlyapiClient.logout)redirectToLogin(formerlyapiClient.login)ensureAuthenticatedUser(formerlyapiClient.ensureAuthenticatedUser)
See the updated README for more details.
v8.0.0
8.0.0 (2019-11-01)
Features
- refactor csrf and jwt roken refreshing and tests (1667c95)
BREAKING CHANGES
-
frontend-logging is no longer a direct dependency of this package. As a result you must make sure it is configured prior to calling getAuthenticatedAPIClient. In all likelihood all users of this package we already doing this. This change removes a kind of doubling up on configuration of the logging service.
-
feat: simplify access token refresh queuing
-
test: update authInterface tests
-
refactor: breakout access token logic from authInterface
-
test: leverage axios mock for tests
-
refactor: csrf token manager
-
fix: naming of customattributes
v7.0.1
v7.0.0
7.0.0 (2019-09-18)
Bug Fixes
- refactor ensurePublicOrAuthenticationAndCookies (100960e)
In addition to the below breaking changes:
- Fixes bug introduced in 6.0.2 where a null refresh token would redirect to login. It now properly rejects the Promise without redirecting.
- Adds protection against an infinite redirect loop with the login page.
BREAKING CHANGES
- The refactor has the following breaking changes:
- Renamed ensurePublicOrAuthenticationAndCookies to
ensureAuthenticatedUser. - Removed the capability to handle public routes in
ensureAuthenticatedUser. Just don't call it. - Removed getAuthenticationState() function which was unreliable,
because it used the cookie which could have expired since it was tested.
Instead, use the new response sent to the ensureAuthenticatedUser
promise (see below). - Removed the deprecated callback. Just use the promise instead.
The promise is now resolved with an object of the form:
{
authenticatedUser: {...},
decodedAccessToken: {...},
}
In the above object:
authenticatedUseris an object containing user account data that
was stored in the access token.decodedAccessTokenis the raw version of the data used to create
authenticatedUser.
ARCH-948
Upgrade Example
For an example of upgrading an application to frontend-auth 7.0.0,
see edx/frontend-app-payment@2777894...f4b72bf
v6.0.2
v6.0.1
v6.0.0
6.0.0 (2019-08-28)
Code Refactoring
-
promises: consistently return promises from ensure methods (289f782)
-
Merge pull request #61 from edx/djoy/promise-ify-ensure-methods (fbccbcb), closes #61
BREAKING CHANGES
- Making the callback optional and deprecated. Promises are a more flexible way of waiting for the methods to finish. Breaking change because it technically changes the method return value signature. No known repositories are using the return value, luckily.
- promises: Making the callback optional and deprecated. Promises are the preferred way of waiting for the methods to finish. Breaking change because it technically changes the method return value signature. No known repositories are using the return value, luckily.
Also updating eslint-related packages so that the linter will stop complaining about object rest/spread issues.