okta · aarongranick-okta · Oct 21, 2021
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,7 +2,12 @@
 
 ## 5.7.0
 
+### Features
+
+- [#983](https://github.com/okta/okta-auth-js/pull/983) Adds new method `setHeaders`
+
 ### Other
+
 - [#981](https://github.com/okta/okta-auth-js/pull/981) TypeScript: Allows optional paramters for IDX methods
 
 ## 5.6.0

diff --git a/README.md b/README.md
@@ -827,6 +827,7 @@ Defaults to `none` if the `secure` option is `true`, or `lax` if the `secure` op
 * [removeOriginalUri](#removeoriginaluri)
 * [isLoginRedirect](#isloginredirect)
 * [handleLoginRedirect](#handleloginredirecttokens)
+* [setHeaders](#setheaders)
 * [tx.resume](#txresume)
 * [tx.exists](#txexists)
 * [transaction.status](#transactionstatus)
@@ -1111,6 +1112,31 @@ Stores passed in tokens or tokens from redirect url into storage, then redirect
 
 > **Note:** `handleLoginRedirect` throws `OAuthError` or `AuthSdkError` in case there are errors during token retrieval.
 
+### `setHeaders()`
+
+Can set (or unset) request headers after construction.
+
+```javascript
+const authClient = new OktaAuth({
+  issuer: 'https://{yourOktaDomain}',
+
+  // headers can be set during construction
+  headers: {
+    foo: 'bar'
+  }
+});
+
+// Headers can be set (or modified) after construction
+authClient.setHeaders({
+  foo: 'baz'
+});
+
+// Headers can be removed
+authClient.setHeaders({
+  foo: undefined
+})
+```
+
 ### `tx.resume()`
 
 See [authn API](docs/authn.md#txresume).

diff --git a/lib/OktaAuth.ts b/lib/OktaAuth.ts
@@ -298,6 +298,10 @@ class OktaAuth implements SDKInterface, SigninAPI, SignoutAPI {
     this.tokenManager.stop();
   }
 
+  setHeaders(headers) {
+    this.options.headers = Object.assign({}, this.options.headers, headers);
+  }
+
   // ES6 module users can use named exports to access all symbols
   // CommonJS module users (CDN) need all exports on this object
 

diff --git a/test/spec/OktaAuth/options.ts b/test/spec/OktaAuth/options.ts
@@ -16,42 +16,81 @@ import {
 } from '@okta/okta-auth-js';
 
 describe('OktaAuth - options', function() {
-  let auth;
-  let issuer;
+  let testContext;
 
   beforeEach(function() {
-    issuer =  'http://my-okta-domain';
-    auth = new OktaAuth({ issuer, pkce: false });
+    const issuer =  'http://my-okta-domain';
+    testContext = {
+      issuer
+    };
   });
 
   describe('PKCE', function() {
 
     it('is true by default', function() {
+      const { issuer } = testContext;
       spyOn(OktaAuth.features, 'isPKCESupported').and.returnValue(true);
-      auth = new OktaAuth({ issuer });
+      const auth = new OktaAuth({ issuer });
       expect(auth.options.pkce).toBe(true);
     });
 
     it('can be set to "false" by arg', function() {
-      auth = new OktaAuth({ pkce: false, issuer: 'http://my-okta-domain' });
+      const { issuer } = testContext;
+      const auth = new OktaAuth({ pkce: false, issuer });
       expect(auth.options.pkce).toBe(false);
     });
   });
 
   describe('getToken options', function() {
     it('responseType is undefined by default', function() {
+      const { issuer } = testContext;
+      const auth = new OktaAuth({ issuer });
       expect(auth.options.responseType).toBeUndefined();
     });
     it('can set responseType', function() {
-      auth = new OktaAuth({ issuer, responseType: 'code' });
+      const { issuer } = testContext;
+      const auth = new OktaAuth({ issuer, responseType: 'code' });
       expect(auth.options.responseType).toBe('code');
     });
     it('scopes is undefined by default', function() {
+      const { issuer } = testContext;
+      const auth = new OktaAuth({ issuer });
       expect(auth.options.scopes).toBeUndefined();
     });
     it('can set scopes', function() {
-      auth = new OktaAuth({ issuer, scopes: ['fake', 'scope']});
+      const { issuer } = testContext;
+      const auth = new OktaAuth({ issuer, scopes: ['fake', 'scope']});
       expect(auth.options.scopes).toEqual(['fake', 'scope']);
     });
   });
+
+  describe('headers', function() {
+    it('headers are initially undefined', () => {
+      const { issuer } = testContext;
+      const auth = new OktaAuth({ issuer });
+      expect(auth.options.headers).toBeUndefined();
+    });
+    it('headers can be set in constructor', () => {
+      const { issuer } = testContext;
+      const headers = { foo: 'bar' };
+      const auth = new OktaAuth({ issuer, headers });
+      expect(auth.options.headers).toEqual(headers);
+    });
+    it('headers can be set after construction', () => {
+      const { issuer } = testContext;
+      const auth = new OktaAuth({ issuer });
+      expect(auth.options.headers).toBeUndefined();
+      const headers = { foo: 'bar' };
+      auth.setHeaders(headers);
+      expect(auth.options.headers).toEqual(headers);
+    });
+    it('headers can be removed after construction', () => {
+      const { issuer } = testContext;
+      const headers = { foo: 'bar' };
+      const auth = new OktaAuth({ issuer, headers });
+      expect(auth.options.headers).toEqual(headers);
+      auth.setHeaders({ foo: undefined });
+      expect(auth.options.headers).toEqual({});
+    });
+  });
 });