@jmelberg-okta jmelberg-okta released this Mar 27, 2018 · 64 commits to master since this release

Assets 2


  • c7248b3 - Adds ability to override the response_type (#109)
  • c36b794 - Adds TypeScript definitions
  • 1b8940e - Adds ability to override the redirect path on login and logout (#84)


  • 79280a7 - Fixes URL params not being picked up when redirecting (#123)

Breaking Changes

  • ce3fcb3 - Scopes are now passed as a space separated String
  • 0c62752 - Requesting an access token and/or id token returns their String value instead of the object (#75, #106)
  • ba85754 - Make isAuthenticated async
  • 2f82adc - Removes the ability to retrieve the okta-auth-js object. (#105)


oktaAuth.loginRedirect didn't require a path parameter in previous versions of this library. In order to achieve custom redirecting, we've introduced the ability to pass in a custom route that navigates users to on completion.

Note: These changes are only needed when passing additionalParameters to the method.

// Before
   sessionToken: /* sessionToken */

// Now
this.oktaAuth.loginRedirect('/profile', {
   sessionToken: /* sessionToken */

Since scopes are no longer allowed to be passed as an Array, update your configuration's scope value to be a String:

const config = {
  issuer: 'https://{yourOktaDomain}.com/oauth2/default',
  scope: 'openid email profile'

Prior usage of getAccessToken() or getIdToken() would return a token object. Token String values are now returned asynchronously:

// Before
const accessToken = this.oktaAuth.getAccessToken().accessToken;

// Now
const accessToken = await this.oktaAuth.getAccessToken();

Due to the above change, isAuthenticated is also async:

// Before
const loggedIn = this.oktaAuth.isAuthenticated();

// Now
const loggedIn = await this.oktaAuth.isAuthenticated();