- Added Refresh Token behaviour mostly for usage in Mobile apps. More info here
- Fixed error when no callback was added
- Added
changePassowrd
behaviour forreset
call if auth0.js is injected
- Fixed error when signin was failling with auth0.js and still saving undefined cookies.
- Added new delegation methods according to new
auth0.js
release.
- Fixed bug with redirect mode and callbacks
- Added
auth.profilePromise
field for using promises.
- Fixed bug with Username-Password not working when using minified auth0-angular.js
- We've removed promised for
signin
,signup
andreset
. Promises can only be fullfilled once. Therefore, if a person would open the signin widget and put the wrong password 3 times and then put it ok, the promise was never notified of the success. That's why we changed only for these 3 to callbacks. This is a breaking change and that's why we're releasing 2.0.0.
- Updated documentation to add custom storage
- When forbiden, deleting stored values
- Implemented token expired functionality. Fixes #54
- Updated all documentation
- Added
signup
andreset
functions to trigger the widget in those modes
- Added
hookEvents
method inauth
to hook all events once the app is started. - Calling
logout
event once signout is done
- Better popup handling (powered by Winchan).
- Phonegap support.
- updated examples: Auth0.js to 3.1 and Widget to 5.0.
- Added
sso
configuration to theauthProvider
to useSSO
.
- We've refactored the code to improve code quality
- We've improved
redirect
feature of the SDK. Now, theredirect
feature parses the hash with theaccessToken
as part of Angular's URL changing process - We've added
requiresLogin
paramter to routes to specify if a route is protected or not. If a user tries to get to a protected route, he'll be redirected to the login page - We've added the
refreshToken
method to easily refresh the JWT token that we have - We've added a better way to subscribe to events like
loginSuccess
andloginFailure
. This events now receive all the properties from authentication and you can inject any AngularJS service in there to use. - We've extracted the token saving module to
auth0.storage
module so that if you want to implement your own storage instead of usingngCookies
you easily can if you useauthStorage
interface. - Now you just need to add one
auth0
module to your project and it'll work for eitherredirect
,poppup
and it includes the$httpInterceptor
that sends the JWT. - All the examples and documentation have been updated for this new interface
- Lots of other small bug and fixes
- Added
state
toauth
when getting values from hash or cookies.
- Now on
logout
we are disposing properlyprofile
anddelegatedTokens
.
- Fixes issues with Auth0 and Auth0Widget minified versions: When on 0.4.3 it was made compatible with RequireJS a check to
constructor.name
was used to make sure the name of the constructor instance. When tested against the minified versions that value was the name of the minified constructor name (so it always executed the code for the widget which receives callback as third parameter). Now this check is performed by asserting getClient method to be present (part of Auth0 Widget but not Auth0.js).
- Fixes Auth0Widget check to be compatible with requireJS.
- Adding
main
attribute topackage.json
- Fixing
isAuthenticated
bug: whenidToken
expiredisAuthenticated
still was set to true.
## 0.4.0
- Adding support for Auth0 Widget with popup mode (only social).
- Fixed bug on
authInterceptor
: when$http
request failed it executedsuccess
instead oferror
callback.
- Adding event AUTH_EVENTS.loginFailed to replace AUTH_EVENTS.loginFailure. From this version, usage of AUTH_EVENTS.loginFailed is deprecated.
- Fixed redirect mode: fixing exception when reloading a page after authentication.
- The default way of showing social connections is by using popup. If you want to use redirect mode, you may want to check the new redirect example.
- Renamed module
auth0-auth
to beauth0
. Oldauth0
module is called nowauth0-redirect
. - The
auth.loaded
promise, which allows the user to tell whether or not the page has loaded, was added AUTH_EVENTS.redirectEnded
now is fired always (even afterAUTH_EVENTS.loginSuccess
andAUTH_EVENTS.loginFailed
).- Now
auth.signin
method returns a promise:auth.signin({connection: 'my-connection'}).then(function () { // When user is authenticated }, function () { // On invalid credentials });
- Replaced $safeApply with $timeout.
- There is only one instance of
auth.profile
. When doinggetProfile
the promise returnsauth.profile
not a new instance. auth.profile
by default starts as an empty object that will be later populated when thegetProfile
promise is resolved.authProvider.init
was changed toauthProvider.init(options, [Auth0Constructor]).
Auth0Constructoris a constructor (function that can be
new`ed) that could be either Auth0 (found in auth0.js) or Auth0Widget (found in auth0-widget). RequireJS users now are able to parametrize the constructor to be used.
- Version 1.2.16 of Angular changed the behavior of how
$cookies
handles$cookies.hello = undefined
. In the past, it erasedhello
but now serializesundefined
as"undefined"
. Replacing$cookies
with$cookieStore
(which handle serialization) to avoid further problems. - Adding error handling when cookie parsing fails so it does not break the library.
- Updating Angular version to 1.2.16.
- Profile is no longer saved in cookies as, in some cases, it was bigger than the maximum allowed size. Current policy is to store it in memory and each time page reloads fetch it again.
- Fixed: when login fails the proper error object is sent in the
AUTH_EVENTS.loginFailed
event. - Fixing bug that made
getToken
method fail: AsgetToken
is not exposed by the widget it should be accessed using thegetClient
method that returns the auth0.js wrapped instance.
- Added
AUTH_EVENTS.redirectEnded
event that is emitted when the callback URL is parsed but it does not contain neitheraccess_token
norerror
. On that way, it can be determined whether the redirect ended to execute an action. For example, this is useful with theAUTH_EVENTS.loginSuccess
andAUTH_EVENTS.loginFailed
to show a loading page while being redirected.
-
Removed promises from
signin
method. Now the way to handle login is by listening toAUTH_EVENTS.loginSuccess
:$rootScope.$on(AUTH_EVENTS.loginSuccess, function () { // TODO Handle when login succeeds $location.path('/'); });
-
Removed
ngRoute
androute
from auth0-angular. -
Created a dictionary with the authentication events:
myApp.run(function ($rootScope, AUTH_EVENTS) { $rootScope.$on(AUTH_EVENTS.loginSuccess, function () { // TODO Handle login success here! }); });
-
authInterceptor
must to be added explicitely on the user code. The idea behind this is to prevent leaking the token in CORS requests.