diff --git a/CHANGELOG.md b/CHANGELOG.md index 93e4f073..318ab733 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Change Log +## [v2.4.0](https://github.com/auth0/react-native-auth0/tree/v2.4.0) (2020-06-05) + +[Full Changelog](https://github.com/auth0/react-native-auth0/compare/v2.3.1...v2.4.0) + +**Added** + +- Added support for ephemeral sessions [SDK-1412][\#305](https://github.com/auth0/react-native-auth0/pull/305) ([Widcket](https://github.com/Widcket)) + +**Security** + +- Bump dependencies in the lock file [\#313](https://github.com/auth0/react-native-auth0/pull/313) ([lbalmaceda](https://github.com/lbalmaceda)) + ## [v2.3.1](https://github.com/auth0/react-native-auth0/tree/v2.3.1) (2020-04-29) [Full Changelog](https://github.com/auth0/react-native-auth0/compare/v2.3.0...v2.3.1) diff --git a/docs/Auth.html b/docs/Auth.html index da7fb8bf..0e6a17c0 100644 --- a/docs/Auth.html +++ b/docs/Auth.html @@ -2067,8 +2067,8 @@
Returns:

diff --git a/docs/Auth0.html b/docs/Auth0.html index 786e74e0..0782205f 100644 --- a/docs/Auth0.html +++ b/docs/Auth0.html @@ -229,8 +229,8 @@

Classes


diff --git a/docs/Auth0.module.exports.html b/docs/Auth0.module.exports.html index 80f8ecef..3a7d796c 100644 --- a/docs/Auth0.module.exports.html +++ b/docs/Auth0.module.exports.html @@ -294,8 +294,8 @@
Parameters:

diff --git a/docs/Users.html b/docs/Users.html index d57604ea..2b016d83 100644 --- a/docs/Users.html +++ b/docs/Users.html @@ -462,8 +462,8 @@
Returns:

diff --git a/docs/WebAuth.html b/docs/WebAuth.html index f5ad334e..d2f95e6c 100644 --- a/docs/WebAuth.html +++ b/docs/WebAuth.html @@ -266,7 +266,7 @@

@@ -306,7 +306,7 @@

Parameters:
-

parameters to send on the AuthN/AuthZ request.

+

Parameters to send on the AuthN/AuthZ request.

@@ -333,7 +333,7 @@
Parameters:
@@ -368,7 +368,7 @@
Parameters:
@@ -385,7 +385,7 @@
Parameters:
@@ -439,7 +439,7 @@
Parameters:
@@ -518,7 +535,7 @@

@@ -557,7 +574,7 @@

Parameters:

- random string to prevent CSRF attacks and used to + Random string to prevent CSRF attacks and used to discard unexepcted results. By default its a cryptographically secure random.

@@ -351,7 +351,7 @@
Parameters:

- random string to prevent replay attacks of + Random string to prevent replay attacks of id_tokens.

- identifier of Resource Server (RS) to be included + Identifier of Resource Server (RS) to be included as audience (aud claim) of the issued access token

- scopes requested for the issued tokens. e.g. + Scopes requested for the issued tokens. e.g. openid profile

-

options for ID token validation configuration.

+

Other configuration options.

@@ -472,6 +472,23 @@
Parameters:

+ + + + + + + + + +
ephemeralSession + Boolean + <optional>
 +

+ Disable Single-Sign-On (SSO). It only affects iOS + with versions 13 and above. +

+
-

parameters to send

+

Parameters to send

@@ -613,8 +630,8 @@
Returns:

- Generated by JSDoc 3.6.3 on - Wed Apr 29 2020 17:09:02 GMT-0300 (Argentina Standard Time) using the + Generated by JSDoc 3.6.4 on + Fri Jun 05 2020 13:51:54 GMT-0300 (Argentina Standard Time) using the Minami theme.
diff --git a/docs/global.html b/docs/global.html index 9b5178c6..5b4229ce 100644 --- a/docs/global.html +++ b/docs/global.html @@ -268,8 +268,8 @@
Returns:

- Generated by JSDoc 3.6.3 on - Wed Apr 29 2020 17:09:01 GMT-0300 (Argentina Standard Time) using the + Generated by JSDoc 3.6.4 on + Fri Jun 05 2020 13:51:54 GMT-0300 (Argentina Standard Time) using the Minami theme.
diff --git a/docs/index.html b/docs/index.html index b40b2e9d..53f7f0d9 100644 --- a/docs/index.html +++ b/docs/index.html @@ -298,13 +298,13 @@

Compatibility Matrix

Getting Started

First install the native library module:

-

Using npm

+

With npm

$ npm install react-native-auth0 --save

-

or yarn

+

With Yarn

$ yarn add react-native-auth0

Then, you need to run the following command to install the ios app - pods with Cocoapods. That will auto-link the iOS library. + pods with Cocoapods. That will auto-link the iOS library:

$ cd ios && pod install

Configuration

@@ -372,17 +372,17 @@

Android

- For more info please read + For more info please read the react native docs + >React Native docs.

iOS

Inside the ios folder find the file - AppDelegate.[swift|m] add the following to it + AppDelegate.[swift|m] add the following to it: 

iOS
           

             and then below it register a URL type entry using the value of
             CFBundleIdentifier as the value for
-            CFBundleURLSchemes
+            CFBundleURLSchemes:
           

           
iOS
           
           

             

-              For more info please read
+              For more info please read the
               react native docs
+                >React Native docs.
             

           

           
Callback URL(s)

@@ -550,13 +550,25 @@ 
Usage

             

           
           
Web Authentication

-          
Log in

+          
Login

           
auth0.webAuth
   .authorize({scope: 'openid email profile'})
   .then(credentials => console.log(credentials))
   .catch(error => console.log(error));
 

-          
Log out

+          
Disable Single Sign On (iOS 13+ only)

+          

+            Use the ephemeralSession parameter to disable SSO on
+            iOS 13+. This way iOS will not display the consent popup that
+            otherwise shows up when SSO is enabled. It has no effect on older
+            versions of iOS or Android.
+          

+          
auth0.webAuth
+  .authorize({scope: 'openid email profile'}, {ephemeralSession: true})
+  .then(credentials => console.log(credentials))
+  .catch(error => console.log(error));
+

+          
Logout

           
auth0.webAuth.clearSession().catch(error => console.log(error));
@@ -772,8 +784,8 @@ 
License

     

 
     

-      Generated by JSDoc 3.6.3 on
-      Wed Apr 29 2020 17:09:01 GMT-0300 (Argentina Standard Time) using the
+      Generated by JSDoc 3.6.4 on
+      Fri Jun 05 2020 13:51:54 GMT-0300 (Argentina Standard Time) using the
       Minami theme.
     

 
diff --git a/docs/index.js.html b/docs/index.js.html
index 14bebb32..54ed9b34 100644
--- a/docs/index.js.html
+++ b/docs/index.js.html
@@ -229,8 +229,8 @@ 
index.js

     

 
     

-      Generated by JSDoc 3.6.3 on
-      Wed Apr 29 2020 17:09:01 GMT-0300 (Argentina Standard Time) using the
+      Generated by JSDoc 3.6.4 on
+      Fri Jun 05 2020 13:51:53 GMT-0300 (Argentina Standard Time) using the
       Minami theme.
     

 
diff --git a/docs/src_auth_index.js.html b/docs/src_auth_index.js.html
index 2061d306..f2eee8e4 100644
--- a/docs/src_auth_index.js.html
+++ b/docs/src_auth_index.js.html
@@ -697,8 +697,8 @@ 
src/auth/index.js

     

 
     

-      Generated by JSDoc 3.6.3 on
-      Wed Apr 29 2020 17:09:01 GMT-0300 (Argentina Standard Time) using the
+      Generated by JSDoc 3.6.4 on
+      Fri Jun 05 2020 13:51:53 GMT-0300 (Argentina Standard Time) using the
       Minami theme.
     

 
diff --git a/docs/src_management_users.js.html b/docs/src_management_users.js.html
index a1d7f09a..db87c97d 100644
--- a/docs/src_management_users.js.html
+++ b/docs/src_management_users.js.html
@@ -297,8 +297,8 @@ 
src/management/users.js

     

 
     

-      Generated by JSDoc 3.6.3 on
-      Wed Apr 29 2020 17:09:01 GMT-0300 (Argentina Standard Time) using the
+      Generated by JSDoc 3.6.4 on
+      Fri Jun 05 2020 13:51:53 GMT-0300 (Argentina Standard Time) using the
       Minami theme.
     

 
diff --git a/docs/src_webauth_index.js.html b/docs/src_webauth_index.js.html
index 39ca5b2d..ac759e74 100644
--- a/docs/src_webauth_index.js.html
+++ b/docs/src_webauth_index.js.html
@@ -228,15 +228,16 @@ 
src/webauth/index.js

    * To learn more about how to customize the authorize call, check the Universal Login Page
    * article at https://auth0.com/docs/hosted-pages/login
    *
-   * @param {Object} parameters parameters to send on the AuthN/AuthZ request.
-   * @param {String} [parameters.state] random string to prevent CSRF attacks and used to discard unexepcted results. By default its a cryptographically secure random.
-   * @param {String} [parameters.nonce] random string to prevent replay attacks of id_tokens.
-   * @param {String} [parameters.audience] identifier of Resource Server (RS) to be included as audience (aud claim) of the issued access token
-   * @param {String} [parameters.scope] scopes requested for the issued tokens. e.g. `openid profile`
-   * @param {String} [parameters.connection] The name of the identity provider to use, e.g. "google-oauth2" or "facebook". When not set, it will display Auth0's Universal Login Page.
-   * @param {Number} [parameters.max_age] The allowable elapsed time in seconds since the last time the user was authenticated (optional).
-   * @param {Object} options options for ID token validation configuration.
-   * @param {Number} [options.leeway] The amount of leeway, in seconds, to accommodate potential clock skew when validating an ID token's claims. Defaults to 60 seconds if not specified.
+   * @param {Object}  parameters Parameters to send on the AuthN/AuthZ request.
+   * @param {String}  [parameters.state] Random string to prevent CSRF attacks and used to discard unexepcted results. By default its a cryptographically secure random.
+   * @param {String}  [parameters.nonce] Random string to prevent replay attacks of id_tokens.
+   * @param {String}  [parameters.audience] Identifier of Resource Server (RS) to be included as audience (aud claim) of the issued access token
+   * @param {String}  [parameters.scope] Scopes requested for the issued tokens. e.g. `openid profile`
+   * @param {String}  [parameters.connection] The name of the identity provider to use, e.g. "google-oauth2" or "facebook". When not set, it will display Auth0's Universal Login Page.
+   * @param {Number}  [parameters.max_age] The allowable elapsed time in seconds since the last time the user was authenticated (optional).
+   * @param {Object}  options Other configuration options.
+   * @param {Number}  [options.leeway] The amount of leeway, in seconds, to accommodate potential clock skew when validating an ID token's claims. Defaults to 60 seconds if not specified.
+   * @param {Boolean} [options.ephemeralSession] Disable Single-Sign-On (SSO). It only affects iOS with versions 13 and above.
    * @returns {Promise}
    * @see https://auth0.com/docs/api/authentication#authorize-client
    *
@@ -256,44 +257,46 @@ 
src/webauth/index.js

         ...parameters,
       };
       const authorizeUrl = this.client.authorizeUrl(query);
-      return agent.show(authorizeUrl).then(redirectUrl => {
-        if (!redirectUrl || !redirectUrl.startsWith(redirectUri)) {
-          throw new AuthError({
-            json: {
-              error: 'a0.redirect_uri.not_expected',
-              error_description: `Expected ${redirectUri} but got ${redirectUrl}`,
-            },
-            status: 0,
-          });
-        }
-        const query = url.parse(redirectUrl, true).query;
-        const {code, state: resultState, error} = query;
-        if (error) {
-          throw new AuthError({json: query, status: 0});
-        }
-        if (resultState !== expectedState) {
-          throw new AuthError({
-            json: {
-              error: 'a0.state.invalid',
-              error_description: `Invalid state received in redirect url`,
-            },
-            status: 0,
-          });
-        }
+      return agent
+        .show(authorizeUrl, options.ephemeralSession)
+        .then(redirectUrl => {
+          if (!redirectUrl || !redirectUrl.startsWith(redirectUri)) {
+            throw new AuthError({
+              json: {
+                error: 'a0.redirect_uri.not_expected',
+                error_description: `Expected ${redirectUri} but got ${redirectUrl}`,
+              },
+              status: 0,
+            });
+          }
+          const query = url.parse(redirectUrl, true).query;
+          const {code, state: resultState, error} = query;
+          if (error) {
+            throw new AuthError({json: query, status: 0});
+          }
+          if (resultState !== expectedState) {
+            throw new AuthError({
+              json: {
+                error: 'a0.state.invalid',
+                error_description: `Invalid state received in redirect url`,
+              },
+              status: 0,
+            });
+          }
 
-        return client
-          .exchange({code, verifier, redirectUri})
-          .then(credentials => {
-            return verifyToken(credentials.idToken, {
-              domain,
-              clientId,
-              nonce: parameters.nonce,
-              maxAge: parameters.max_age,
-              scope: parameters.scope,
-              leeway: options.leeway,
-            }).then(() => Promise.resolve(credentials));
-          });
-      });
+          return client
+            .exchange({code, verifier, redirectUri})
+            .then(credentials => {
+              return verifyToken(credentials.idToken, {
+                domain,
+                clientId,
+                nonce: parameters.nonce,
+                maxAge: parameters.max_age,
+                scope: parameters.scope,
+                leeway: options.leeway,
+              }).then(() => Promise.resolve(credentials));
+            });
+        });
     });
   }
 
@@ -302,7 +305,7 @@ 
src/webauth/index.js

    *
    *  In iOS it will use `SFSafariViewController` and in Android Chrome Custom Tabs.
    *
-   * @param {Object} parameters parameters to send
+   * @param {Object} parameters Parameters to send
    * @param {Bool} [parameters.federated] Optionally remove the IdP session.
    * @returns {Promise}
    * @see https://auth0.com/docs/logout
@@ -315,7 +318,7 @@ 
src/webauth/index.js

     options.returnTo = callbackUri(domain);
     options.federated = options.federated || false;
     const logoutUrl = client.logoutUrl(options);
-    return agent.show(logoutUrl, true);
+    return agent.show(logoutUrl, false, true);
   }
 }
 

@@ -326,8 +329,8 @@ 
src/webauth/index.js

     

 
     

-      Generated by JSDoc 3.6.3 on
-      Wed Apr 29 2020 17:09:01 GMT-0300 (Argentina Standard Time) using the
+      Generated by JSDoc 3.6.4 on
+      Fri Jun 05 2020 13:51:53 GMT-0300 (Argentina Standard Time) using the
       Minami theme.
     

 
diff --git a/package.json b/package.json
index 1ee91bf6..f1388dcd 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "name": "react-native-auth0",
   "title": "React Native Auth0",
-  "version": "2.3.1",
+  "version": "2.4.0",
   "description": "React Native toolkit for Auth0 API",
   "main": "index.js",
   "scripts": {
diff --git a/src/networking/telemetry.js b/src/networking/telemetry.js
index 486f6cf9..e7d91723 100644
--- a/src/networking/telemetry.js
+++ b/src/networking/telemetry.js
@@ -1 +1 @@
-module.exports = {name: 'react-native-auth0', version: '2.3.1'};
+module.exports = {name: 'react-native-auth0', version: '2.4.0'};