CHANGELOG.md

Change Log

v3.1.0 (2023-12-05)

Full Changelog

Added

• Provide option to pass custom redirect url #813 (poovamraj)
• Support SFSafariViewController #800 (poovamraj)
• Support additional parameters for forceRefresh in iOS #801 (poovamraj)

Fixed

• Handle incomplete promise in web authentication #798 (poovamraj)
• Fix metadata type in CreateUserOptions #789 (poovamraj)

v3.0.2 (2023-10-06)

Full Changelog

Fixed

• [ESD-30932] Improve error handling #720 (poovamraj)

Security

• Update Auth0.Android to resolve CVE-2023-3635 #750 (poovamraj)

v3.0.1 (2023-08-16)

Full Changelog

Fixed

• Make authorize and clearSession parameters optional #701 (poovamraj)

Security

• chore(deps): bump semver from 5.7.1 to 5.7.2 in /example #692 (dependabot[bot])
• chore(deps): bump fast-xml-parser from 4.2.4 to 4.2.7 in /example #693 (dependabot[bot])

v3.0.0 (2023-08-10)

Full Changelog

💡 Check the Migration Guide to understand the changes required to migrate your application to v3.

Added

• Credentials are returned as part of authorize methods in hooks
• Support for organizations name in login
• Added sample app in the repository
• Expo plugin is updated to latest version
• Added 'openid profile email' as mandatory scopes
• Option to forceRefresh is added in getCredentials
• Added hasValidCredentials to hooks
• More options to authorize using Hooks
  • authorizeWithSMS
  • authorizeWithEmail
  • authorizeWithOOB
  • authorizeWithOTP
  • authorizeWithRecoveryCode

Changed

• Custom Scheme is now optional in Expo
• Migrated the codebase to Typescript
• Use Native SDKs (Auth0.Android and Auth0.Swift) for Web Authentication
• Credentials object in Android will return expiresIn instead of expiresAt
• max_age parameter is changed to maxAge in WebAuth.authorize()
• customScheme is now part of ClearSessionOptions instead of ClearSessionParameters in clearSession
• Minimum supported version for iOS is bumped to 13
• Revoke Token and Change Password now return void instead of an empty object

Removed

• Removed the type property returned in the Credentials object in Android. Use tokenType instead.
• skipLegacyListener has been removed in authorize and clearSession

Security

• chore(deps): bump word-wrap from 1.2.3 to 1.2.4 #682 (dependabot[bot])
• chore: Expand .semgrepignore exclusions to tests #679 (evansims)
• chore(deps-dev): bump semver from 6.3.0 to 7.5.2 #657 (dependabot[bot])

v3.0.0-beta.3 (2023-07-11)

Full Changelog

Added

• Export types as part of root #649 (poovamraj)

v3.0.0-beta.2 (2023-07-10)

Full Changelog

💡 Check the Migration Guide to understand the changes required to migrate your application to v3.

Added

• Credentials are returned as part of authorize methods in hooks
• Added sample app in the repository
• Expo plugin is updated to latest version
• Added 'openid profile email' as mandatory scopes
• Option to forceRefresh is added in getCredentials
• Added hasValidCredentials to hooks
• More options to authorize using Hooks
  • authorizeWithSMS
  • authorizeWithEmail
  • authorizeWithOOB
  • authorizeWithOTP
  • authorizeWithRecoveryCode

Changed

• Custom Scheme is now optional in Expo
• Migrated the codebase to Typescript
• Use Native SDKs (Auth0.Android and Auth0.Swift) for Web Authentication
• Credentials object in Android will return expiresIn instead of expiresAt
• max_age parameter is changed to maxAge in WebAuth.authorize()
• customScheme is now part of ClearSessionOptions instead of ClearSessionParameters in clearSession
• Minimum supported version for iOS is bumped to 13
• Revoke Token and Change Password now return void instead of an empty object

Removed

• Removed the type property returned in the Credentials object in Android. Use tokenType instead.
• skipLegacyListener has been removed in authorize and clearSession

v2.17.4 (2023-06-15)

Full Changelog

Fixed

• Fix Auth0.Swift transitive dependencies #649 (poovamraj)

v2.17.3 (2023-06-15)

Full Changelog

Fixed

• Fix Auth0 pod version to constant #647 (poovamraj)

v2.17.2 (2023-04-27)

Full Changelog

Added

• getCredentials hook now updates user state #584 (KMathisGit)

Fixed

• Added tokenType to credentials returned in Android #621 (poovamraj)
• [ESD-27178] Fix browser not found issue not being surfaced #611 (poovamraj)

v2.17.1 (2023-02-09)

Full Changelog

Fixed

• Run requireAuth on UI thread #591 (poovamraj)

v2.17.0 (2023-02-01)

Full Changelog

Added

• Allow additional options for authorize and support custom LAPolicy #526 (chrismcleod)
• Initialized flag on useAuth0 hook #561 (cranberyxl)

Fixed

• Fixing .hide() on iOS #570 (stigi)

Security

• chore: Bump yarn.lock dependencies #580 (evansims)
• chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 #567 (dependabot[bot])
• Security: Bump Dependencies #565 (evansims)

v2.16.0 (2022-11-16)

Full Changelog

Added

• Enable custom params for login methods #557 (poovamraj)
• Add support for static linking on iOS #555 (Widcket)

Fixed

• Return a unix timestamp for expiresIn #551 (cranberyxl)

v2.15.0 (2022-11-07)

Full Changelog

Added

• [SDK-3738] Option to clear session only in Credentials Manager #543 (poovamraj)

Fixed

• [SDK-3736] Fix: Options Parameter not being passed in Hooks authorize method #542 (poovamraj)

v2.14.1 (2022-10-19)

Full Changelog

Fixed

• Avoid config changes to handle authentication #534 (poovamraj)
• [SDK-3718] Allow passing extra parameters when logging in with passwordRealm #532 (ewanharris)
• Removed Activity from Android library to avoid prompt #533 (poovamraj)

v2.14.0 (2022-10-07)

📣 Major improvements now generally available

This release brings the much requested features to the React Native Auth0 SDK:

• Support for Expo #424 (sdacunha)
• Built-in Secure Credentials Manager #501 (poovamraj)
• Support for React Hooks #500 (stevehobbsdev)

Full Changelog

Added

• Add remaining fields for signing up a user #498 (travisobregon)

Changed

• Default scopes for authorize call (hooks only) #522 (stevehobbsdev)

v2.14.0-fa.0 (2022-09-09)

Full Changelog

Added

• Add Expo config plugin (SDK 41+) #424 (sdacunha)
• [SDK-3591] New Hook API supporting login and logout #500 (stevehobbsdev)
• [SDK-3537] Credential manager for React Native #501 (poovamraj)

Changed

• Update peer dependency for React #509 (poovamraj)

v2.13.3 (2022-07-06)

Full Changelog

Fixed

• Move Podspec to the root #490 (Widcket)

v2.13.2 (2022-06-28)

Full Changelog

Fixed

• [SDK-3458] Support RN version 69 #488 (poovamraj)

Security

• Bump simple-plist from 1.1.0 to 1.3.1 #478 (dependabot[bot])
• Bump async from 2.6.3 to 2.6.4 #472 (dependabot[bot])

v2.13.1 (2022-04-01)

Full Changelog

Changed

• [Snyk] Security upgrade crypto-js from 3.3.0 to 4.0.0 #457 (snyk-bot)

Fixed

• Fix iOS module import for Expo SDK 44 #455 (Bardiamist)
• Fix promise that never completes [SDK-3216]#464 (Widcket)

v2.13.0 (2022-01-27)

Full Changelog

Added

• #409 Implement timeout support to networking Client #423 (mnylen)

Fixed

• Fix android java doc task #450 (poovamraj)

v2.12.0 (2022-01-07)

Full Changelog

Added

• Feature: Implemented MFA APIs #442 (poovamraj)

Fixed

• Fix: Warning on RN65 while linking from agent.js #441 (poovamraj)

v2.11.0 (2021-11-30)

Full Changelog

Changed

• Add support for Gradle 7 [SDK-2964]#429 (Widcket)

v2.10.0 (2021-09-09)

Full Changelog

Added

• Add skipLegacyListener [SDK-2760]#404 (Widcket)

Changed

• Bump path-parse from 1.0.6 to 1.0.7 #397 (dependabot[bot])
• Disable whitelist on auth refreshToken call (#385) #395 (cpave3)

Security

• Bump react-native from 0.62.2 to 0.62.3 #393 (dependabot[bot])

v2.9.0 (2021-06-22)

Full Changelog

Breaking changes

• Fixed authentication restart when the app is minimized [SDK-2199]#350 (Widcket)

v2.8.3 (2021-05-05)

Full Changelog

Changed

• Add React 17 to the package.json semver range #373 (Widcket)

v2.8.2 (2021-04-29)

Full Changelog

Fixed

• Fix for Xcode 12.5 [SDK-2545]#369 (Widcket)

v2.8.1 (2021-04-19)

Full Changelog

Fixed

• Capture and surface error when browser app is not available [SDK-2224]#363 (lbalmaceda)

v2.8.0 (2021-03-26)

Full Changelog

Added

• Add support for Organizations [SDK-2398]#361 (lbalmaceda)

v2.7.0 (2021-01-05)

Full Changelog

Added

• Added support for using a custom scheme in the callback URL [SDK-2223]#351 (Widcket)

v2.6.0 (2020-08-11)

Full Changelog

Added

• Add compileOptions for JDK 8 #323 (immackay)

Fixed

• Fix the www-authenticate header parsing logic #329 (lbalmaceda)

Security

• Bump lodash from 4.17.15 to 4.17.19 #320 (dependabot[bot])

v2.5.0 (2020-06-09)

This release requires at minimum React Native SDK version 0.62.2. If you need to run it on a different version, check the Compatibility Matrix on the README for reference.

Full Changelog

Added

• Warn when bundle identifier contains uppercase characters #316 (lbalmaceda)

Security

• Breaking: Require ReactNative version 0.62.2 #315 (lbalmaceda)

v2.4.0 (2020-06-05)

Full Changelog

Added

• Added support for ephemeral sessions [SDK-1412]#305 (Widcket)

Security

• Bump dependencies in the lock file #313 (lbalmaceda)

v2.3.1 (2020-04-29)

Full Changelog

Fixed

• Fixed tag in Podspec #300 (Widcket)
• handle invalid token error #285 (emiliokyp)

Security

• [Snyk] Security upgrade crypto-js from 3.1.9-1 to 3.3.0 #299 (crew-security)
• Bump acorn from 5.7.3 to 5.7.4 #287 (dependabot[bot])

v2.3.0 (2020-02-10)

Full Changelog

Added

• Added token exchange for native social endpoint [SDK-1307]#273 (Widcket)

v2.2.0 (2020-01-30)

Full Changelog

Added

• Add passwordless endpoints #270 (lbalmaceda)
• Handle missing kid (key id) on the JWKS #269 (lbalmaceda)

Changed

• Refactor RSA verification: Replace jsrsasign with crypto-js #268 (lbalmaceda)

v2.1.1 (2020-01-10)

Full Changelog

Removed

• Remove issued_at claim value check #266 (lbalmaceda)

Fixed

• Fix gradle javaCompile warning #265 (lbalmaceda)

Security

• Bump handlebars from 4.2.0 to 4.5.3 #262 (dependabot[bot])

v2.1.0 (2019-10-23)

Full Changelog

Security

• Improved OIDC compliance #243 (jimmyjames)

v2.0.0 (2019-10-08)

This is a major release that supports CocoaPods and Android X.

It requires at minimum React Native SDK version 0.60.5. If you need to run it on a different version, check the Compatibility Matrix on the README for reference.

Migration notes:

• Install the SDK with yarn add react-native-auth0 or npm npm install react-native-auth0 --save.
• Install the Pod for the iOS native module. Change into the ios directory of your application and run pod install.

Every iOS application after React Native SDK version 0.60.0 has a podfile file. If yours doesn't, please check the documentation on how to generate a valid one.

Full Changelog

v1.6.0 (2019-09-23)

Full Changelog

Added

• Support for iOS 13 Web Authentication #234 (cocojoe)

v1.5.0 (2019-07-15)

Full Changelog

Changed

• Enable WebAuth Logout for Android & Fix iOS Logout. #223 (lbalmaceda)

Fixed

• Fix error handling by using authentication error class #228 (lbalmaceda)

v1.4.2 (2019-04-24)

Full Changelog

Changed

• Update telemetry format #213 (lbalmaceda)

v1.4.1 (2019-04-18)

Full Changelog

Fixed

• Podspec restore react dependency #214 (cocojoe)

v1.4.0 (2019-02-07)

Full Changelog

Changed

• Remove obsolete React dependency from podspec. #192 (rnevius)
• Added iOS SF/ASWeb AuthenticationSession support #187 (cocojoe)
• Allow authorize options to override default values #177 (kenzic)

v1.3.1 (2018-10-01)

Full Changelog

Changed

• Update Minimum iOS Deployment Target, inline with React Libs #176 (coosamatt)

v1.3.0 (2018-07-17)

Full Changelog

Added

• android: allow root project to specify dependency versions #149 (mlc)

Fixed

• Add requiresMainQueueSetup to fix warning in RN 0.49+ #165 (frankrowe)
• Fixed broken podspec for Cocoapods installations #136 (danieljvdm)

v1.2.2 (2018-01-31)

Full Changelog

Fixed

• Fix android web authentication #126 (lbalmaceda)

v1.2.1 (2017-10-11)

Full Changelog

Fixed

• Fixed race condition in callback when using React Native Navigation #100 (cocojoe)

v1.2.0 (2017-09-11)

Full Changelog Closed issues

• Browser tabs not closed upon webauth success/failure #87
• WebAuth never opens safari on iOS #84

Added

• Close Browser app tab after finishing Auth #90 (cocojoe)

Fixed

• Fix Present SFSafariViewController from Top ViewController #89 (cocojoe)

v1.1.1 (2017-08-18)

Full Changelog

Fixed

• Call resolve on logout load #80 (hzalaz)

v1.1.0 (2017-08-18)

Full Changelog Closed issues

• Could not invoke A0Auth.showUrl #67

Added

• Added clearSession iOS Safari Method #65 (cocojoe)

Fixed

• Change customtabs version to the same as default build tools #78 (lukecwilliams)

v1.0.4 (2017-08-13)

Full Changelog

Changed

• Remove override annotation on createJSModules method #70 (lukecwilliams)

v1.0.3 (2017-06-26)

Full Changelog

Fixed

• Add missing import to the WebAuth controller file #50 (lbalmaceda)

v1.0.2 (2017-06-16)

Full Changelog

Fixed

• Fix options not found error #43 (sebirdman)

v1.0.1 (2017-06-15)

Full Changelog

Fixed

• Bundle identifier must be made lowercase #38 (trondwernerhansen)

v1.0.0 (2017-06-14)

Full Changelog

Installation

Install react-native-auth0 using npm

npm install react-native-auth0 --save

Or via yarn

yarn add --dev react-native-auth0

then you need to link the native module in react-native-auth0

react-native link react-native-auth0

Configuration

This section is for those that want to use WebAuth, if you dont need it just ignore this section.

Android

In the file android/src/app/AndroidManifest.xml you must make sure the main activity of the app has launch mode value of singleTask and that it has the following intent filter

<intent-filter>
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
    <data
        android:host="YOUR_AUTH0_DOMAIN"
        android:pathPrefix="/android/${applicationId}/callback"
        android:scheme="${applicationId}" />
</intent-filter>

So if you have samples.auth0.com as your Auth0 domain you would have the following activity configuration:

<activity
android:name=".MainActivity"
android:label="@string/app_name"
android:launchMode="singleTask"
android:configChanges="keyboard|keyboardHidden|orientation|screenSize"
android:windowSoftInputMode="adjustResize">
<intent-filter>
    <action android:name="android.intent.action.MAIN" />
    <category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
<intent-filter>
    <action android:name="android.intent.action.VIEW" />
    <category android:name="android.intent.category.DEFAULT" />
    <category android:name="android.intent.category.BROWSABLE" />
    <data
        android:host="samples.auth0.com"
        android:pathPrefix="/android/${applicationId}/callback"
        android:scheme="${applicationId}" />
</intent-filter>
</activity>

For more info please read react native docs

iOS

Inside the ios folder find the file AppDelegate.[swift|m] add the following to it

#import <React/RCTLinkingManager.h>

- (BOOL)application:(UIApplication *)application openURL:(NSURL *)url
  sourceApplication:(NSString *)sourceApplication annotation:(id)annotation
{
  return [RCTLinkingManager application:application openURL:url
                      sourceApplication:sourceApplication annotation:annotation];
}

Then in your Info.plist file, find the value of the entry of CFBundleIdentifier, e.g.

<key>CFBundleIdentifier</key>
<string>org.reactjs.native.example.$(PRODUCT_NAME:rfc1034identifier)</string>

and then register a URL type entry using the value of CFBundleIdentifier as the value of CFBundleURLSchemes

<key>CFBundleURLTypes</key>
<array>
    <dict>
        <key>CFBundleTypeRole</key>
        <string>None</string>
        <key>CFBundleURLName</key>
        <string>auth0</string>
        <key>CFBundleURLSchemes</key>
        <array>
            <string>org.reactjs.native.example.$(PRODUCT_NAME:rfc1034identifier)</string>
        </array>
    </dict>
</array>

The value org.reactjs.native.example.$(PRODUCT_NAME:rfc1034identifier) is the default for apps created with RN cli, you will probably have a different value.

For more info please read react native docs

Usage

import Auth0 from 'react-native-auth0';

const auth0 = new Auth0({
  domain: '{YOUR_AUTH0_DOMAIN}',
  clientId: '{YOUR_CLIENT_ID}',
});

WebAuth

auth0.webAuth
  .authorize({ scope: 'openid email' })
  .then((credentials) => console.log(credentials))
  .catch((error) => console.log(error));