v13.0.0 (2024-11-11)
Added
Fixed
Security
- ci: changed the trigger from pull_request_target to pull_request for better security #2584 (nandan-bhat)
- Update codeowner file with new GitHub team name #2572 (stevenwong-okta)
v12.5.1 (2024-05-30)
v12.5.0 (2024-04-30)
- Support captchas in reset password flow #2547 (srijonsaha)
v12.4.0 (2024-01-04)
Added
- [IAMRISK-2916] Added support for Auth0 v2 captcha provider #2503 (alexkoumarianos-okta)
Changed
- [IAMRISK-3010] Added support for auth0_v2 captcha failOpen #2507 (alexkoumarianos-okta)
v12.3.1 (2023-11-13)
Security
- Bump auth0-js to solve crypto-js vulnerability #2492 (frederikprijck)
v12.3.0 (2023-10-06)
Added
- [IAMRISK-2603] Add support for Arkose #2455 (srijonsaha)
v12.2.0 (2023-09-15)
Added
- Wrap CheckBoxInput in InputWrapper to provide visual feedback #2423 (ewanharris)
v12.1.0 (2023-07-17)
Added
- Added support for hCaptcha and Friendly Captcha #2387 (DominickBattistini)
Changed
v12.0.2 (2023-02-10)
Changed
- Slight tweaks to Captcha input component handler methods + refresh button mask #2272 (stevehobbsdev)
Fixed
- Fix for when component is undefined on unmount #2271 (codetheweb)
v12.0.1 (2023-02-01)
Changed
- FDR-487 - feat: update microsoft button #2259 (jamescgarrett)
v12.0.0 (2023-01-20)
Lock is now built using React 18, which resolves a number of security vulnerabilities and improves performance. If you encounter any issues relating to this upgrade, please submit a bug report.
Despite the major version bump, v12 is completely API-compatible with v11.
Changed
- Upgrade to React 18 #2209 (stevehobbsdev)
- Upgrade to Webpack 5 #2213 (stevehobbsdev)
- Various dependency bumps see the full changelog
v11.35.0 (2022-12-19)
Added
- Support captcha for Passwordless #2222 (robinbijlani)
Changed
- Bump dependencies to latest patch and fix typos #2210 (piwysocki)
- Add CodeQL workflow for GitHub code scanning #2197 (lgtm-com[bot])
- Use lts-browsers docker image for Circle build #2204 (piwysocki)
- homepage added to package.json #2208 (piwysocki)
- Remove FAQ reference from README #2203 (frederikprijck)
- Update okta logo #2201 (jamescgarrett)
- Update readme to match new design #2187 (ewanharris)
v12.0.0-beta.0 (2022-12-08)
Changed
- Upgrade to React 18 #2209 (stevehobbsdev)
- Upgrade to Webpack 5, Jest 29, Babel 8 #2213 (stevehobbsdev)
- bump dependencies to latest patch and fix typos #2210 (piwysocki)
v11.34.2 (2022-10-10)
Fixed
- [SDK-3657] Render sign up confirmation before sign in #2180 (ewanharris)
v11.34.1 (2022-09-29)
Fixed
- [ESD-22705] Don't pass function to ConfirmationPane unless closable is enabled #2176 (ewanharris)
Security
- [ESD-22866] Disable spellcheck and autocorrect on all sensitive input fields #2178 (ewanharris)
v11.34.0 (2022-09-14)
Added
- FDR-297: Adding okta for enterprise #2172 (jamescgarrett)
v11.33.3 (2022-08-16)
Added
- IAMRISK-1725 Add password_leaked error label for Signup #2160 (robinbijlani)
v11.33.2 (2022-06-29)
Changed
- Bump qs from 6.10.5 to 6.11.0 #2147 (dependabot[bot])
- Bump shell-quote from 1.7.2 to 1.7.3 #2145 (dependabot[bot])
- Bump prettier from 2.7.0 to 2.7.1 #2144 (dependabot[bot])
v11.33.1 (2022-06-14)
Fixed
- Move captcha pane below additional signup fields in UI #2135 (stevehobbsdev)
Security
v11.33.0 (2022-05-05)
Important
This release contains a change to how custom signup fields are processed. From this release, all HTML tags are stripped from user input into any custom signup field before being sent to Auth0 to register the user. This is a security measure to help mitigate from potential XSS attacks in signup verification emails.
If you would be affected by this change and require HTML to be specified in a custom signup field, please leave us some feedback in our issue tracker.
Changed
- ui box - div replaced by main #2114 (piwysocki)
- More complete support for custom passwordless connections #2105 (peter-isgfunds)
Fixed
- fix: initialize reset password inside componentDidMount #2111 (stevehobbsdev)
Security
v11.32.2 (2022-02-08)
Changed
- align german loginWithLabel translation with Apple Guidelines #2097 (Steffen911)
Fixed
- [SDK-3087] Captcha for single enterprise AD connections #2096 (stevehobbsdev)
Security
- [Snyk] Upgrade qs from 6.10.2 to 6.10.3 #2095 (snyk-bot)
- Bump cached-path-relative from 1.0.2 to 1.1.0 #2091 (dependabot[bot])
v11.32.1 (2022-01-27)
Changed
- Update auth0-js and support legacySameSiteCookie option #2089 (stevehobbsdev)
Security
- Bump log4js from 6.3.0 to 6.4.0 #2087 (dependabot[bot])
- Security upgrade node-fetch to 2.6.7 #2085 (evansims)
- [Snyk] Upgrade prop-types from 15.7.2 to 15.8.0 #2083 (snyk-bot)
- Bump engine.io from 4.1.1 to 4.1.2 #2082 (dependabot[bot])
- Bump follow-redirects from 1.14.4 to 1.14.7 #2081 (dependabot[bot])
v11.32.0 (2022-01-07)
Fixed
- [SDK-2970] Remove captcha for enterprise SSO connections #2071 (stevehobbsdev)
- Add ID attributes to password field + submit button #2072 (stevehobbsdev)
v11.31.1 (2021-11-02)
Fixed
- Guard references to window on module load #2057 (stevehobbsdev)
- Ensure Captcha is completed before authenticating with enterprise SSO connection #2060 (stevehobbsdev)
v11.31.0 (2021-10-15)
Added
- [SDK-2295] Add forceAutoHeight property to UI config #2050 (stevehobbsdev)
Fixed
- [SDK-2823] Fix password reset when using custom connection resolver #2048 (stevehobbsdev)
v11.30.6 (2021-09-27)
This release intends to fix the build for Bower users, whilst upgrading some development-time dependencies and build configuration.
Please see the diff for the full set of changes.
v11.30.5 (2021-09-13)
Changed
[SDK-2708] Use domain value for client assets download instead of cdn.*.auth0.com #2029 (stevehobbsdev)
Fixed
Inline util.format and replace usage of global for window #2030 (stevehobbsdev)
v11.30.4 (2021-07-12)
Fixed
v11.30.3 (2021-06-25)
Fixed
- Fix country dialing code dropdown #2009 (adamjmcgrath)
v11.30.2 (2021-06-11)
Changed
- [ESD-13941] Implement a DOMPurify hook to enable target attributes on links #2006 (stevehobbsdev)
v11.30.1 (2021-06-04)
Changed
- Update fa.js #2000 (alirezagit)
Fixed
- [SDK-2588] Avoid multiple simultaneous HTTP calls #1998 (frederikprijck)
Security
- Update auth0-js + node-fetch #1996 (stevehobbsdev)
- [SEC-687, SEC-700] For more information on this security release, please see the release on GitHub.
v11.30.0 (2021-04-26)
Added
- Recaptcha Enterprise support #1986 (akmjenkins)
Fixed
- [ESD-12716]fix recaptcha on mobile when lang is not English #1988 (jfromaniello)
v11.29.1 (2021-04-14)
Fixed
- fix ESD-12716: move CSS display override to render function to fix recaptcha on sign-up #1983 (jfromaniello)
v11.29.0 (2021-04-06)
Added
- [SDK-2412] Add event for SSO data fetch #1977 (stevehobbsdev)
- [SDK-2306] Add login and signup hooks #1976 (stevehobbsdev)
Fixed
- [ESD-12716] fix issue with recaptcha in mobile #1978 (jfromaniello)
- Fixes typo "assests" to "assets" #1975 (morkro)
- Remove line breaks from passwordless vcode entry instructions #1974 (stevehobbsdev)
- Remove padding from screen tabs #1971 (stevehobbsdev)
v11.28.1 (2021-03-01)
Fixed
- Disable form submit manually for passwordless Safari #1968 (adamjmcgrath)
Security
v11.28.0 (2021-01-06)
Added
- An option to hide username in signup view #1954 (saltukalakus)
Changed
- Wording and spelling fixes to Bulgarian language file #1953 (maximnaidenov)
v11.27.2 (2020-12-16)
Changed
Fixed
- [ESD-10361] Fix password strength popup overflow issue #1949 (stevehobbsdev)
- [ESD-10373] Fix rendering of Lock inside popup on first open #1948 (stevehobbsdev)
v11.27.1 (2020-10-26)
Fixed
- Remove top padding from wrapper element #1939 (stevehobbsdev)
- Remove javascript:void(0) from links that do not navigate #1938 (stevehobbsdev)
- Respect showTerms option for passwordless #1931 (saltukalakus)
v11.27.0 (2020-09-18)
Changed
- Better flash error messages on incorrect, empty fields. #1923 (saltukalakus)
- [SDK-1946] Update Basecamp logo #1922 (stevehobbsdev)
Fixed
- [SDK-1911] Always use UsernamePane when using custom resolver #1918 (stevehobbsdev)
Security
- Dependencies #1924 (stevehobbsdev)
- Add license scan report and status #1920 (fossabot)
v11.26.3 (2020-08-14)
Security
- [SEC-512] Replace usage of i18n.html with i18n.str in Passwordless verification code UI (stevehobbsdev)
v11.26.2 (2020-08-12)
Fixed
- Fallback to default language dictionary when the language file cannot be loaded #1912 (davidpatrick)
- [SDK-1813] Send connection scope config to enterprise connections #1910 (stevehobbsdev)
Security
- [Security] Bump elliptic from 6.4.1 to 6.5.3 #1909 (dependabot-preview[bot])
v11.26.1 (2020-07-23)
Fixed
- fix issue #1906 - remove extension from import #1907 (jfromaniello)
v11.26.0 (2020-07-23)
Added
- [CAUTH-423] Add captcha in the sign-up flow #1902 (jfromaniello)
Changed
- [CAUTH-511] improve error handling on missing captcha #1900 (jfromaniello)
Fixed
- [SDK-1284] Fix for "growing" tabs when repeatedly clicked #1904 (stevehobbsdev)
v11.25.1 (2020-07-14)
Fixed
- [SDK-1809] Connection display name is used even when no IdP domains are available #1898 (stevehobbsdev)
v11.25.0 (2020-07-09)
Added
- [SDK-1710] Allow Lock to use connection display name field from client configuration file #1896 (stevehobbsdev)
v11.24.5 (2020-07-03)
Fixed
- [SDK-1738] Remove subtle transition on header element #1892 (stevehobbsdev)
v11.24.4 (2020-07-02)
Changed
- [SDK-1756] Add HTML5 novalidate attribute to Lock form to remove native browser validation #1890 (stevehobbsdev)
- Bump auth0-js to 9.13.3 #1889 (stevehobbsdev)
v11.24.3 (2020-06-19)
Fixed
- Allows i18n en lang override #1885 (davidpatrick)
- Show the "Can't be blank" message under the password input #1882 (adamjmcgrath)
Security
- [Security] Bump websocket-extensions from 0.1.3 to 0.1.4 #1880 (dependabot-preview[bot])
v11.24.2 (2020-06-05)
Fixed
- [SDK-1556] Apply window height style to root document for Passwordless UI #1878 (stevehobbsdev)
- Add !hostedLoginPage condition to redirect check #1876 (stevehobbsdev)
- Header height not updated when Lock dialog is closed and reopened #1874 (adamjmcgrath)
- z-index needs to be less than the close button to avoid hiding it #1872 (adamjmcgrath)
v11.24.1 (2020-05-18)
Fixed
- [ESD-6221] Remove CSS variable from header height calculation #1867 (stevehobbsdev)
v11.24.0 (2020-05-11)
Added
Fixed
- Fix header height calculation for large titles #1859 (stevehobbsdev)
- Typo fix in username.js #1857 (thduttonuk)
- Fix send sms error event #1856 (blankg)
v11.23.1 (2020-04-20)
Fixed
- [ESD-5299] Bug with the special characters password hint #1847 (adamjmcgrath)
- [ESD-5397] Fix header z-index #1846 (stevehobbsdev)
Security
- Upgraded dependencies from security advisories #1848 (stevehobbsdev)
- Bump auth0-js from 9.13.1 to 9.13.2 #1844 (dependabot-preview[bot])
v11.23.0 (2020-04-02)
Added
Fixed
- [SDK-1413] Re-added scrollbars and fixed password strength popup clip issue #1839 (stevehobbsdev)
- Add 'social_signup_needs_terms_acception' Japanese translation #1835 (mag-chang)
Dependencies
- Bumped auth0-js to 9.13.1 #1842 (stevehobbsdev)
v11.22.5 (2020-03-25)
Added
v11.22.4 (2020-03-06)
Fixed
- [CAUTH-373] do not autologin the user if captcha is required #1818 (jfromaniello)
v11.22.3 (2020-03-04)
Fixed
- [SDK-1389] Applied appearance styles for Bootstrap in Safari #1815 (stevehobbsdev)
v11.22.2 (2020-02-20)
Changed
- Change Sign in with Apple button background to full black #1811 (stevehobbsdev)
Fixed
- Update cs.js - plural adjustments #1810 (stevehobbsdev)
v11.22.1 (2020-02-18)
Fixed
- [SDK-1361] Fix missing padding on social buttons #1808 (stevehobbsdev)
v11.22.0 (2020-02-17)
Changed
- [SDK-1373] Added style rules to handle overflow and scroll #1803 (stevehobbsdev)
- [SDK-1361] Adjust styling for social buttons and Apple compliance #1801 (stevehobbsdev)
- Return results with signup success callback #1799 (bstaley)
Fixed
- [SDK-1374] Email input now uses type="email" #1802 (stevehobbsdev)
v11.21.1 (2020-02-03)
Fixed
- [SDK-1300] Added missing translation keys for 6 EU languages #1791 (stevehobbsdev)
v11.21.0 (2020-01-30)
Security
- Make placeholder text-only, add new placeholderHTML for additionalSignUpFields #1788 (davidpatrick)
v11.20.4 (2020-01-29)
Fixed
- Fix for login button being cut off on some mobile devices #1785 (stevehobbsdev)
- Emit authorization_error event on passwordless error #1784 (stevehobbsdev)
v11.20.3 (2020-01-15)
Changed
- Bumped Auth0.js to 9.12.2 #1780 (stevehobbsdev)
- Prevent loading overlay from showing when using Sign In With Apple #1779 (stevehobbsdev)
Fixed
- Fix translation pt-PT #1776 (mario-moura-silva)
v11.20.2 (2020-01-06)
Fixed
- [CAUTH-277] prevent posting when captcha is required and empty #1774 (jfromaniello)
v11.20.1 (2019-12-20)
Fixed
- Set the default token validation leeway to 60 sec #1770 (stevehobbsdev)
v11.20.0 (2019-12-16)
Added
- add captcha support #1765 (jfromaniello)
Security
- [SDK-980] Bumped auth0.js to 9.12.0 #1767 (stevehobbsdev)
v11.19.0 (2019-12-04)
Added
Fixed
- [SDK-1191] Lock social buttons now render as links instead of buttons #1760 (stevehobbsdev)
- [SDK-1141] Altered readme samples to remove ref to localstorage #1759 (stevehobbsdev)
- Applied overflow style only on mobile views #1758 (stevehobbsdev)
- Bugfix for WebExtension #1750 (STK913)
v11.18.1 (2019-10-28)
Added
- added hungarian transalation for social_signup_needs_terms_acception #1744 (smatyas)
- Add a Lock event 'sso login' #1742 (countergram)
- fix: Add missing property for finnish translation #1740 (petetnt)
Fixed
- Reset .auth0-lock-form display to 'initial' for iPhone #1745 (stevehobbsdev)
v11.18.0 (2019-10-10)
Changed
- Relaxing the email validation #1735 (luisrudge)
- Fix social button interactions when terms have not been accepted #1733 (luisrudge)
Fixed
v11.17.3 (2019-10-03)
Fixed
- Fix Title cropping and password instructions tooltip #1728 (thisis-Shitanshu)
- Fix pt language issue #1726 (jogee)
v11.17.2 (2019-08-08)
v11.17.1 (2019-07-23)
Fixed
- Use cdn-uploader from NPM.
v11.17.0 (2019-07-15)
Added
- Add validation to new root profile attributes #1657 (luisrudge)
- Add support for signup with root level attributes #1656 (luisrudge)
v11.16.3 (2019-06-11)
Added
Fixed
v11.16.2 (2019-06-03)
Fixed
- Fixed telemetry
v11.16.1 (2019-06-03)
Added
- Add error message for too_many_requests #1655 (luisrudge)
- Add translation for Bulgarian (bg). #1652 (alex-mo)
Fixed
- Prevent form submit when password is empty #1654 (luisrudge)
- Fix destroying lock instance #1653 (luisrudge)
v11.16.0 (2019-05-06)
Changed
From this release on, the option to display social connections in small styled buttons is no longer available due to branding compliance reasons. All the social connections will now be displayed as large styled buttons.
Fixed
v11.15.0 (2019-04-16)
Changed
- Changes german translation of 'sign up' from 'Anmelden' to 'Registrieren; #1627 (PapaMufflon)
- Update telemetry format and rules #1624 (luisrudge)
Fixed
- Fix layout when using big string for terms #1631 (luisrudge)
- Use new facebook icon #1630 (luisrudge)
- Added
login_requiredto unhandled authorization errors #1629 (benhamiltonpro) - Fix error message overflow #1628 (luisrudge)
v11.14.1 (2019-03-18)
Fixed
- Fix/avatar crop header mobile #1621 (luisrudge)
- Improve greek translation #1614 (esarafianou)
- Upgrade Auth0.js to 9.10.1
v11.14.0 (2019-01-30)
Changed
v11.13.2 (2019-01-28)
Fixed
v11.13.1 (2019-01-23)
Fixed
v11.13.0 (2019-01-15)
Added
Changed
Fixed
v11.12.1 (2018-11-23)
Fixed
v11.12.0 (2018-11-19)
Added
Changed
Fixed
- Fix padding in all screens #1547 (luisrudge)
- Fix IE10 script error #1542 (luisrudge)
- Fix mobile styles using different heights #1539 (luisrudge)
v11.11.0 (2018-10-23)
Added
- Add prefill support to Auth0LockPasswordless #1505 (luisrudge)
- Add
ariaLabeloption for custom fields #1492 (Splact)
Fixed
- Fix google button styles according to google's guidelines #1512 (luisrudge)
- [Sustainment] Fixed Reset Password Avatar/Enterprise Issue #1504 (cocojoe)
- Remove aria-describedby on missing ref #1497 (Splact)
v11.10.0 (2018-09-27)
Changed
- Upgrade Auth0.js to use cookies instead of localStorage by default: Read more
v11.9.1 (2018-09-10)
Fixed
v11.9.0 (2018-08-28)
Added
- Support new minimum password length parameter #1472 (luisrudge)
- Improve accessibility #1471 (andrew-me)
- Add a new type of additionalSignUpField: hidden #1459 (luisrudge)
Fixed
v11.8.1 (2018-07-30)
Fixed
- Fix/sign up title inconsistenty #1457 (luisrudge)
- Fix wrong autoComplete value in password_input #1456 (luisrudge)
- Fix crash when showing lock for the second time with custom select input #1448 (luisrudge)
- Moving the PasswordStrength component to below the password input #1444 (luisrudge)
v11.8.0 (2018-07-24)
Added
Changed
Fixed
- Fix Configuration URL when using __tenantInfo and a baseConfigurationURL #1425 (lbalmaceda)
- Fix SSO screen not showing in some cases #1415 (luisrudge)
- In SSO mode, hide the password input instead of removing it from the DOM #1407 (luisrudge)
v11.7.2 (2018-06-07)
Added
Fixed
- SSO: Fallback to email if the username field is empty #1400 (sandrinodimattia)
- Fixed some typos and corrected some mistakes in the Norwegian Bokmaal #1399 (cjrorvik)
v11.7.1 (2018-06-01)
Fixed
v11.7.0 (2018-05-28)
Fixed
- Display error for all enterprise connections in the reset password screen #1384 (luisrudge)
- Hide password strength message when the password is valid #1382 (luisrudge)
- Fixed Turkish translation #1379 (saltukalakus)
- Fix IE default redirect url #1373 (luisrudge)
v11.6.1 (2018-05-02)
Fixed
v11.6.0 (2018-04-24)
Added
- Add signup error to valid events #1329 (yveswehrli)
Changed
- Upgrade auth0-js to 9.5.0. See auth0-js' changelog here. Fixed
- Show spinner when doing quick auth #1346 (luisrudge)
- Fix danish translation #1338 (luisrudge)
- Fix getSSOData not sending custom nonce/state #1333 (luisrudge)
v11.5.2 (2018-03-28)
Added
v11.5.1 (2018-03-22)
v11.5.0 (2018-03-22)
Changed
Fixed
- Fix inconsistent state assignment when parsing a hash #1309 (luisrudge)
- Fixed German translations #1307 (roschaefer)
- Fixing IE lack of support for
includes#1298 (luisrudge) - Fix Japanese translations #1295 (hiro1107)
v11.4.0 (2018-03-12)
Added
Changed
- Making HRD work in signup page and showing an error when HRD is detected in the forgot password page #1278 (luisrudge)
Fixed
- Fix inconsistent screen title #1288 (luisrudge)
- Always remove spaces from email and username #1280 (luisrudge)
v11.3.1 (2018-02-28)
Fixed
v11.3.0 (2018-02-22)
Fixed
- Fix Lock Passwordless feature parity (events and quick auth screen) #1267 (luisrudge)
- Removing legacy COA mapping + fixing access_denied mapping #1266 (luisrudge)
- Only call getSSOData when rememberLastLogin is true #1265 (luisrudge)
- Upgrade auth0-js to 9.3.0. See auth0-js' changelog here.
v11.2.3 (2018-02-08)
Fixed
v11.2.2 (2018-02-06)
Fixed
v11.2.1 (2018-02-02)
Fixed
v11.2.0 (2018-02-02)
Changed
- call /ssodata when inside the universal login page #1245 (luisrudge)
- Handling embedded and universal login in the same application #1243 (luisrudge)
v11.1.3 (2018-01-29)
Changed
- Update auth0.js auth0.js changelog
v11.1.2 (2018-01-26)
Changed
- Update auth0.js auth0.js changelog
v11.1.1 (2018-01-24)
Changed
- Update auth0.js auth0.js changelog
v11.1.0 (2018-01-16)
Changed
v11.0.0 (2017-12-21)
Lock v11 is designed for embedded login scenarios and is not supported in centralized login scenarios (i.e. Hosted Login Pages). You need to keep using Lock v10 in the Hosted Login Page.
We wrote a Migration Guide to make upgrading your app easy.
Breaking change
lock.getProfile now expects an access_token as the first parameter. You'll need to update your code to change the parameter sent (v10 expected an id_token).
Removed
The oidcConformant flag was used to force Lock v10 to not call legacy endpoints. Lock v11 never uses legacy endpoint so the flag is not needed anymore. If specified, it will be ignored.
Changed
Lock v11 default the scope parameter to openid profile email. This is to make the 'Last Logged in With' window work.
v10.23.1 (2017-10-12)
Fixed
v10.23.0 (2017-10-12)
Changed
- Pinning react version 15.6.2 #1142 (luisrudge)
- upgrade auth0.js #1137 (luisrudge)
- Upgrade react version #1135 (luisrudge)
Fixed
We're trying to figure it out how to help customers that want to upgrade to react@16. The ideal would be to move react and react-dom to peerDependencies, but this would be a breaking change for most of our customers, so we're thinking this through.
In the meantime, react@16 works just fine with this codebase. You'll just have to bundle both versions if you're not using yarn. If you are using yarn, however, you can use the resolutions field and pin react@16 to your repo.
{
"name": "test-test",
"version": "0.1.0",
"private": true,
"dependencies": {
"auth0-lock": "^10.23.0",
"react": "^16.0.0",
"react-dom": "^16.0.0",
"react-scripts": "^1.0.14"
},
"scripts": {
"start": "react-scripts start",
"build": "react-scripts build",
"test": "react-scripts test --env=jsdom",
"eject": "react-scripts eject"
},
"resolutions": {
"react": "16.0.0",
"react-dom": "16.0.0"
}
}
v10.22.0 (2017-09-26)
Added
Changed
v10.21.1 (2017-09-21)
Fixed
v10.21.0 (2017-09-21)
Added
- Add Estonian Translations #1099 (meikoudras)
Changed
- Changed the connectionResolver to run onSubmit instead of onBlur #1113 (luisrudge)
- Change translate for loginAtLabel #1110 (radu-carmina)
Fixed
- Use resolvedConnection where available #1111 (lukevmorris)
- Fix a few svg errors when used with global css rule #1103 (luisrudge)
- Links with # should use javascript:void(0) #1102 (luisrudge)
- Improve Danish translation #1097 (havgry)
- Fixed translations for Romanian and Slovenian #1092 (AdrianSima)
v10.20.0 (2017-08-11)
Added
Changed
Fixed
- Fix custom theme for custom connections #1083 (luisrudge)
- Fix spacing using custom signup fields #1076 (luisrudge)
- Fixed Slovak translations #1069 (stajo1)
v10.19.0 (2017-07-18)
Added
- Added
oidcConformantentry to the readme #1054 (luisrudge) - Added a custom connection resolver option #1052 (luisrudge)
- Added Korean translation #1051 (couldseeme)
Fixed
v10.18.0 (2017-06-23)
Added
- Add analytics events #1036 (francocorreasosa)
- Lang Afrikaans South Africa #1035 (jdunhin)
- Adding "show password" option #1029 (luisrudge)
Changed
Removed
Fixed
- Fixing empty popup on signup #1048 (luisrudge)
- Adding a flag for cross-auth #1044 (luisrudge)
- Fix custom connection scopes #1038 (luisrudge)
v10.17.0 (2017-06-14)
Added
- Added allowAutoComplete ui option #1022 (luisrudge)
- When in OIDC mode, enterprise connections always go to IdP page #1019 (luisrudge)
- Added Cross Origin Auth support in OIDC mode #1013 (luisrudge)
- Emit authorization_error when username/password fails (invalid_user_password) #999 (luisrudge)
Changed
- Improved Danish translation #1033 (denkristoffer)
- Scroll to the error message by default #1023 (m-idler)
- Enabled HTML formatting for flashMessages #1017 (dariobanfi)
- package.json: ~ range allowed for auth0-js dep #1015 (lexaurin)
Fixed
- Removed extra scroll on mobile view #1031 (beneliflo)
- Fixing tooltip error in the email pane #1030 (luisrudge)
- Fix react-addons-css-transition-group issue #1001 (eoinmurray)
- Fixed overrides sent to auth0.js #997 (sandrinodimattia)
v10.16.0 (2017-05-08)
Added
Changed
- Update badge location for better performance and bundle max-age changes #995 (ramasilveyra)
Fixed
- Fix long header title and Error messages overflow #990 (beneliflo)
- Fix grammar mistake RU #988 (uladar)
v10.15.1 (2017-04-25)
Fixed
v10.15.0 (2017-04-24)
Added
Changed
- Upgrade auth0-js to v8.6.0 #980 (luisrudge)
- Adding prettier and a precommit script to format the code 🎉 💄 #977 (luisrudge)
- Upgrading usage of prop-types to new package #971 (luisrudge)
- Use replaceState for better browser history experience #967 (selaux)
- Renaming internal
signOutmethods withlogoutto keep it consistent #966 (luisrudge) - Improve error handling of sync with better errors #961 (luisrudge)
- Adding
keyto the error "An error occurred when fetching data" #956 (luisrudge)
Fixed
- Fixed typo in cs.js #979 (fersman)
- fixed propType misspell in header.jsx #973 (nickpisacane)
- Fixed scrolling on mobile in landscape mode #963 (luisrudge)
v10.14.0 (2017-03-27)
Closed issues
- prefill option is lost after reset password #933
Added
- Throw an error when audience is used without oidcConformant flag #947 (luisrudge)
- Added Finnish translation #936 (kettunen)
- Added Ukrainian translation #931 (grsmv)
Changed
- Upgrade auth0js to v8.5.0 #952 (luisrudge)
- Disable social buttons when terms were not accepted on sign up #949 (luisrudge)
- Better explanation about the sso option #948 (luisrudge)
- Changed password leak error message #934 (ntotten)
- Add support for success and error messages to be in HTML #928 (luisrudge)
Fixed
- Fixing Italian dictionary #950 (ilmistra)
- Don't clear email field after reset password #945 (luisrudge)
- Disable autoCorrect and spellCheck in the username input #927 (luisrudge)
v10.13.0 (2017-03-13)
Closed issues
- State with
=,&characters is incorrectly parsed from url fragment #913 - Add support for Evernote strategy #895
Fixed
- Updated auth0 js version #924 (hzalaz)
- Adds evernote social icon #923 (vctrfrnndz)
- Add japanese translation for "OR" #921 (vctrfrnndz)
- Fix some french translations. #918 (lucasmichot)
- Replace querystring implementation with qs module #916 (elger)
- Use error.name to find the correct error message for invalid passwords #904 (luisrudge)
v10.12.3 (2017-03-07)
Fixed
- Update node engine restriction #909 (hzalaz)
- Fixed Czech translation #902 (FilipPyrek)
v10.12.2 (2017-03-03)
Fixed
v10.12.1 (2017-03-03)
Fixed
v10.12.0 (2017-03-02)
Closed issues
- Bug in email field validation #884
- Input field tab issue in IE #870
- Bring back the integratedWindowsLogin option #852
- Unwanted parameters in /authorize call #851
- Back button not displaying properly in IE 11 #767
Added
- Added checkbox CustomInput for additionalSignUpFields #860 (dariobanfi)
- Add slovak translation #846 (Passto)
Changed
- Update password sheriff to reduce bundle size #879 (hzalaz)
- Adding focusable=false to all svgs #873 (luisrudge)
- Migrating to webpack2 #871 (luisrudge)
- Review catalan translations #869 (oscarfonts)
- Reducing time to unpin loading pane #853 (luisrudge)
- Throw an error if login, signUp and forgotPassword screens are not allowed #850 (luisrudge)
- Kerberos network checking no longer depends on rememberLastLogin #805 (patrickmcgraw)
Fixed
- Updated auth0.js to v8.3.0 #889 (hzalaz)
- Fix issue when submiting a form with no email #886 (selaux)
- Fixing allowSignup and allowForgot options when loading tenant info #877 (luisrudge)
- Don't disable mfa-code input #872 (nikolaseu)
- Fix a box-sizing issue that happened when bootstrap was being used with lock #868 (luisrudge)
- Cleaning params sent to auth0js #863 (luisrudge)
- Only set prefill values when application is initialized #855 (luisrudge)
v10.11.0 (2017-01-30)
Closed issues
- Input error state does not get reset when changing page #843
- Show error when the domain part of the email does not match any enterprise connection #661
Added
- inject cordova plugin and force popup/sso in cordova or electron #835 (glena)
- Japanese translation #834 (stevensacks)
- disable submit button when the email does not match with any connection #757 (glena)
Changed
- Clear invalid fields on screen change #844 (glena)
- Bump the babel-preset-2015 version #838 (iamkevingreen)
v10.10.2 (2017-01-23)
Fixed
- Fix casing of null in IE (bumping auth0.js version) #827 (glena)
- Fix ES translations #826 (perpifran)
- Translated term mfaLoginTitle into Dutch #820 (dctoon)
- For autologin, if login screen is not available, it should show the error in the signup one instead of breaking #817 (glena)
v10.10.1 (2017-01-19)
Changed
v10.10.0 (2017-01-17)
Closed issues
- Lock v10.9.2 fails on IE 10 Windows 7 #801
Added
- Add resumeAuth method and autoParseHash flag #790 (luisrudge)
- Hide first screen title option #745 (glena)
Changed
Fixed
- Fix: popup does not close when signup fails #810 (glena)
- removes scope openid warning in OIDC conformant mode. fix #780 #803 (luisrudge)
- Clearing fields when lock closes #802 (luisrudge)
- Fix redirect/popup login when shown in the hosted login page #799 (glena)
Breaking changes
In lock v10.9 we introduced an issue in auth0.js that changed the casing of the calls to retrieve the user profile (using /userinfo or /tokeninfo), everything was converted to camel case. We fixed that issue in this auth0.js pull request and is part of this release of Lock. If you kept an v10.8 or older no changes are needed, for those who updated to v10.9 you need to revert the changes made to handle the case changes.
v10.9.2 (2017-01-11)
Fixed
- Bring back support for get profile in default mode #794 (glena)
- Don't emit error when registering for event 'signin ready' #784 (theopak)
v10.9.1 (2017-01-10)
Fixed
- Fix to comply legacy behaviour #787 (glena)
- For legacy flow, the scope should default to openid #783 (glena)
v10.9.0 (2017-01-09)
Added
Changed
- Removed browserify as dependency and removed process usage #779 (glena)
- Auth0js v8 - configuration validation + default scope #775 (glena)
v10.8.1 (2017-01-03)
Closed issues
- username/password login doesn't work with custom domains on the appliance #772
Fixed
v10.8.0 (2017-01-02)
Closed issues
- Request to add user-facing error message. #751
- Please throw an error for invalid events #748
- Old errors shown when reopening Lock #739
- Send login_hint when detecting previous session #729
defaultADUsernameFromEmailPrefixis not implemented #713- [v10] Enterprise connections don't strip domain from email #543
Added
- Allow to override socialButtonStyle on show #766 (glena)
- Added new error code: session_missing #760 (glena)
- Add events validation and fail if it is not a valid one #756 (glena)
- Added flag defaultADUsernameFromEmailPrefix #754 (glena)
- Send login_hint when detecting previous session #753 (glena)
- Create fa.js #752 (doroudi)
Changed
Fixed
v10.7.3 (2016-12-19)
Fixed
v10.7.2 (2016-12-01)
Fixed
- Fix how the tenant and application info url is build to avoid format issues #740 (glena)
- Fix: Single saml connection with no domain shows undefined in button #738 (glena)
v10.7.1 (2016-11-25)
Fixed
- fix options override on show #732 (glena)
- One questionmark is enough #731 (retorquere)
v10.7.0 (2016-11-22)
Added
- Add missing Norwegian translations #721 (francisrath)
Changed
- Update auth0.js to v7.5.0 #730 (hzalaz)
- "Email" type for email input #724 (glena)
- Enterprise: force username for AD connections #714 (glena)
Deprecated
v10.6.1 (2016-11-09)
Fixed
v10.6.0 (2016-11-07)
Changed
- Update auth0.js to 7.4.0 #705 (hzalaz)
- allow to override language, dict, logo and primary color on show method #680 (glena)
- Webpack for bundling #663 (glena)
Fixed
v10.5.1 (2016-10-28)
Closed issues
- [Lock 10.5.0] Prefill fails when using username #685
- [Lock 10.5.0] "TypeError: next is not a function" when closing social connection popup #682
Fixed
- Disabled username verification for prefill #686 (glena)
- 'TypeError: next is not a function' when closing social connection popup #684 (glena)
- Fix focus visual feedback in email and username inputs #681 (gnandretta)
v10.5.0 (2016-10-24)
Closed issues
- [v10.4.0] Cannot read property 'get' of undefined. #658
- Lock not showing rule errors in redirect mode #637
- Single AD connection without domain shows undefined in message #627
- Issues with Overlay mode + signUpLink setting on a SPA #619
- [UX] Password field shouldn't show error message immediately (on focus). #540
Added
- Create vi.js in /src/i18n #662 (IoHL)
- Added support for custom oauth2 connections #648 (glena)
- Create ca.js #645 (alexandresaiz)
- Support connectionScopes for oauth2 connections #643 (glena)
- Allow to display a flash message on lock.show #639 (glena)
- MFA when using oauth/ro endpoint #628 (dafortune)
Changed
- Password field shouldn't show error message immediately (on focus) #668 (glena)
- Update auth0.js to latest #665 (hzalaz)
- Added default values to the dictionary and warn about missing keys #651 (glena)
- Fix Issues with Overlay mode + signUpLink setting on a SPA #650 (glena)
- Only require non-empty value for username when DB connection is custom or import is enabled #646 (glena)
- Update uglify task to generate sourcemaps #638 (cristiandouce)
Fixed
- Fix [v10.4.0] Cannot read property 'get' of undefined. #658 #660 (glena)
- Changed to regular spaces. #653 (nicosabena)
- Single AD connection without domain shows undefined in message #642 (glena)
- show properly terms on desktop and mobile #641 (beneliflo)
- Fix typo in the word "corporate" #632 (wags)
- Change the term email to e-mail and emailadres to e-mailadres #629 (ToonDC)
v10.4.1 (2016-10-21)
Changed
- Update auth0.js to v7.3.0
v10.4.0 (2016-09-27)
Closed issues
- theme.logo regression in 10.3.0 #617
Changed
Fixed
- Fix bad reference for unrecoverable_error event emitter #625 (cristiandouce)
- Fixes for 10.3.0 regression #618 (doapp-ryanp)
v10.3.0 (2016-09-19)
Closed issues:
- v10: KerberosScreen failing on internal Network #590
- Languages not available on cdn.eu.auth0.com #576
- The lock v10 with ionic2 page can not scroll. #532
- Signup terms checkbox overlays password field on small devices. #525
- Lock + Meteor breaks when trying to require & use blueimp-md5 #466
- White space on bottom when running/simulating on mobile device #376
Fixed:
- Bump blueimp-md5@2.3.1 #613 (cristiandouce)
- Handle uncaught unrecoverable_error #609 (eddiezane)
- fixed loading unaligned with label submit #606 (beneliflo)
- Fix EscKeyDownHandler bug in Container when
closableis false #604 (kevinzwh) - Fix checkbox terms #597 (beneliflo)
- Fixes corporate network connection usage #594 (CriGoT)
- fixed ionic page scroll #591 (beneliflo)
Added:
- Add min/max username validation from application info settings #611 (cristiandouce)
- Introduce clientBaseUrl and languageBaseUrl options to deprecate assetsUrl #601 (cristiandouce)
- Added Hungarian translations #599 (nagyv)
- Add french translation #596 (RomainFallet)
- Added Swedish (sv) translation. #593 (kuljaninemir)
Changed:
- use ReactCSSTransitionGroup for global messages #595 (robbiewxyz)
Deprecation notice:
This version introduces languageBaseUrl and clientBaseUrl in replacement of assetsUrl.
- The application will be fetched from
${clientBaseUrl}/${clientID}.jsand will default to the CDN url including the region (e.g.https://cdn.eu.auth0.com/client). The region is inferred from thedomain. - The language will be fetched from
${languageBaseUrl}/${lang}.jsand will default to the CDN without the region (e.g.https://cdn.auth0.com/js/lock/${lockVersion}/). - The new options have priority over
assetsUrl. - If
assetsUrlis provided, keep the current behavior: fetch application from${assetsUrl}/client/${clientID}.jsand languages from{assetsUrl}/js/lock/${lockVersion}/${language}.js.
v10.2.3 (2016-10-21)
- Use auth0.js version 7.3.0
v10.2.2 (2016-08-31)
- Decode window.location.href before parsing hash (#583)
- Change the default value for hash in WebApi.parseHash() internal method (#587)
v10.2.1 (2016-08-18)
- Allow dots in HRD username and clear errors before leaving the HRD screen (#574)
v10.2.0 (2016-08-18)
- Show a label in the submit button by default (#524)
- Show the Auth0 badge only in modal mode and on the bottom left of the overlay (#552)
- Replace the log in / sign up segmented control for tabs (#553)
- German translation corrections (#549)
- Add
responseMode: "form_post"option (#526) - Add the
hash_parsedevent (#535) - Add
zhtranslation (#548) - Allow to override some options in the
showmethod (#550) - Add
nbtranslation (#560)
v10.1.0 (2016-08-09)
- Add
detranslation (#546)
v10.0.2 (2016-08-05)
- Fix header in Edge (#528)
- Allow to reuse a given container id (#533)
- Stop showing last login screen when the initial screen is not login (#534)
- Fix email input in IE 10 (#537)
v10.0.1 (2016-07-27)
- Stopped dropping keys on email input in IE (#505)
- Protect against svgs background colors set by other stylesheets (#506)
- Ensure header styling looks fine in IE (#507)
v10.0.0 (2016-07-20)
- The
parseHashmethod was removed given that now it is automatically handled by Lock.
- Stopped hiding errors that are raised from event listeners.
- Handle the new variants of password policy errors during sign up.
v10.0.0-rc.2 (2016-07-05)
- Fixed issue with the blueimp library when bundling with webpack.
- Stopped fetching SSO data when SSO is disabled.
- The location hash is no longer cleared every time Lock is initialized.
- The validator function for additional sign up fields now allows to specify a hint that will be displayed when the field is invalid.
v10.0.0-rc.1 (2016-06-22)
- Show Auth0 badge in the bottom only for free plans.
v10.0.0-beta.5 (2016-06-21)
- Fixed bug that prevented custom sign up fields from being validated.
- Upgraded to React v15.
- Upgraded auth0.js to v7.0.3.
- Added the
languageoption. Translations forit,pt-br,ruandesare provided out of the box. Thanks @yvonnewilson, @dirceu, @lilapustovoyt and @darkyen! - Lock now will emit the following events.
show: emitted when Lock is shown. Has no arguments.hide: emitted when Lock is hidden. Has no arguments.unrecoverable_error: emitted when there is an unrecoverable error, for instance when no connection is available. Has the error as the only argument.authenticated: emitted after a successful authentication. Has the authentication result as the only argument.authorization_error: emitted when authorization fails. Has the error as the only argument. Note theauthenticatedandauthorization_errorevents replace the callback in the constructor.
- Display a tooltip on invalid inputs with a hint on how to fix the error.
v10.0.0-beta.4 (2016-05-17)
- A proper error message is shown when no connection is available.
- Removed JSONP support.
- Support for the new Bitbucket and Dropbox social connections.
- Additional sign up fields can now be prefilled and have a
selecttype, which allows the user to choose the value from a predefined list of options.
v10.0.0-beta.3 (2016-05-10)
- Allow to translate password strength messages.
- Don't fetch profile automatically after a successful login.
- Display just an email input in the forgot password screen. Before, an username input was displayed when the connection required an username.
v10.0.0-beta.2 (2016-04-25)
- Fetch bigger gravatars, so they look better on high-density screens.
- Don't fetch SSO data when SSO is disabled.
- Bunch of small UI issues.
- NPM package require. Now
require('auth0-lock')will work (previously you had to dorequire('auth0-lock/lib/classic')).
- Renamed
closemethod tohide. - Renamed
connectionsoption toallowedConnections. - Renamed
signUp.footerTextdict key tosignUp.terms.
- Support for enterprise connections.
- Allow to specify the the default datbase connection via the
defaultDatabaseConnectionoption. - Optionally request users to agree to terms and conditions before
signing up via the
mustAcceptTermsoption.
v10.0.0-beta.1 (2016-03-23)
First preview release, see https://auth0.com/docs/libraries/lock/v10 for details.