remove require syntax

.vscode/launch.json

@@ -29,7 +29,9 @@
         "--runInBand",
         "--no-cache",
         "--collectCoverage=false",
+        "--testTimeout=120000",
         "--config=jest.browser.js",
+        "--testTimeout=120000",
         "${relativeFile}"
       ],
       "console": "integratedTerminal",
@@ -44,7 +46,9 @@
         "--runInBand",
         "--no-cache",
         "--collectCoverage=false",
+        "--testTimeout=120000",
         "--config=jest.server.js",
+        "--testTimeout=120000",
         "${relativeFile}"
       ],
       "console": "integratedTerminal",
@@ -55,11 +59,16 @@
       "name": "sdk: e2e spec",
       "type": "node",
       "request": "launch",
-      "args": ["wdio.conf.js", "--spec", "${file}"],
+      "args": [
+        "wdio.conf.js", "--spec", "${file}"
+      ],
       "cwd": "${workspaceFolder}/test/e2e",
       "autoAttachChildProcesses": true,
       "program": "${workspaceRoot}/test/e2e/node_modules/@wdio/cli/bin/wdio.js",
-      "console": "integratedTerminal"
+      "console": "integratedTerminal",
+      "env": {
+        "DEBUG": "1"
+      }
     },
 
     {

CHANGELOG.md

@@ -1,5 +1,31 @@
 # Changelog
 
+## 6.0.0
+
+### Breaking Changes
+
+- [#1003](https://github.com/okta/okta-auth-js/pull/1003) Supports generic UserClaims type. Custom claims should be extended by typescript generics, like `UserClaims<{ groups: string[]; }>`
+- [#1050](https://github.com/okta/okta-auth-js/pull/1050) Removes `userAgent` field from oktaAuth instance
+- [#1014](https://github.com/okta/okta-auth-js/pull/1014) Shared transaction storage is automatically cleared on success and error states. Storage is not cleared for "terminal" state which is neither success nor error.
+- [#1051](https://github.com/okta/okta-auth-js/pull/1051) Removes `useMultipleCookies` from CookieStorage options
+- [#1059](https://github.com/okta/okta-auth-js/pull/1059)
+  - Removes signOut option `clearTokensAfterRedirect`
+  - Adds signOut option `clearTokensBeforeRedirect` (default: `false`) to remove local tokens before logout redirect happen
+- [#1057](https://github.com/okta/okta-auth-js/pull/1057) Strict checks are now enabled in the Typescript compiler options. Some type signatures have been changed to match current behavior.
+
+### Features
+
+- [#1014](https://github.com/okta/okta-auth-js/pull/1014) Updates IDX API to support email verify and recovery/activation
+  - adds new configuration options `recoveryToken` and `activationToken`
+  - email verify callback:
+    - adds support for passing `otp` to idx pipeline
+    - updates samples to display error message with OTP code
+  - idx methods support new options:
+    - `exchangeCodeForTokens`. If false, `interactionCode` will be returned on the transaction at the end of the flow instead of `tokens`.
+    - `autoRemediate`. If false, there will be no attempt to satisfy remediations even if values have been passed.
+  - TransactionManager supports new option:
+    - `saveLastResponse`. If false, IDX responses will not be cached.
+
 ## 5.10.1
 
 ### Fixes

README.md

@@ -573,7 +573,6 @@ var config = {
         'sessionStorage',
         'cookie'
       ],
-      useMultipleCookies: true // puts each token in its own cookie
     },
     cache: {
       storageTypes: [
@@ -929,7 +928,7 @@ Signs the user out of their current [Okta session](https://developer.okta.com/do
 * `postLogoutRedirectUri` - Setting a value will override the `postLogoutRedirectUri` configured on the SDK.
 * `state` - An optional value, used along with `postLogoutRedirectUri`. If set, this value will be returned as a query parameter during the redirect to the `postLogoutRedirectUri`
 * `idToken` - Specifies the ID token object. By default, `signOut` will look for a token object named `idToken` within the `TokenManager`. If you have stored the id token object in a different location, you should retrieve it first and then pass it here.
-* `clearTokensAfterRedirect` - If `true` (default: `false`) a flag (`pendingRemove`) will be added to local tokens instead of clearing them immediately. Calling `oktaAuth.start()` after logout redirect will clear local tokens if flags are found. This option can be used when work with `SecureRoute` component from Okta's downstream client SDKs to guarantee the local tokens can only be cleared after the Okta SSO session is fully killed.
+* `clearTokensBeforeRedirect` - If `true` (default: `false`) local tokens will be removed before the logout redirect happen. Otherwise a flag (`pendingRemove`) will be added to each local token instead of clearing them immediately. Calling `oktaAuth.start()` after logout redirect will clear local tokens if flags are found. Use this option with care: removing local tokens before fully kill the Okta SSO session can result in logging back in again when `SecureRoute` component from Okta's downstream client SDKs is used in the application.
 * `revokeAccessToken` - If `false` (default: `true`) the access token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application.
 * `revokeRefreshToken` - If `false` (default: `true`) the refresh token will not be revoked. Use this option with care: not revoking tokens may pose a security risk if tokens have been leaked outside the application.  Revoking a refresh token will revoke any access tokens minted by it, even if `revokeAccessToken` is `false`.
 * `accessToken` - Specifies the access token object. By default, `signOut` will look for a token object named `accessToken` within the `TokenManager`. If you have stored the access token object in a different location, you should retrieve it first and then pass it here. This options is ignored if the `revokeAccessToken` option is `false`.
@@ -1838,6 +1837,10 @@ We have implemented a small SPA app, located at `./test/app/` which is used inte
 
 The [CHANGELOG](CHANGELOG.md) contains details for all changes and links to the original PR.
 
+### From 5.x to 6.x
+
+* All async [IDX API](docs/idx.md) methods will either resolve with an IDX transaction object or throw an exception. In the previous version some exceptions were caught and returned as the `error` property on an IDX transaction object.
+
 ### From 4.x to 5.x
 
 * Token auto renew requires [running OktaAuth as a service](#running-as-a-service). To start the service, call [start()](#start). `start` will also call [updateAuthState](#authstatemanagerupdateauthstate) to set an initial [AuthState](#authstatemanager)