Brett Ritter

@mfickett - Thanks for the report. As you've noted, hash fragments present a real complication - Per the OIDC spec, fragments are not allowed in redirects, so your logout callback...

Internal ref: OKTA-320773

I haven't had a chance to test it, but all the params passed to Auth should pass through to the okta-auth-js instance, and that can accept loginHint (note the change...

Internal ref: OKTA-293145

@kevinwuhoo - Thanks for the question. Our team confirms that all vulnerabilities in that list have already been patched in our internal fork of jquery 1.12.4.

@Dewar0019 - No updates. Security patches get high priority (we are not running 1.12.4, but rather a patched version) but otherwise changing that version is not a priority task. Can...

Hey @omgitstom - This ties into a deeper discussion about the goals of the samples. I'll rope you into that talk internally.

Hi @omgitstom - None of our documentation and guides treat PORT as a separate concept from redirectURI itself. Since each version of PORT would require a different allowed redirectURI setting,...

@scott-david-walker - hello again! You are correct - the samples are currently using version 4.x of the okta-signin-widget. otka-signin-widget 5.x is a recent release and we are still updating our...

@cysieks - We have not yet updated this sample to use the 5.x version of the okta-signin-widget to show that flow, but until we do hopefully this gives you enough...