Aaron Granick

@sku154 As the error says, PKCE requires encryption support (the webcryto library, aka crypto.subtle). Most browsers only provide this interface when running on HTTPS or on http://localhost. Options here are:...

@jelhan Thank you for the concise and detailed description of the problem. I was able to reproduce the issue using the okta-auth-js test app. There is an assumption in TokenManager...

@amcdnl We always try to avoid breaking changes except on major version releases. However fixes for bugs may be considered "breaking" if developers have come to depend on broken behaviors....

@TaylorNoelJordan We have identified the flaw and are currently testing a fix for this issue.

@TaylorNoelJordan We have released a new version, 3.2.5, which should correct this flaw

> @aarongranick-okta I'm only seeing version 4.0.2 - where would I find 3.2.5? https://www.npmjs.com/package/@okta/okta-auth-js If you click "versions" you can see all published versions. We released 3.2.5 and 4.0.2 yesterday....

@DavidLozzi The `REDIRECT_OAUTH_PARAMS_NAME` should be unrelated to anything involving the token manager. We have reports that IE11, in certain modes, will clear session storage when doing a redirect. However it...

@DavidLozzi We have not released a new version of `okta-react` against `okta-auth-js@4` yet, but it is very close to release. The logic for 3.2 is here: https://github.com/okta/okta-auth-js/blob/3.2/packages/okta-auth-js/lib/token.js#L621 We also have...

@DavidLozzi We have released version 3.2.6 and 4.0.3 which contain the fix.

@florin05 Thank you for using Okta. Those two parameters you are seeing, "prompt" and "response_mode" are are used by the widget when silently receiving tokens. I am assuming since you...