@mastra/auth-okta 0.0.0 → 0.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +32 -0
  2. package/LICENSE.md +30 -0
  3. package/package.json +15 -15
package/CHANGELOG.md CHANGED
@@ -1,5 +1,37 @@
1
1
  # @mastra/auth-okta
2
2
 
3
+ ## 0.0.2
4
+
5
+ ### Patch Changes
6
+
7
+ - fix(auth-okta): harden security defaults and address code review feedback ([#14553](https://github.com/mastra-ai/mastra/pull/14553))
8
+ - Fix cache poisoning: errors in `fetchGroupsFromOkta` now propagate so the outer `.catch` evicts the entry and retries on next request
9
+ - Reduce cookie size: only store user claims, id_token (for logout), and expiry — access/refresh tokens are no longer stored, keeping cookies under the 4KB browser limit
10
+ - Add `id_token_hint` to logout URL (required by Okta)
11
+ - Add console.warn for auto-generated cookie password and in-memory state store in production
12
+ - Document missing env vars (`OKTA_CLIENT_SECRET`, `OKTA_REDIRECT_URI`, `OKTA_COOKIE_PASSWORD`) in README and examples
13
+ - Expand `MastraAuthOktaOptions` docs to include all fields (session config, scopes, etc.)
14
+ - Fix test to actually exercise `getUserId` cross-provider lookup path
15
+
16
+ - Updated dependencies [[`68ed4e9`](https://github.com/mastra-ai/mastra/commit/68ed4e9f118e8646b60a6112dabe854d0ef53902), [`085c1da`](https://github.com/mastra-ai/mastra/commit/085c1daf71b55a97b8ebad26623089e40055021c), [`be37de4`](https://github.com/mastra-ai/mastra/commit/be37de4391bd1d5486ce38efacbf00ca51637262), [`7dbd611`](https://github.com/mastra-ai/mastra/commit/7dbd611a85cb1e0c0a1581c57564268cb183d86e), [`f14604c`](https://github.com/mastra-ai/mastra/commit/f14604c7ef01ba794e1a8d5c7bae5415852aacec), [`4a75e10`](https://github.com/mastra-ai/mastra/commit/4a75e106bd31c283a1b3fe74c923610dcc46415b), [`f3ce603`](https://github.com/mastra-ai/mastra/commit/f3ce603fd76180f4a5be90b6dc786d389b6b3e98), [`423aa6f`](https://github.com/mastra-ai/mastra/commit/423aa6fd12406de6a1cc6b68e463d30af1d790fb), [`f21c626`](https://github.com/mastra-ai/mastra/commit/f21c6263789903ab9720b4d11373093298e97f15), [`41aee84`](https://github.com/mastra-ai/mastra/commit/41aee84561ceebe28bad1ecba8702d92838f67f0), [`2871451`](https://github.com/mastra-ai/mastra/commit/2871451703829aefa06c4a5d6eca7fd3731222ef), [`085c1da`](https://github.com/mastra-ai/mastra/commit/085c1daf71b55a97b8ebad26623089e40055021c), [`4bb5adc`](https://github.com/mastra-ai/mastra/commit/4bb5adc05c88e3a83fe1ea5ecb9eae6e17313124), [`4bb5adc`](https://github.com/mastra-ai/mastra/commit/4bb5adc05c88e3a83fe1ea5ecb9eae6e17313124), [`e06b520`](https://github.com/mastra-ai/mastra/commit/e06b520bdd5fdef844760c5e692c7852cbc5c240), [`d3930ea`](https://github.com/mastra-ai/mastra/commit/d3930eac51c30b0ecf7eaa54bb9430758b399777), [`dd9c4e0`](https://github.com/mastra-ai/mastra/commit/dd9c4e0a47962f1413e9b72114fcad912e19a0a6)]:
17
+ - @mastra/core@1.16.0
18
+
19
+ ## 0.0.2-alpha.0
20
+
21
+ ### Patch Changes
22
+
23
+ - fix(auth-okta): harden security defaults and address code review feedback ([#14553](https://github.com/mastra-ai/mastra/pull/14553))
24
+ - Fix cache poisoning: errors in `fetchGroupsFromOkta` now propagate so the outer `.catch` evicts the entry and retries on next request
25
+ - Reduce cookie size: only store user claims, id_token (for logout), and expiry — access/refresh tokens are no longer stored, keeping cookies under the 4KB browser limit
26
+ - Add `id_token_hint` to logout URL (required by Okta)
27
+ - Add console.warn for auto-generated cookie password and in-memory state store in production
28
+ - Document missing env vars (`OKTA_CLIENT_SECRET`, `OKTA_REDIRECT_URI`, `OKTA_COOKIE_PASSWORD`) in README and examples
29
+ - Expand `MastraAuthOktaOptions` docs to include all fields (session config, scopes, etc.)
30
+ - Fix test to actually exercise `getUserId` cross-provider lookup path
31
+
32
+ - Updated dependencies [[`f14604c`](https://github.com/mastra-ai/mastra/commit/f14604c7ef01ba794e1a8d5c7bae5415852aacec), [`e06b520`](https://github.com/mastra-ai/mastra/commit/e06b520bdd5fdef844760c5e692c7852cbc5c240), [`dd9c4e0`](https://github.com/mastra-ai/mastra/commit/dd9c4e0a47962f1413e9b72114fcad912e19a0a6)]:
33
+ - @mastra/core@1.16.0-alpha.4
34
+
3
35
  ## 0.0.1
4
36
 
5
37
  ### Patch Changes
package/LICENSE.md ADDED
@@ -0,0 +1,30 @@
1
+ Portions of this software are licensed as follows:
2
+
3
+ - All content that resides under any directory named "ee/" within this
4
+ repository, including but not limited to:
5
+ - `packages/core/src/auth/ee/`
6
+ - `packages/server/src/server/auth/ee/`
7
+ is licensed under the license defined in `ee/LICENSE`.
8
+
9
+ - All third-party components incorporated into the Mastra Software are
10
+ licensed under the original license provided by the owner of the
11
+ applicable component.
12
+
13
+ - Content outside of the above-mentioned directories or restrictions is
14
+ available under the "Apache License 2.0" as defined below.
15
+
16
+ # Apache License 2.0
17
+
18
+ Copyright (c) 2025 Kepler Software, Inc.
19
+
20
+ Licensed under the Apache License, Version 2.0 (the "License");
21
+ you may not use this file except in compliance with the License.
22
+ You may obtain a copy of the License at
23
+
24
+ http://www.apache.org/licenses/LICENSE-2.0
25
+
26
+ Unless required by applicable law or agreed to in writing, software
27
+ distributed under the License is distributed on an "AS IS" BASIS,
28
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
29
+ See the License for the specific language governing permissions and
30
+ limitations under the License.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@mastra/auth-okta",
3
- "version": "0.0.0",
3
+ "version": "0.0.2",
4
4
  "description": "Mastra Okta Auth and RBAC integration",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",
@@ -22,12 +22,6 @@
22
22
  "dist",
23
23
  "CHANGELOG.md"
24
24
  ],
25
- "scripts": {
26
- "build": "tsup --silent --config tsup.config.ts",
27
- "build:watch": "tsup --watch --silent --config tsup.config.ts",
28
- "test": "vitest run",
29
- "lint": "eslint ."
30
- },
31
25
  "license": "Apache-2.0",
32
26
  "dependencies": {
33
27
  "@okta/okta-sdk-nodejs": "^8.0.0",
@@ -38,17 +32,17 @@
38
32
  "@mastra/core": ">=1.0.0-0 <2.0.0-0"
39
33
  },
40
34
  "devDependencies": {
41
- "@internal/lint": "workspace:*",
42
- "@internal/types-builder": "workspace:*",
43
- "@mastra/core": "workspace:*",
44
35
  "@types/node": "22.19.15",
45
- "@vitest/coverage-v8": "catalog:",
46
- "@vitest/ui": "catalog:",
36
+ "@vitest/coverage-v8": "4.0.18",
37
+ "@vitest/ui": "4.0.18",
47
38
  "eslint": "^9.39.4",
48
39
  "hono": "^4.12.8",
49
40
  "tsup": "^8.5.1",
50
- "typescript": "catalog:",
51
- "vitest": "catalog:"
41
+ "typescript": "^5.9.3",
42
+ "vitest": "4.0.18",
43
+ "@internal/lint": "0.0.74",
44
+ "@mastra/core": "1.16.0",
45
+ "@internal/types-builder": "0.0.49"
52
46
  },
53
47
  "homepage": "https://mastra.ai",
54
48
  "repository": {
@@ -61,5 +55,11 @@
61
55
  },
62
56
  "engines": {
63
57
  "node": ">=22.13.0"
58
+ },
59
+ "scripts": {
60
+ "build": "tsup --silent --config tsup.config.ts",
61
+ "build:watch": "tsup --watch --silent --config tsup.config.ts",
62
+ "test": "vitest run",
63
+ "lint": "eslint ."
64
64
  }
65
- }
65
+ }