search

okta / okta-signin-widget

HTML/CSS/JS widget that provides out-of-the-box authentication UX for your organization's apps
Other
370 stars 321 forks source link

Polyfil Support #1636

Open jamesreeder-okta opened 3 years ago

jamesreeder-okta commented 3 years ago

:information_source: If you have a question, please post it on the Okta Developer Forum instead. Issues in this repository are reserved for bug reports and feature requests.

I'm submitting a

Background info

The Github page for the sign-in widget reads to me based upon the following text that polyfiling is done by default for legacy browser support based upon the paragraph below on https://github.com/okta/okta-signin-widget as it says if you don't need polyfil or want to include your own, use the alternate asset.

The standard JS asset served from our CDN includes polyfills via @babel/polyfill to ensure compatibility with older browsers. This may cause conflicts if your app already includes polyfills. For this case, we provide an alternate JS asset which does not include any polyfills. However, I have to explicitly include our Okta Auth polyfill library to make it work across multiple versions of the SiW.

Reading the Okta-Auth-JS SDK page suggests to me that it needs to explicitly be included.

So this looks like a bug across recent versions of the SiW OR the language needs heavily rephrasing.

Expected behavior

Polyfil has to be explicitly included.

What went wrong?

Polyfil has to be explicitly included.

Steps to reproduce

Please feel free to register a test user on my test org via the SiW on this glitch URL. it only allows access to this SiW page app. Then test in IE11.

https://workable-remarkable-shake.glitch.me/

Your environment

aarongranick-okta commented 3 years ago

@jamesreeder-okta Thanks for raising this issue. There is some confusing ambiguity in language around the term "polyfill". The "babel-polyfill" is applied at build time and in many cases is doing runtime substitution within in the bundle for ES5 compatibility. Some developers may see conflicts when bundling multiple copies of the babel runtime.

The AuthJS polyfill, on the other hand, is a "genuine" browser polyfill which modifies global browsers objects at runtime and fills in needed features for PKCE, such as TextEncoder, UInt8Array and webcrypto

I agree we can improve the language here. Internal ref: OKTA-367507