1.4.1

• The fastboot-app-server dependency has been removed, see #1446.
• The torii authenticator will no longer override the session data with the data returned from the torii provider when restoring the session, see #1310.
• Ember.testing is no longer destructured which could cause problems with recent ember-qunit/ember-cli-qunit/ember-test-helpers versions, see #1477.
• The fastboot-tests and guides directories are no longer distributed with the npm package, see #1470.
• The OAuth 2.0 authenticator will now reject correctly for responses with an invalid (non-JSON) response body, see #1487, #1442.
• The cookie that stores the session cookie's expiration time is now cleared when that time is set to null, see #1463.

1.4.0

• A new session store has been added that is based on sessionStorage, see #1392.
• Several documentation errors and typos have been fixed, see #1393, #1372, #1374, #1366, #1346.

1.3.0

• ESA now uses ember-fetch instead of ember-network. ember-fetch is better maintained than ember-network and seems to emerge as the community-agreed-upon standard for a FastBoot compliant fetch polyfill; see #1288.
• A new OAuth 2.0 authenticator that implements the OAuth 2.0 "Implicit Grant" has been added, along with a route mixin that makes it easy to use it; see #1252.
• ESA now depends on ember-cli-babel ^6.0.0, allowing host applications to take advantage of Ember CLI's new targets feature, see #1295.
• The DataAdapterMixin now allows overriding the handleResponse method in a way that bypasses ESA's built in logic to invalidate the session on 401 responses while still being able to call _super to invoke the base authenticator's logic; see #1290.

1.2.2

• The session is now correctly restored when running Ember 2.13, see #1267.
• The mechanism that triggers authentication in the AuthenticatedRouteMixin is now encapsulated in the (overridable) triggerAuthentication method, see #1278.
• The ember-cookies dependency has been upgraded to 0.0.13, see #1281.

1.2.1

• Arguments passed to the session service's invalidate method will now be passed on to the authenticator's invalidate method along with the session data, see #1093.
• The generators for the torii authenticator will now generate a valid file, including an Ember import, see #1216.
• The cookie session store now allows defining the cookie path, see #1201.
• The cookie session store will now correctly rewrite the cookie when the cookie domain or expiration time change but the cookie name remains unchanged, see #1234.
• The AuthenticatedRouteMixin and UnauthenticatedRouteMixin will no longer return the return value of transitionTo from their beforeModel methods, see #1247.
• A deprecation caused by a call to Ember.warn without a warning id has been fixed, see #1250.
• The cookie session store will now correctly restore its expiration time from the expiration time cookie if present, see #1257.
• Some parts of the documentation have been improved, see #1253, #1259, #1254.

1.2.0

• The deprecated bind method from jQuery has been replaced with on, see #1184.
• The development dependencies have been updated and unused dependencies have been removed, see #1182, #1161, #1183.
• JSHint has been replaced with ESLint, see #1185, #1186.

All changes since 1.1.0 are:

• The getOwner function is now read from the Ember object instead of importing it from ember-getowner-polyfill which fixes a deprecation, see #1124.
• Transitions are no longer aborted in the AuthenticatedRouteMixin and UnauthenticatedRouteMixin which was simply unnecessary, see #1126.
• There is now an assertion checking that a valid authorizer has been passed to the session's authorize method, see #1132.
• The attempted transition is now being stored in a cookie when Ember Simple Auth intercepts a transition and redirects to the login route in the AuthenticatedRouteMixin so that the transition can be retried in the browser, see #1136.
• The ember-cookies dependency has been updated to 0.0.11 which fixes a deprecation, see #1153.
• Ember Simple Auth now longer uses Ember.K, see #1166.
• Deprecated ways to use Ember's deprecations which caused a deprecation themselves have been fixed, see #1170.
• There is now a warning when a cookieExpirationTime lower than 90 seconds is set as that will lead to problems with Ember Simple Auth's session time extension mechanism, see #1160.
• Several parts of the documentation have been fixed and a new guide on implementing authentication with github has been added, see #1143, #1142, #1121, #1139.
• Ember Simple Auth now supports FastBoot out-of-the-box (when using the cookie session store), see #1035.
• Ember CLI's new rootURL setting is now used correctly, see #1070.
• The cookie session store will now rewrite its cookies when any of its configurable properties (like cookie name) change, see #1056.
• The DataAdapterMixin now also overrides the headersForRequest method which makes it behave correctly with Ember Data 1.7 and above, see #1033.
• Configurable routes like the login route etc. are now configured via overriding properties of the respective route mixins instead of settings in config/environment.js, see #985.
• The OAuth 2.0 Passwort Grant authenticator now allows to define custom headers to be sent with authentication requests, see #1018.
• Authenticators can now reject with the server response when requests fail, see #1012.
• Server responses are now validated before authenticators resolve authentication, see #957.
• The offset that the OAuth 2.0 Password Grant authenticator uses when refreshing access tokens is now defined in an (overridable) property, see #840.
• The default cookie names that the cookie session store uses are now compliant with RFC 2616, see #978.

1.2.0-beta.2

• The getOwner function is now read from the Ember object instead of importing it from ember-getowner-polyfill which fixes a deprecation, see #1124.
• Transitions are no longer aborted in the AuthenticatedRouteMixin and UnauthenticatedRouteMixin which was simply unnecessary, see #1126.
• There is now an assertion checking that a valid authorizer has been passed to the session's authorize method, see #1132.
• The attempted transition is now being stored in a cookie when Ember Simple Auth intercepts a transition and redirects to the login route in the AuthenticatedRouteMixin so that the transition can be retried in the browser, see #1136.
• The ember-cookies dependency has been updated to 0.0.11 which fixes a deprecation, see #1153.
• Ember Simple Auth now longer uses Ember.K, see #1166.
• Deprecated ways to use Ember's deprecations which caused a deprecation themselves have been fixed, see #1170.
• There is now a warning when a cookieExpirationTime lower than 90 seconds is set as that will lead to problems with Ember Simple Auth's session time extension mechanism, see #1160.
• Several parts of the documentation have been fixed and a new guide on implementing authentication with github has been added, see #1143, #1142, #1121, #1139.

1.2.0-beta.1

• Ember Simple Auth now supports FastBoot out-of-the-box (when using the cookie session store), see #1035.
• Ember CLI's new rootURL setting is now used correctly, see #1070.
• The cookie session store will now rewrite its cookies when any of its configurable properties (like cookie name) change, see #1056.
• The DataAdapterMixin now also overrides the headersForRequest method which makes it behave correctly with Ember Data 1.7 and above, see #1033.
• Configurable routes like the login route etc. are now configured via overriding properties of the respective route mixins instead of settings in config/environment.js, see #985.
• The OAuth 2.0 Passwort Grant authenticator now allows to define custom headers to be sent with authentication requests, see #1018.
• Authenticators can now reject with the server response when requests fail, see #1012.
• Server responses are now validated before authenticators resolve authentication, see #957.
• The offset that the OAuth 2.0 Password Grant authenticator uses when refreshing access tokens is now defined in an (overridable) property, see #840.
• The default cookie names that the cookie session store uses are now compliant with RFC 2616, see #978.

1.1.0

There were no changes between 1.1.0-beta.5 and 1.1.0.

All changes since 1.0.1 are:

• Session Stores are now asynchronous. Synchronous session stores will still work but are now deprecated and will be removed in Ember Simple Auth 2.0, see #714, #717.
• Ember Simple auth now comes with blueprints for creating authenticators and authorizers, see #879.
• The requests that the devise authenticator makes can now be customized with additional options, see #886.
• The default for (Ember Simple Auth's internal) baseURL property is now '', see #881.
• browserify is now only enabled for Ember Simple Auth's own tests, fixing potential problems in apps, see #833.
• When the authenticator fails to restore the session with an error, that error will now be logged, see #829.
• When invalidating a torii session, the session data will now be passed to the torii provider, see #808.
• ember-getowner-polyfill is now include in Ember Simple Auth's dependencies so that applications don't have to install it explicitly, see #806.
• Ember Simple Auth will no longer trigger a deprecation regarding use of the container property, see #894, #804, #796.
• The DataAdapterMixin will now only invalidate the session on 401 responses when it is actually currently authenticated, see #722.
• The silent-error package was added as a dependency (previously it was only a dev dependency), fixing a bug that occurred when running the new generators, see #911.
• The API docs for token expiration and refresh were improved, see #921.
• Lots of Ember Simple Auth's internal where cleaned up to take more advantage of Babel in order to make the code more concise and easier to maintain, see #905.
• The ember-cli-is-package-missing package was added as a dependency (previously it was only a dev dependency), fixing a bug that occurred when running the new generators, see #913.
• A regression in the cookie store was fixed causing a transition to the routeAfterAuthentication after session restoration, see #915.
• The code base now consistently overrides the init method instead of relying on on('init', … which results in easier to understand and maintain code, see #917.
• A critical bug in the cookie store causing an immediate logout after logging in has been fixed, see #931.
• A deprecation in Ember.js 2.5.0 was fixed, see #941.
• The versions of Ember CLI used to build and develop the addon itself have been updated to the latest release versions, see #936.
• The README, API docs and contribution guidelines have been improved, see #954, #947.
• The session will now ignore session store events when it is currently authenticating or restoring, see #965.

1.1.0-beta.5

• The session will now ignore session store events when it is currently authenticating or restoring, see #965.