Release PR

.changeset/config.json

@@ -13,7 +13,6 @@
   "baseBranch": "master",
   "updateInternalDependencies": "patch",
   "ignore": [
-    "@forgerock/token-vault",
     "autoscript-apps",
     "autoscript-suites",
     "mock-api",

.github/workflows/ci-fork.yml

@@ -54,4 +54,4 @@ jobs:
       - run: git branch --track main origin/main || true
 
       - run: pnpm nx format:check
-      - run: pnpm nx affected -t build typecheck lint test e2e-ci
+      - run: pnpm nx affected -t build typecheck lint test e2e

.github/workflows/ci.yml

@@ -36,6 +36,9 @@ jobs:
       - run: pnpm exec nx-cloud record -- nx format:check --verbose
       - run: pnpm exec nx affected -t build lint test docs e2e-ci
 
+      - name: Publish previews to Stackblitz on PR
+        run: pnpm pkg-pr-new publish './packages/*' --packageManager=pnpm  --pnpm
+
       - uses: codecov/codecov-action@v5
         with:
           files: ./packages/**/coverage/*.xml

.github/workflows/labeler.yml

@@ -9,6 +9,7 @@ env:
 jobs:
   label-pr:
     runs-on: ubuntu-latest
+    if: ${{github.event.pull_request.head.repo.full_name == github.repository}}
     steps:
       - uses: actions/checkout@v3
         with:

.github/workflows/publish.yml

@@ -102,21 +102,29 @@ jobs:
       - name: Format published packages for Slack
         if: steps.changesets.outputs.published == 'true'
         id: format-packages
+        env:
+          PUBLISHED_PACKAGES: ${{ steps.changesets.outputs.publishedPackages }}
         run: |
-          PACKAGES=$(echo '${{ steps.changesets.outputs.publishedPackages }}' | jq -r '.[] | ":package: *\(.name)* `\(.version)`"')
-          echo "formatted<<EOF" >> $GITHUB_OUTPUT
-          echo "$PACKAGES" >> $GITHUB_OUTPUT
+          FORMATTED=$(echo "$PUBLISHED_PACKAGES" | jq -r '.[] | ":package: *\(.name)* `\(.version)`"')
+          PAYLOAD=$(jq -n --arg packages "$FORMATTED" '{"publishedPackages": $packages}')
+          echo "payload<<EOF" >> $GITHUB_OUTPUT
+          echo "$PAYLOAD" >> $GITHUB_OUTPUT
           echo "EOF" >> $GITHUB_OUTPUT
 
       - name: Send GitHub Action data to a Slack workflow
         if: steps.changesets.outputs.published == 'true'
+        id: slack-notify
+        continue-on-error: true
         uses: slackapi/slack-github-action@v2.1.1
         with:
-          payload-delimiter: '_'
           webhook: ${{ env.SLACK_WEBHOOK_URL }}
           webhook-type: webhook-trigger
-          payload: |
-            publishedPackages: ${{ steps.format-packages.outputs.formatted }}
+          payload: ${{ steps.format-packages.outputs.payload }}
+
+      - name: Warn if Slack notification failed
+        if: steps.slack-notify.outcome == 'failure'
+        run: |
+          echo "::warning::Slack notification failed. Check the webhook URL and payload format."
 
       - name: Run code coverage
         uses: codecov/codecov-action@v5
@@ -157,13 +165,30 @@ jobs:
         id: npmpublish
         run: pnpm publish -r --tag ${{ inputs.npm_tag }} --no-git-checks --access ${{ inputs.npm_access }}
 
+      - name: Format published packages for Slack
+        if: steps.npmpublish.outcome == 'success'
+        id: format-packages
+        env:
+          NPM_TAG: ${{ inputs.npm_tag }}
+          SNAPSHOT_TAG: ${{ inputs.snapshot_tag }}
+        run: |
+          FORMATTED=$(jq -rs --arg tag "$SNAPSHOT_TAG" '[.[] | select(.version | contains($tag))] | .[] | ":package: *\(.name)* `\(.version)`"' packages/*/package.json)
+          PAYLOAD=$(jq -n --arg packages "$FORMATTED" --arg npmTag "$NPM_TAG" '{"npmTag": $npmTag, "publishedPackages": $packages}')
+          echo "payload<<EOF" >> $GITHUB_OUTPUT
+          echo "$PAYLOAD" >> $GITHUB_OUTPUT
+          echo "EOF" >> $GITHUB_OUTPUT
+
       - name: Send GitHub Action data to a Slack workflow
         if: steps.npmpublish.outcome == 'success'
+        id: slack-notify-beta
+        continue-on-error: true
         uses: slackapi/slack-github-action@v2.1.1
         with:
-          payload-delimiter: '_'
           webhook: ${{ env.SLACK_WEBHOOK_URL_BETA }}
           webhook-type: webhook-trigger
-          payload: |
-            npmTag: "${{ inputs.npm_tag }}"
-            publishedPackages: ""
+          payload: ${{ steps.format-packages.outputs.payload }}
+
+      - name: Warn if Slack notification failed
+        if: steps.slack-notify-beta.outcome == 'failure'
+        run: |
+          echo "::warning::Slack beta notification failed. Check the webhook URL and payload format."

e2e/autoscript-suites/src/suites/authn-central-logout.test.ts

@@ -20,7 +20,7 @@ test('should login and logout with pingone', async ({ page }) => {
   await btn.click({ delay: 1000 });
   await page.waitForURL(/ping/);
   await page.getByPlaceholder('Username').fill('reactdavinci@user.com');
-  await page.getByRole('textbox', { name: 'Password' }).fill('bae0fzc-mzg3krg5FQB');
+  await page.getByRole('textbox', { name: 'Password' }).fill('twf0MCH5xnw.jcj4qtq');
   await page.getByRole('button', { name: 'Sign On' }).click();
 
   await expect(page.getByText('preferred_username')).toContainText('reactdavinci@user.com');

package.json

@@ -95,7 +95,7 @@
     "mkcert": "^3.2.0",
     "npm-cli-login": "^1.0.0",
     "nx": "20.3.3",
-    "pkg-pr-new": "^0.0.60",
+    "pkg-pr-new": "^0.0.63",
     "playwright": "1.47.2",
     "prettier": "^3.2.5",
     "pretty-quick": "^4.0.0",

packages/javascript-sdk/CHANGELOG.md

@@ -1,5 +1,22 @@
 # Changelog
 
+## 4.9.0
+
+### Minor Changes
+
+- [#571](https://github.com/ForgeRock/forgerock-javascript-sdk/pull/571) [`03135cf`](https://github.com/ForgeRock/forgerock-javascript-sdk/commit/03135cf543e3f694d48e6b9e0b9116ccf42737d1) Thanks [@cameronwhitworthforgerock](https://github.com/cameronwhitworthforgerock)! - Added support for Conditional UI elements with WebAuthN
+
+- [#581](https://github.com/ForgeRock/forgerock-javascript-sdk/pull/581) [`1253482`](https://github.com/ForgeRock/forgerock-javascript-sdk/commit/1253482a3c517ba470f4dd8c6e43b89d380d6944) Thanks [@SteinGabriel](https://github.com/SteinGabriel)! - fix(protect): update Protect callback with new Signals SDK config
+
+### Patch Changes
+
+- [#577](https://github.com/ForgeRock/forgerock-javascript-sdk/pull/577) [`1fb1e57`](https://github.com/ForgeRock/forgerock-javascript-sdk/commit/1fb1e574a6583b00cecb909534e005da3b7d247e) Thanks [@thomas-schofield-fr](https://github.com/thomas-schofield-fr)! - WebAuthn improvements
+
+  - Fix parsing of WebAuthn scripts when `asScript` is true
+  - Improve handling when conditional mediation is not supported
+  - Enable re-invocation of WebAuthn requests
+  - Enable modification of options passed to navigator.credentials.get()
+
 ## 4.8.3
 
 ### Patch Changes

packages/javascript-sdk/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@forgerock/javascript-sdk",
-  "version": "4.8.3",
+  "version": "4.9.0",
   "description": "ForgeRock JavaScript SDK",
   "author": "ForgeRock",
   "license": "MIT",

packages/javascript-sdk/src/fr-auth/callbacks/ping-protect-initialize-callback.test.ts

@@ -3,7 +3,7 @@
  *
  * ping-protect-intitialize-callback.test.ts
  *
- * Copyright (c) 2024 - 2025 Ping Identity Corporation. All rights reserved.
+ * Copyright (c) 2024 - 2026 Ping Identity Corporation. All rights reserved.
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
  */
@@ -186,6 +186,80 @@ describe('PingOneProtectInitializeCallback', () => {
     });
   });
 
+  it('should return signalsInitializationOptions directly when valid', () => {
+    const signalsInitializationOptions = {
+      agentIdentification: 'false',
+      htmlGeoLocation: 'true',
+      behavioralDataCollection: 'true',
+      universalDeviceIdentification: 'false',
+      option1: 'value1',
+      disableTags: 'false',
+    };
+
+    const callback = new PingOneProtectInitializeCallback({
+      type: 'PingOneProtectInitializeCallback' as CallbackType,
+      input: [],
+      output: [
+        {
+          name: 'signalsInitializationOptions',
+          value: signalsInitializationOptions,
+        },
+        {
+          name: 'envId',
+          value: 'legacy-env-id-that-should-be-ignored',
+        },
+      ],
+    });
+
+    const config = callback.getConfig();
+    expect(config).toEqual(signalsInitializationOptions);
+    expect(config).not.toHaveProperty('envId');
+  });
+
+  it('should fallback to legacy config when signalsInitializationOptions is invalid', () => {
+    const callback = new PingOneProtectInitializeCallback({
+      type: 'PingOneProtectInitializeCallback' as CallbackType,
+      input: [],
+      output: [
+        {
+          name: 'signalsInitializationOptions',
+          value: [],
+        },
+        {
+          name: 'envId',
+          value: '02fb4743-189a-4bc7-9d6c-a919edfe6447',
+        },
+      ],
+    });
+
+    const config = callback.getConfig();
+    expect(config).toMatchObject({
+      envId: '02fb4743-189a-4bc7-9d6c-a919edfe6447',
+      behavioralDataCollection: true,
+      disableTags: false,
+    });
+  });
+
+  it('should fallback to legacy config when signalsInitializationOptions is missing', () => {
+    const callback = new PingOneProtectInitializeCallback({
+      type: 'PingOneProtectInitializeCallback' as CallbackType,
+      input: [],
+      output: [
+        {
+          name: 'envId',
+          value: '02fb4743-189a-4bc7-9d6c-a919edfe6447',
+        },
+      ],
+    });
+
+    const config = callback.getConfig();
+    expect(config).toMatchObject({
+      envId: '02fb4743-189a-4bc7-9d6c-a919edfe6447',
+      behavioralDataCollection: true,
+      disableTags: false,
+    });
+  });
+
   it('should test the setClientError method', () => {
     const callback = new PingOneProtectInitializeCallback({
       type: 'PingOneProtectInitializeCallback' as CallbackType,

packages/javascript-sdk/src/fr-auth/callbacks/ping-protect-initialize-callback.ts

@@ -3,7 +3,7 @@
  *
  * ping-protect-initialize-callback.ts
  *
- * Copyright (c) 2024 - 2025 Ping Identity Corporation. All rights reserved.
+ * Copyright (c) 2024 - 2026 Ping Identity Corporation. All rights reserved.
  * This software may be modified and distributed under the terms
  * of the MIT license. See the LICENSE file for details.
  */
@@ -26,6 +26,18 @@ class PingOneProtectInitializeCallback extends FRCallback {
    * Get callback's initialization config settings
    */
   public getConfig() {
+    const signalsInitializationOptions = this.getOutputByName<Record<string, unknown> | undefined>(
+      'signalsInitializationOptions',
+      undefined,
+    );
+    if (
+      signalsInitializationOptions !== null &&
+      typeof signalsInitializationOptions === 'object' &&
+      !Array.isArray(signalsInitializationOptions)
+    ) {
+      return signalsInitializationOptions;
+    }
+
     const agentIdentification = this.getOutputByName<boolean | undefined>(
       'agentIdentification',
       undefined,

packages/javascript-sdk/src/fr-webauthn/fr-webauthn.mock.data.ts

@@ -489,3 +489,40 @@ export const webAuthnRegMetaCallbackJsonResponse = {
     },
   ],
 };
+
+export const webAuthnAuthConditionalMetaCallback = {
+  authId: 'test-auth-id-conditional',
+  callbacks: [
+    {
+      type: CallbackType.MetadataCallback,
+      output: [
+        {
+          name: 'data',
+          value: {
+            _action: 'webauthn_authentication',
+            challenge: 'JEisuqkVMhI490jM0/iEgrRz+j94OoGc7gdY4gYicSk=',
+            allowCredentials: '',
+            _allowCredentials: [],
+            timeout: 60000,
+            userVerification: 'preferred',
+            mediation: 'conditional',
+            relyingPartyId: '',
+            _relyingPartyId: 'example.com',
+            extensions: {},
+            _type: 'WebAuthn',
+            supportsJsonResponse: true,
+          },
+        },
+      ],
+      _id: 0,
+    },
+    {
+      type: CallbackType.HiddenValueCallback,
+      output: [
+        { name: 'value', value: 'false' },
+        { name: 'id', value: 'webAuthnOutcome' },
+      ],
+      input: [{ name: 'IDToken1', value: 'webAuthnOutcome' }],
+    },
+  ],
+};