auth0
diff --git a/‎CHANGELOG.md
+9 b/‎CHANGELOG.md
+9
diff --git a/‎README.md
+1-1 b/‎README.md
+1-1
diff --git a/‎docs/Authentication.html
+1-1 b/‎docs/Authentication.html
+1-1
diff --git a/‎docs/Management.html
+1-1 b/‎docs/Management.html
+1-1
diff --git a/‎docs/WebAuth.html
+2-2 b/‎docs/WebAuth.html
+2-2
diff --git a/‎docs/authentication_db-connection.js.html
+2-2 b/‎docs/authentication_db-connection.js.html
+2-2
diff --git a/‎docs/authentication_index.js.html
+32-6 b/‎docs/authentication_index.js.html
+32-6
@@ -1,4 +1,13 @@
 
+## [v9.3.0](https://github.com/auth0/auth0.js/tree/v9.3.0) (2018-02-22)
+[Full Changelog](https://github.com/auth0/auth0.js/compare/v9.2.3...v9.3.0)
+
+**Fixed**
+- Throw error when hash.state is empty [\#673](https://github.com/auth0/auth0.js/pull/673) ([luisrudge](https://github.com/luisrudge))
+- Use WinChan on popup.callback again + adding origin check to keep it secure [\#669](https://github.com/auth0/auth0.js/pull/669) ([luisrudge](https://github.com/luisrudge))
+- Fixed error handling for auth in popup mode [\#668](https://github.com/auth0/auth0.js/pull/668) ([luisrudge](https://github.com/luisrudge))
+- Fix inconsistent cross origin error handling [\#667](https://github.com/auth0/auth0.js/pull/667) ([luisrudge](https://github.com/luisrudge))
+
 ## [v9.2.3](https://github.com/auth0/auth0.js/tree/v9.2.3) (2018-02-14)
 [Full Changelog](https://github.com/auth0/auth0.js/compare/v9.2.2...v9.2.3)
 
 
@@ -20,7 +20,7 @@ From CDN
 
 ```html
 <!-- Latest patch release -->
-<script src="https://cdn.auth0.com/js/auth0/9.2.3/auth0.min.js"></script>
+<script src="https://cdn.auth0.com/js/auth0/9.3.0/auth0.min.js"></script>
 ```
 
 From [npm](https://npmjs.org)
 
@@ -499,7 +499,7 @@ <h5>Parameters:</h5>
 <br class="clear">
 
 <footer>
-    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Tue Dec 26 2017 16:09:39 GMT-0200 (-02) using the Minami theme.
+    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Thu Feb 22 2018 17:45:54 GMT-0300 (-03) using the Minami theme.
 </footer>
 
 <script>prettyPrint();</script>
 
@@ -294,7 +294,7 @@ <h5>Parameters:</h5>
 <br class="clear">
 
 <footer>
-    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Tue Dec 26 2017 16:09:39 GMT-0200 (-02) using the Minami theme.
+    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Thu Feb 22 2018 17:45:55 GMT-0300 (-03) using the Minami theme.
 </footer>
 
 <script>prettyPrint();</script>
 
@@ -99,7 +99,7 @@ <h4 class="name" id="WebAuth"><span class="type-signature"></span>new WebAuth<sp
 
     <dt class="tag-source">Source:</dt>
     <dd class="tag-source"><ul class="dummy"><li>
-        <a href="web-auth_index.js.html">web-auth/index.js</a>, <a href="web-auth_index.js.html#line33">line 33</a>
+        <a href="web-auth_index.js.html">web-auth/index.js</a>, <a href="web-auth_index.js.html#line34">line 34</a>
     </li></ul></dd>
 
 
@@ -571,7 +571,7 @@ <h5>Parameters:</h5>
 <br class="clear">
 
 <footer>
-    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Tue Dec 26 2017 16:09:39 GMT-0200 (-02) using the Minami theme.
+    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Thu Feb 22 2018 17:45:55 GMT-0300 (-03) using the Minami theme.
 </footer>
 
 <script>prettyPrint();</script>
 
@@ -113,7 +113,7 @@ <h1 class="page-title">authentication/db-connection.js</h1>
  *
  * @method changePassword
  * @param {Object} options
- * @param {String} options.email address where the user will recieve the change password email. It should match the user's email in Auth0
+ * @param {String} options.email address where the user will receive the change password email. It should match the user's email in Auth0
  * @param {String} options.connection name of the connection where the user was created
  * @param {changePasswordCallback} cb
  * @see   {@link https://auth0.com/docs/api/authentication#change-password}
@@ -154,7 +154,7 @@ <h1 class="page-title">authentication/db-connection.js</h1>
 <br class="clear">
 
 <footer>
-    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Tue Dec 26 2017 16:09:39 GMT-0200 (-02) using the Minami theme.
+    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Thu Feb 22 2018 17:45:54 GMT-0300 (-03) using the Minami theme.
 </footer>
 
 <script>prettyPrint();</script>
 
@@ -67,6 +67,15 @@ <h1 class="page-title">authentication/index.js</h1>
  * @see {@link https://auth0.com/docs/api/authentication}
  */
 function Authentication(auth0, options) {
+  // If we have two arguments, the first one is a WebAuth instance, so we assign that
+  // if not, it's an options object and then we should use that as options instead
+  // this is here because we don't want to break people coming from v8
+  if (arguments.length === 2) {
+    this.auth0 = auth0;
+  } else {
+    options = auth0;
+  }
+
   /* eslint-disable */
   assert.check(
     options,
@@ -99,7 +108,6 @@ <h1 class="page-title">authentication/index.js</h1>
   /* eslint-enable */
 
   this.baseOptions = options;
-  this.auth0 = auth0;
   this.baseOptions._sendTelemetry = this.baseOptions._sendTelemetry === false
     ? this.baseOptions._sendTelemetry
     : true;
@@ -180,8 +188,14 @@ <h1 class="page-title">authentication/index.js</h1>
     params.connection_scope = params.connection_scope.join(',');
   }
 
+  params = objectHelper.blacklist(params, [
+    'username',
+    'popupOptions',
+    'domain',
+    'tenant',
+    'timeout'
+  ]);
   params = objectHelper.toSnakeCase(params, ['auth0Client']);
-  params = objectHelper.blacklist(params, ['username']);
   params = parametersWhitelist.oauthAuthorizeParams(this.warn, params);
 
   qString = qs.stringify(params);
@@ -222,7 +236,15 @@ <h1 class="page-title">authentication/index.js</h1>
 
   params = objectHelper.toSnakeCase(params, ['auth0Client', 'returnTo']);
 
-  qString = qs.stringify(params);
+  qString = qs.stringify(objectHelper.blacklist(params, ['federated']));
+  if (
+    options &amp;&amp;
+    options.federated !== undefined &amp;&amp;
+    options.federated !== false &amp;&amp;
+    options.federated !== 'false'
+  ) {
+    qString += '&amp;federated';
+  }
 
   return urljoin(this.baseOptions.rootUrl, 'v2', 'logout', '?' + qString);
 };
@@ -338,8 +360,6 @@ <h1 class="page-title">authentication/index.js</h1>
   body = objectHelper.toSnakeCase(body, ['auth0Client']);
   body = parametersWhitelist.oauthTokenParams(this.warn, body);
 
-  body.grant_type = body.grant_type;
-
   return this.request.post(url).send(body).end(responseHandler(cb));
 };
 
@@ -396,6 +416,12 @@ <h1 class="page-title">authentication/index.js</h1>
  * @param {Function} cb
  */
 Authentication.prototype.getSSOData = function(withActiveDirectories, cb) {
+  /* istanbul ignore if  */
+  if (!this.auth0) {
+    // we can't import this in the constructor because it'd be a ciclic dependency
+    var WebAuth = require('../web-auth/index'); // eslint-disable-line
+    this.auth0 = new WebAuth(this.baseOptions);
+  }
   if (typeof withActiveDirectories === 'function') {
     cb = withActiveDirectories;
   }
@@ -542,7 +568,7 @@ <h1 class="page-title">authentication/index.js</h1>
 <br class="clear">
 
 <footer>
-    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Tue Dec 26 2017 16:09:39 GMT-0200 (-02) using the Minami theme.
+    Generated by <a href="https://github.com/jsdoc3/jsdoc">JSDoc 3.6.0</a> on Thu Feb 22 2018 17:45:54 GMT-0300 (-03) using the Minami theme.
 </footer>
 
 <script>prettyPrint();</script>