Skip to content

Commit

Permalink
Preserve client metadata on silent login
Browse files Browse the repository at this point in the history
  • Loading branch information
@NSeydoux
NSeydoux committed Jan 15, 2025
1 parent a318914 commit ebd6c3e
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 6 deletions.
29 changes: 29 additions & 0 deletions packages/browser/src/ClientAuthentication.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -230,6 +230,35 @@ describe("ClientAuthentication", () => {
).resolves.toBeUndefined();
});

it("should not clear the local storage when logging in with prompt set to none", async () => {
const nonEmptyStorage = mockStorageUtility({
someUser: { someKey: "someValue" },
});
await nonEmptyStorage.setForUser(
"someUser",
{ someKey: "someValue" },
{ secure: false },
);
const clientAuthn = getClientAuthentication({
sessionInfoManager: mockSessionInfoManager(nonEmptyStorage),
});
await clientAuthn.login(
{
sessionId: "someUser",
tokenType: "DPoP",
clientId: "coolApp",
clientName: "coolApp Name",
redirectUrl: "https://coolapp.com/redirect",
oidcIssuer: "https://idp.com",
prompt: "none",
},
mockEmitter,
);
await expect(
nonEmptyStorage.getForUser("someUser", "someKey", { secure: false }),
).resolves.toBe("someValue");
});

it("throws if the redirect IRI is a malformed URL", async () => {
const clientAuthn = getClientAuthentication();
await expect(() =>
Expand Down
12 changes: 6 additions & 6 deletions packages/browser/src/ClientAuthentication.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,13 +48,13 @@ export default class ClientAuthentication extends ClientAuthenticationBase {
options: ILoginOptions,
eventEmitter: EventEmitter,
): Promise<void> => {

Check failure on line 51 in packages/browser/src/ClientAuthentication.ts

View workflow job for this annotation

GitHub Actions / lint / lint 

Delete `⏎`
// In order to get a clean start, make sure that the session is logged out
// on login.
// But we may want to preserve our client application info, particularly if
// we used Dynamic Client Registration to register (since we don't
// necessarily want the user to have to register this app each time they
// login).
await this.sessionInfoManager.clear(options.sessionId);
// on login, except when doing a silent login so that Dynamic Client information
// is preserved.
if (options.prompt !== "none") {
await this.sessionInfoManager.clear(options.sessionId);
}

// In the case of the user hitting the 'back' button in their browser, they
// could return to a previous redirect URL that contains OIDC params that
Expand Down

0 comments on commit ebd6c3e

Please sign in to comment.