From ebd6c3e68490891b8ede528127a7a1400383efa4 Mon Sep 17 00:00:00 2001
From: Nicolas Ayral Seydoux <nseydoux@inrupt.com>
Date: Wed, 15 Jan 2025 13:19:44 +0100
Subject: [PATCH] Preserve client metadata on silent login

---
 .../browser/src/ClientAuthentication.spec.ts  | 29 +++++++++++++++++++
 packages/browser/src/ClientAuthentication.ts  | 12 ++++----
 2 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/packages/browser/src/ClientAuthentication.spec.ts b/packages/browser/src/ClientAuthentication.spec.ts
index 5c22f00eaa..0b4c3191ff 100644
--- a/packages/browser/src/ClientAuthentication.spec.ts
+++ b/packages/browser/src/ClientAuthentication.spec.ts
@@ -230,6 +230,35 @@ describe("ClientAuthentication", () => {
       ).resolves.toBeUndefined();
     });
 
+    it("should not clear the local storage when logging in with prompt set to none", async () => {
+      const nonEmptyStorage = mockStorageUtility({
+        someUser: { someKey: "someValue" },
+      });
+      await nonEmptyStorage.setForUser(
+        "someUser",
+        { someKey: "someValue" },
+        { secure: false },
+      );
+      const clientAuthn = getClientAuthentication({
+        sessionInfoManager: mockSessionInfoManager(nonEmptyStorage),
+      });
+      await clientAuthn.login(
+        {
+          sessionId: "someUser",
+          tokenType: "DPoP",
+          clientId: "coolApp",
+          clientName: "coolApp Name",
+          redirectUrl: "https://coolapp.com/redirect",
+          oidcIssuer: "https://idp.com",
+          prompt: "none",
+        },
+        mockEmitter,
+      );
+      await expect(
+        nonEmptyStorage.getForUser("someUser", "someKey", { secure: false }),
+      ).resolves.toBe("someValue");
+    });
+
     it("throws if the redirect IRI is a malformed URL", async () => {
       const clientAuthn = getClientAuthentication();
       await expect(() =>
diff --git a/packages/browser/src/ClientAuthentication.ts b/packages/browser/src/ClientAuthentication.ts
index d7ad8b21f7..c7fe3b713b 100644
--- a/packages/browser/src/ClientAuthentication.ts
+++ b/packages/browser/src/ClientAuthentication.ts
@@ -48,13 +48,13 @@ export default class ClientAuthentication extends ClientAuthenticationBase {
     options: ILoginOptions,
     eventEmitter: EventEmitter,
   ): Promise<void> => {
+
     // In order to get a clean start, make sure that the session is logged out
-    // on login.
-    // But we may want to preserve our client application info, particularly if
-    // we used Dynamic Client Registration to register (since we don't
-    // necessarily want the user to have to register this app each time they
-    // login).
-    await this.sessionInfoManager.clear(options.sessionId);
+    // on login, except when doing a silent login so that Dynamic Client information
+    // is preserved.
+    if (options.prompt !== "none") {
+      await this.sessionInfoManager.clear(options.sessionId);
+    }
 
     // In the case of the user hitting the 'back' button in their browser, they
     // could return to a previous redirect URL that contains OIDC params that