feat: add ability to specify iframe script origin and iframe notify parent for silent auth #514
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
pamapa
reviewed
May 2, 2022
Codecov Report
@@ Coverage Diff @@
## main #514 +/- ##
==========================================
+ Coverage 75.17% 76.88% +1.70%
==========================================
Files 44 44
Lines 1575 1579 +4
Branches 290 293 +3
==========================================
+ Hits 1184 1214 +30
+ Misses 364 336 -28
- Partials 27 29 +2
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
pamapa
reviewed
May 2, 2022
pamapa
reviewed
May 2, 2022
|
Please rebase all commits into one commit (as from different users...). Otherwise LGTM. @kherock Can you have a look too? |
Will do. Thnx @pamapa I'm done. Let me know please if there are any other requirements/adjustments needed. |
- add ability to specify target origin when doing postMessage for parent - add ability to specify script origin to listen on silent callback - update unit tests - update gitignore for local history plugin
pamapa
reviewed
May 10, 2022
|
i have added one comment to fix, if this is done i will merge this unless @kherock as more to add... |
pamapa
approved these changes
May 11, 2022
|
great work, thanks for contributing |
github-actions bot
pushed a commit
to ncats/oidc-client-ts
that referenced
this pull request
Feb 28, 2023
# 1.0.0 (2023-02-28) ### Bug Fixes * [authts#201](https://github.com/ncats/oidc-client-ts/issues/201) add sourcemaps ([6c1c965](6c1c965)) * [authts#225](https://github.com/ncats/oidc-client-ts/issues/225) move revoke from TokenRevocationClient into TokenClient ([e4570ee](e4570ee)) * [authts#257](https://github.com/ncats/oidc-client-ts/issues/257) signoutRedirect does not work ([79ebe27](79ebe27)) * [authts#314](https://github.com/ncats/oidc-client-ts/issues/314) document signingKeys is unused ([d9d79fd](d9d79fd)) * [authts#415](https://github.com/ncats/oidc-client-ts/issues/415) allow to get and process claims when scope does not contain openid ([558319b](558319b)) * [authts#435](https://github.com/ncats/oidc-client-ts/issues/435) allow passing post_logout_redirect_uri to signoutRedirect ([ad209f3](ad209f3)) * [authts#441](https://github.com/ncats/oidc-client-ts/issues/441) only validate sub during refresh token path when the optional id_token is present ([00b9072](00b9072)) * [authts#450](https://github.com/ncats/oidc-client-ts/issues/450) do not use workspaces ([4e993f4](4e993f4)) * [authts#466](https://github.com/ncats/oidc-client-ts/issues/466) clear stale states when creating new one ([1b39579](1b39579)) * [authts#569](https://github.com/ncats/oidc-client-ts/issues/569) if there's no session_state on the response, then take it from initial sign-in ([06de889](06de889)) * [authts#580](https://github.com/ncats/oidc-client-ts/issues/580) add id_token_hint if present ([0a495bb](0a495bb)) * [authts#688](https://github.com/ncats/oidc-client-ts/issues/688) id_token is lost on silent refresh token renewal ([0a49522](0a49522)) * [authts#754](https://github.com/ncats/oidc-client-ts/issues/754) preserve id_token and profile even if no openid is in scope of refresh request ([edfef08](edfef08)) * [authts#769](https://github.com/ncats/oidc-client-ts/issues/769) allow multiple resource parameters ([e0188fe](e0188fe)) * add change set ([ccf65d0](ccf65d0)) * add dist folder ([1e261f4](1e261f4)) * add release workflow ([b556057](b556057)) * add scope to refresh tokens ([62bc823](62bc823)), closes [authts#364](https://github.com/ncats/oidc-client-ts/issues/364) * allow to override acr_values in signinRedirect ([5772d5d](5772d5d)) * avoid redundant error event when a window is closed by user ([9491eea](9491eea)) * build ([d99fe4d](d99fe4d)) * code style ([562c1d4](562c1d4)) * custom state ([542e7c3](542e7c3)) * deprecated unused clockSkewInSeconds and userInfoJwtIssuer settings ([52e8799](52e8799)) * ensure we only throw something of type Error ([b9c2a38](b9c2a38)) * fully specify crypto-js imports ([8a6f772](8a6f772)) * handle case of refresh token response not containing id_token ([50fbb50](50fbb50)) * improve test asserts ([d43f46b](d43f46b)) * improve unit-tests for JsonService ([2decbab](2decbab)) * improve unit-tests for MetadataService ([b57541e](b57541e)) * improve unit-tests for ResponseValidator ([be401a6](be401a6)) * improve unit-tests for SigninResponse ([8723167](8723167)) * indent of signingKeys ([985e28f](985e28f)) * no need for open+path ([6daa33b](6daa33b)) * remove dist folder ([b1520c7](b1520c7)) * remove npm release ([d39f4a5](d39f4a5)) * signout callback ([813fda0](813fda0)) * simplify _validateIdTokenAttributes ([84935b2](84935b2)) * store keypair ([22d36af](22d36af)) * test ([bda9a69](bda9a69)) * test setup update ([3154679](3154679)) * type of AccessTokenCallback ([af51769](af51769)) * update ([15c568c](15c568c)) * update config ([5e741ab](5e741ab)) * update package ([bf00d1e](bf00d1e)) * update package file ([73720a9](73720a9)) * update package-lock file ([22115a8](22115a8)) * update release file ([00bf5dc](00bf5dc)) * update release yml file ([9c05fc8](9c05fc8)) * update token ([10ff74f](10ff74f)) * **authts#278:** expose the internal logger ([361403f](361403f)), closes [authts#278](https://github.com/ncats/oidc-client-ts/issues/278) * **authts#780:** filterProtocolClaims deletes properties required by the IdTokenClaims type ([b7fadd8](b7fadd8)), closes [authts#780](https://github.com/ncats/oidc-client-ts/issues/780) * **CheckSessionIFrame:** normalize iframe origin before comparing to the MessageEvent origin ([e8e38a7](e8e38a7)) * **docs:** update oidc-client-ts-api.md ([e785030](e785030)) * **IFrameWindow:** wait for iframe content to unload before removing from DOM ([dea5ca0](dea5ca0)) * **JsonService:** throw an ErrorResponse instance for invalid responses ([dff9cdf](dff9cdf)) * **parcel-sample:** use COOP/COEP policies compatible with window.opener ([d491e94](d491e94)) * **PopupWindow:** clear the interval checking popup closed on dispose ([346f7c1](346f7c1)) * **RedirectNavigator:** wait for 'unload' instead of 'beforeunload' ([608668b](608668b)) * **RedirectNavigator:** wait until the window is unloading to resolve the returned promise ([86f124c](86f124c)) * **TokenClient:** incorrect secret value sent for client_secret_post ([8fc20c2](8fc20c2)) * **UserManager:** fix anonymous session monitoring ([577200e](577200e)) * [#11](#11) eslint errors wherever possible ([91a4e55](91a4e55)) * [#13](#13) convert checkSessionInterval (milliseconds) to checkSessionIntervalInSeconds in settings ([7d41514](7d41514)) * [#13](#13) convert silentRequestTimeout (milliseconds) to silentRequestTimeoutInSeconds in settings ([0f7005c](0f7005c)) * [#13](#13) rename accessTokenExpiringNotificationTime to accessTokenExpiringNotificationTimeInSeconds in settings ([be7733b](be7733b)) * [#13](#13) rename clockSkew to clockSkewInSeconds in settings ([ca09d98](ca09d98)) * [#13](#13) rename duration to durationInSeconds in Timer ([3715389](3715389)) * [#13](#13) rename staleStateAge to staleStateAgeInSeconds in settings ([56bcaa6](56bcaa6)) * [authts#158](https://github.com/ncats/oidc-client-ts/issues/158) default response mode is explicit query ([b442b84](b442b84)) * [#16](#16) marshal OidcClient instead of inherit ([8009969](8009969)) * [authts#166](https://github.com/ncats/oidc-client-ts/issues/166) move samples/Angular into separate repository ([9d03379](9d03379)) * [authts#167](https://github.com/ncats/oidc-client-ts/issues/167) round tripping "state" is missing ([2d5da0f](2d5da0f)) * [authts#170](https://github.com/ncats/oidc-client-ts/issues/170) revert removing too much from commit "remove implicit flow" (320168b) and adapt ([310b0f2](310b0f2)) * [authts#173](https://github.com/ncats/oidc-client-ts/issues/173) refresh_token is undefined ([95d8443](95d8443)) * [authts#175](https://github.com/ncats/oidc-client-ts/issues/175) treat eslint warnings as errors ([13251d4](13251d4)) * [authts#184](https://github.com/ncats/oidc-client-ts/issues/184) improve esbuild ([26bdc17](26bdc17)) * [#23](#23) avoid multiple instances of MetaDataService ([00b7319](00b7319)) * [#4](#4) add explicit-function-return-type ([02606f1](02606f1)) * [authts#64](https://github.com/ncats/oidc-client-ts/issues/64) drop Cordova ([14c0be8](14c0be8)) * [#7](#7) drop Global.ts ([142d883](142d883)) * [#9](#9) change default settings to minimal + best practice ([536dc68](536dc68)) * add missing devDependencies ([0c48b70](0c48b70)) * add missing metadataSeed ([fa8f78c](fa8f78c)) * add npm package link icon ([e5d6cad](e5d6cad)) * adding url check to iframe _message ([e8bd1b2](e8bd1b2)) * adjust return type, _signinCallback never returns a user ([04831f6](04831f6)) * Angular 8 build error: ([4688b62](4688b62)) * avoid test warning by awaiting promise ([3b1bed5](3b1bed5)) * bump version ([d51c50e](d51c50e)) * change classes to use named exports instead of default exports ([712986f](712986f)) * enforce importsNotUsedAsValues ([975363b](975363b)) * explicit use window.setInterval, avoid NodeJS.Time vs number warning ([207c962](207c962)) * export modules from index directly instead of requiring and then re-exporting ([bcc98ff](bcc98ff)) * export more types (esbuild is more conservative than tsdx) ([9b7123f](9b7123f)) * for typescript v4.4.2 ([11cfd18](11cfd18)) * improve code ([5c2d93f](5c2d93f)) * improve description for UserSignedIn and UserSignedOut ([50f3b1a](50f3b1a)) * improve event logger name ([13448a8](13448a8)) * improve ParsedJwt type ([4842559](4842559)) * move eslint to devDependencies ([e6be1c8](e6be1c8)) * parcel npm scripts ([27da3f3](27da3f3)) * pipeline icon ([e8556dc](e8556dc)) * prepare for test release ([211e304](211e304)) * prevent scrollbars in browsers that refuse to render iframes with zero height ([cac300f](cac300f)) * remove argument/type mapping hack ([d66cf72](d66cf72)) * remove getEpochTime from OidcClientSettings ([6b5020c](6b5020c)), closes [/github.com/IdentityModel/oidc-client-js/pull/1271#issuecomment-769877657](https://github.com//github.com/IdentityModel/oidc-client-js/pull/1271/issues/issuecomment-769877657) * remove useless jsx config ([28662f2](28662f2)) * remove User.state, its not used at all ([703b941](703b941)) * restore Angular sample project functionality ([2a4b2b5](2a4b2b5)) * signinSilent fails when no user is available ([0c9ea9c](0c9ea9c)) * simplify the arguments types ([be75227](be75227)) * spaces ([2f623ac](2f623ac)) * support typescript 4.4.2 ([860b116](860b116)) * target ES5 to have accessors (getter) without warnings ([4d26e6e](4d26e6e)) * type ([f77455d](f77455d)) * type of jwt aud field ([a1337d4](a1337d4)) * types ([ac61a78](ac61a78)) * update repository location ([aac326e](aac326e)) * updating with changes ([319ac38](319ac38)) * url can be undefined ([047f4b1](047f4b1)) * use type exports in entrypoint ([ba3186c](ba3186c)) * window is not defined ([7a1efc0](7a1efc0)) * workflow file ([81ad9de](81ad9de)) ### Features * [#15](#15) ensure typedoc works before we merge ([f8a7669](f8a7669)) * [#15](#15) move text from index.md into source code ([c7f2a85](c7f2a85)) * [authts#152](https://github.com/ncats/oidc-client-ts/issues/152) remove implicit flow ([320168b](320168b)) * [authts#152](https://github.com/ncats/oidc-client-ts/issues/152) update docs, implicit flow is gone ([5eba1a5](5eba1a5)) * [authts#152](https://github.com/ncats/oidc-client-ts/issues/152) update samples/Parcel, implicit flow is gone ([1e8522d](1e8522d)) * [authts#251](https://github.com/ncats/oidc-client-ts/issues/251) retry silent renew for fetch timeout ([0078fd5](0078fd5)) * [authts#251](https://github.com/ncats/oidc-client-ts/issues/251) retry silent renew for iframe timeout ([b8e6c84](b8e6c84)) * [#4](#4) introduce SigningKey type ([63fccb1](63fccb1)) * [#4](#4) reduce any types ([2575030](2575030)) * [authts#73](https://github.com/ncats/oidc-client-ts/issues/73) improve logging ([eccb5dc](eccb5dc)) * add ability to specify iframe script origin and iframe notify parent for silent auth ([authts#514](https://github.com/ncats/oidc-client-ts/issues/514)) ([e28dcef](e28dcef)) * add DPoP feature ([c228b30](c228b30)) * add github pages via typedoc ([7064f82](7064f82)) * add minimal SSR support ([2a6f632](2a6f632)) * add some more typedoc comments ([9d11051](9d11051)) * add some more unit-tests for UserManager ([b520ed6](b520ed6)) * add unit-test for TokenClient ([f15ba9e](f15ba9e)) * automatically center popups in front of the opener window ([8c6f799](8c6f799)) * default of loadUserInfo changed from true to false ([a0c056c](a0c056c)) * execute "npm dedupe" ([a35caf7](a35caf7)) * extend Parcel with revoke access token ([dcde654](dcde654)) * fine tune export ([e092726](e092726)) * improve sample Parcel logging ([2e1db1a](2e1db1a)) * increase open-pull-requests-limit from 5 to 10 ([a346acb](a346acb)) * introduce ErrorTimeout ([23f8e33](23f8e33)) * introduce Logger.createStatic ([a4ce6b6](a4ce6b6)) * make use of improved logger ([f811496](f811496)) * move ErrorResponse into error sub-dir ([b8fa443](b8fa443)) * move random into CryptoUtils ([9fb4aa0](9fb4aa0)) * return destructor functions from event listener methods ([6fa9632](6fa9632)) * set sandbox attribute for iframe ([dc28584](dc28584)) * update parcel to v2.0.1 ([c037f2b](c037f2b)) * **Claims:** rebase with main ([4bfae02](4bfae02)) * **ErrorResponse:** attach the request body to POST errors ([2f793f6](2f793f6)) * **PopupWindow:** compute a default width based on the size of the window opener ([4b5f377](4b5f377)) * **User:** add types for standard claims to UserProfile ([authts#241](https://github.com/ncats/oidc-client-ts/issues/241)) ([bb33e10](bb33e10)) * [#1](#1) adapt unit-tests ([0e533b1](0e533b1)) * [#1](#1) port build system to tsdx ([cb74a41](cb74a41)) * [#1](#1) port to typescript ([bb02e6f](bb02e6f)) * [#12](#12) add eslint for unit-tests ([9e01e6f](9e01e6f)) * [#20](#20) make client_id, authority, extraQueryParams and extraTokenParams settings readonly ([8de0cf6](8de0cf6)) * [#23](#23) avoid multiple metadataUrl implementations ([a575bce](a575bce)) * [#23](#23) cache matadata and signingKeys in MetadataService ([5479346](5479346)) * [#3](#3) replace .then with async/await pattern ([35318a2](35318a2)) * [#4](#4) fix lint warnings ([f14b8c9](f14b8c9)) * [#4](#4) reduce any type ([e86bedc](e86bedc)) * [#4](#4) reduce any type in navigators ([9c82d50](9c82d50)) * [#4](#4) reduce any type in SilentRenewService ([267c5f9](267c5f9)) * [#4](#4) reduce any type in TokenClient ([2ec9624](2ec9624)) * [#4](#4) reduce any type of signin and signout chain ([cefd12a](cefd12a)) * [#4](#4) reduce any types ([312b341](312b341)) * [#4](#4) reduce eslint errors of misused-promises ([e6e0bbd](e6e0bbd)) * [#4](#4) reduce eslint errors of restrict-plus-operands ([c8973f6](c8973f6)) * [#4](#4) reduce typescript warning/error ignores ([c8f70f0](c8f70f0)) * [#4](#4) reduce usage of any type ([f067d1b](f067d1b)) * [#4](#4) reduce usage of any type ([4e56fb3](4e56fb3)) * [#4](#4) reduce usage of any type ([862b2a4](862b2a4)) * [#4](#4) reduce usage of any type: session_state is typeof string ([5e81347](5e81347)) * [#4](#4) response_mode can only be "query" or "fragment" ([7c73645](7c73645)) * [authts#48](https://github.com/ncats/oidc-client-ts/issues/48) add redirectMethod to settings ([14a481f](14a481f)) * [#5](#5) use external jsrsasign and drop rsa.js ([19b0f62](19b0f62)) * [#6](#6) make use of public/protected keyword ([172bc96](172bc96)) * [#8](#8) replace XMLHttpRequest with fetch ([4fec4d7](4fec4d7)) * [#9](#9) redirect_uri was and is a required setting ([368b25e](368b25e)) * add docusaurus website [#15](#15) ([14ce282](14ce282)) * add typedoc ([0302c21](0302c21)) * introduce sub-directories utils and navigators ([3e6d591](3e6d591)) * merge openid-configuration and metdata ([36d5add](36d5add)), closes [authts#1067](https://github.com/ncats/oidc-client-ts/issues/1067) * prevent mangling of function names ([34b5bdb](34b5bdb)) * split responses state into state_id (query id state) and "state" (callers custom state) ([0423efa](0423efa)) * support passing extra params to signin and signout requests ([7b27ccf](7b27ccf)) * support passing window params to signin/signout methods ([0e66f8a](0e66f8a)) * use Webpack 4 ([b49b3ce](b49b3ce)) ### Reverts * Revert "filter more stuff from npm?" ([44f3fbe](44f3fbe))
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The problem
Both - oidc-client-js & oidc-client-ts - support silent flow only within the same domain. However in my case - apps are hosted on different domains. It's possible to address it by specifying 2 new settings which will allow to overcome issue and make all things work even with different domains.
What for
I'm working on micro frontends implementation currently.
The main goal is to avoid explicit login flow for getting micro app access token (user does not need to enter credentials once again)
Though, both apps are separate relying parties, token is issued by the same authority.
So the main idea:
BTW, I'll add unit tests soon to cover updated scenarios
Checklist