oidc-client icon indicating copy to clipboard operation
oidc-client copied to clipboard

Published 20 hours ago verified publisher icon AxaFrance

Identity session monitoring

Open Alykod opened this issue 2 years ago • 4 comments

Issue and Steps to Reproduce

Event for validating that the auth session is still active.

If i open 2 tabs, and Identity cookies while listening to the events, then I refresh, I see the "tryKeepExistingSessionAsync_end" with a message "tokens inside storage are valid"

Is there a way to actually validate that the identity server session is still active, or a function that returns current auth status

Current config

{ authority: process.env.REACT_APP_IDENTITY_SERVER_URL, client_id: process.env.REACT_APP_IDENTITY_CLIENT_ID, redirect_uri: ${window.location.origin}/authentication/callback, scope: ${process.env.REACT_APP_IDENTITY_SERVER_SCOPES}, monitor_session: true, silent_redirect_uri: ${window.location.origin}/callback, silent_login_uri: ${window.location.origin}/authentication/silent } (Dont mind the uris, I am testing things around).

Additional Details

I have multiple applications that depend on the same identity session, and they have different client ids and scopes. I would like to be able to track when the identity session is no longer valid, or is gone, so i can reinitialize the auth flow, or take appropriate measures.

Alykod avatar Feb 17 '23 18:02 Alykod

Hi @Alykod , that a good question. I am using silent signin for doing this, but it work well on all browsers only if oidc server are on the same domain than your app.

For just a session cookie check, i have to search how to do that.

guillaume-chervet avatar Feb 17 '23 21:02 guillaume-chervet

Hi have already implemented check session for single logout. It it possible to use that but it require oidc server and app on thz same domain to work well because of the new cookie restriction : https://connect2id.com/products/server/docs/api/check-session

guillaume-chervet avatar Feb 17 '23 22:02 guillaume-chervet

Hi. Thank you for responding so quickly. The identity server is in fact on the same domain. So I need to create a check session function similar to the one used for single logout ?

Alykod avatar Feb 20 '23 14:02 Alykod

The simplest is to perform a silentlogin like you can do in the demo on multi page when your are login from first page : https://black-rock-0dc6b0d03.1.azurestaticapps.net/

guillaume-chervet avatar Feb 20 '23 14:02 guillaume-chervet