refactor(oidc-client): move authorize requests into rtk query

[cerebrl]

JIRA Ticket

SDKS-4312

Description

Migrated the fectch and iframe requests to /authorize to the OIDC API that uses RTK Query. This provides better logging and allows for middleware usage.

[changeset-bot]

🦋 Changeset detected

Latest commit: 4d0ee71

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 10 packages

Name	Type
@forgerock/oidc-client	Minor
@forgerock/davinci-client	Minor
@forgerock/protect	Minor
@forgerock/sdk-types	Minor
@forgerock/sdk-utilities	Minor
@forgerock/iframe-manager	Minor
@forgerock/sdk-logger	Minor
@forgerock/sdk-oidc	Minor
@forgerock/sdk-request-middleware	Minor
@forgerock/storage	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 4d0ee71

Command	Status	Duration	Result
nx run-many -t build	✅ Succeeded	<1s	View ↗
nx affected -t build typecheck lint test e2e-ci	✅ Succeeded	1m 11s	View ↗
nx-cloud record -- nx format:check	✅ Succeeded	1s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-08-28 22:22:44 UTC

[ancheetah]

I wonder if this logic should live in the storage client and we should standardize the return type. Currently, if the customer is using typescript it's not possible for them to use a custom remove function that resolves to some value because remove is typed a Promise<void>. I propose we make the following change in the storage client:

Currently this is the type:

export interface StorageClient<Value> {
  get: () => Promise<Value | GenericError | null>;
  set: (value: Value) => Promise<void | {
    code: string;
    message: string;
    type: string;
  }>;
  remove: () => Promise<void>;
}

Which can be changed to:

export interface StorageClient<Value, T = null> {
  get: () => Promise<Value | GenericError | null>;
  set: (value: Value) => Promise<GenericError | null>;
  remove: () => Promise<T | null>;
}

[ryanbas21]

I think this change makes sense, but we'd have to plan it for 2.0.

edit: Actually I suppose this isn't actually breaking

[cerebrl]

Yeah, I agree. Let's write up a quick story to handle that in the near future. I'd do it now, but I'm starting to get behind in my work :(

[ancheetah]

This technically isn't a FetchBaseQueryError because statusText is a an added property. For it to be a FetchBaseQueryError it would have to be something like:

response.error = {
              status: responseError.status,
              data: {
                error: details.code,
                error_description: details.message,
                type: 'auth_error',
              },
              error: details.message,
            };

[cerebrl]

You are correct. I'm intentionally doing this for reasons that are not easily articulated in a comment. Let's discuss this when we discuss errors on our upcoming call.

[ancheetah]

Same comment here. This isn't quite a FetchBaseQueryError. We might want to consider using status: 'CUSTOM_ERROR'

[cerebrl]

Let's talk about this.

[ancheetah]

This handles FetchBaseQueryError but not SerializedError. I have an example of handling both in the device client as recommended from the RTK docs.
https://github.com/ForgeRock/ping-javascript-sdk/blob/main/packages/device-client/src/lib/device.store.utils.ts

[cerebrl]

Okay, I didn't do exactly what you suggested, but I added some handling for it.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 55.47%. Comparing base (7176dd5) to head (4d0ee71).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #378   +/-   ##
=======================================
  Coverage   55.47%   55.47%           
=======================================
  Files          32       32           
  Lines        2044     2044           
  Branches      340      340           
=======================================
  Hits         1134     1134           
  Misses        910      910           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Deployed 193d2b0 to https://ForgeRock.github.io/ping-javascript-sdk/pr-378/193d2b0e55962c103c3cf3fa15bff8d0502cc660 branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

📊 Minor Changes

📈 @forgerock/oidc-client - 22.3 KB (+1.0 KB)

➖ No Changes

➖ @forgerock/davinci-client - 34.1 KB
➖ @forgerock/sdk-utilities - 4.0 KB
➖ @forgerock/device-client - 9.2 KB
➖ @forgerock/sdk-types - 5.9 KB
➖ @forgerock/protect - 150.1 KB
➖ @forgerock/sdk-oidc - 2.7 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/storage - 1.4 KB
➖ @forgerock/sdk-request-middleware - 4.4 KB
➖ @forgerock/iframe-manager - 2.4 KB

---

11 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}