chore(oidc-client): re-export necessary types

[ancheetah]

JIRA Ticket

https://pingidentity.atlassian.net/browse/SDKS-4532

Description

Re-exports needed types from packages external to oidc-client. Updates API description in README. Adds access: public to package.json
No changeset.

Summary by CodeRabbit

• New Features

  • Added token.revoke() to support revoking tokens.

• Documentation

  • Updated examples and docs to use async/await for all OIDC client calls (initialization, authorize.background, authorize.url, token.exchange, token.get, token.revoke, user.info, user.logout).

[changeset-bot]

⚠️ No Changeset found

Latest commit: b89ad58

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[coderabbitai]

Caution

Review failed

The pull request is closed.

Walkthrough

Removed unused e2e dependencies and refactored oidc-client to move many runtime imports to type-only imports, add/re-locate public type aliases (ClientStore/RootState/AppDispatch), update function signatures to use ClientStore, and update README examples to use awaited API calls including token.revoke().

Changes

Cohort / File(s)	Change Summary
E2E OIDC App Cleanup e2e/oidc-app/package.json, e2e/oidc-app/tsconfig.app.json, e2e/oidc-app/tsconfig.json	Removed @forgerock/javascript-sdk and @forgerock/sdk-types from package.json and removed tsconfig references to the sdk-types project.
Docs: README examples packages/oidc-client/README.md	Updated examples to use await for async API calls, adjusted return/error examples, and added a token.revoke() example.
Authorize types & utils packages/oidc-client/src/lib/authorize.request.types.ts, packages/oidc-client/src/lib/authorize.request.utils.ts, packages/oidc-client/src/lib/authorize.request.ts	Added dedicated types file (BuildAuthorizationData, OptionalAuthorizeOptions); replaced local type defs with imports; changed signatures to use ClientStore; adjusted Micro return types and JSDoc to AuthorizationError; added oidcApi import.
Public type surface changes packages/oidc-client/src/types.ts, packages/oidc-client/src/lib/client.types.ts	Consolidated and re-exported several types from external packages (e.g., GetAuthorizationUrlOptions, WellKnownResponse, ActionTypes, RequestMiddleware, CustomLogger, LogLevel, StorageConfig); added public type aliases ClientStore, RootState, AppDispatch.
Import refactors — runtime → type-only packages/oidc-client/src/lib/client.store.ts, packages/oidc-client/src/lib/exchange.request.ts, packages/oidc-client/src/lib/exchange.types.ts, packages/oidc-client/src/lib/oidc.api.ts, packages/oidc-client/src/lib/wellknown.api.ts, packages/oidc-client/src/lib/exchange.utils.ts, packages/oidc-client/src/lib/logout.request.ts	Converted many value imports to import type (e.g., OidcConfig, StorageConfig, WellKnownResponse, error/logger types); added/retained needed runtime imports (e.g., logger runtime, iFrameManager), and updated function parameter types to ClientStore.
Store utils & tests cleanup packages/oidc-client/src/lib/client.store.utils.ts, packages/oidc-client/src/lib/logout.request.test.ts, packages/oidc-client/src/lib/exchange.utils.test.ts	Adjusted imports between type-only and runtime; removed exported type aliases RootState, AppDispatch, and ClientStore from the utils file; updated tests to use type-only imports and cleaned duplicate imports.
Minor non-functional packages/oidc-client/src/lib/authorize.slice.ts	Added MIT license header comment; no runtime or API changes.

Sequence Diagram(s)

sequenceDiagram
  participant App
  participant Store as ClientStore
  participant OidcAPI as oidcApi
  participant Browser

  App->>Store: call authorizeµ(...)
  Note right of Store: type is ClientStore (type-only change)
  Store->>OidcAPI: build authorization request / get url
  OidcAPI->>Browser: open redirect / iFrame (runtime iFrameManager)
  Browser-->>App: redirect / response
  App->>OidcAPI: handle response -> returns AuthorizationSuccess / AuthorizationError

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

• Pay extra attention to:
  • Places converted to import type where runtime usage might remain (logger, iFrameManager, StorageConfig).
  • Consistency of relocated types (ClientStore, BuildAuthorizationData, OptionalAuthorizeOptions) across all callers.
  • Public re-exports in packages/oidc-client/src/types.ts to avoid regressions or circular import issues.
  • README example accuracy relative to current API signatures.

Possibly related PRs

• fix(oidc-client): append query params when provided #471 — Overlaps with authorize request utilities and BuildAuthorizationData/authorize URL tuple shape changes.
• chore(oidc-client): re-export necessary types #495 — Makes many of the same type surface and store-type refactor changes across oidc-client.
• chore: type-exports #493 — Related adjustments to public type re-exports and switching imports to type-only.

Suggested reviewers

• ryanbas21
• cerebrl

Poem

"I hopped through imports, neat and spry,
Moved types to burrows, saved runtime sigh.
Docs say 'await' — promises take flight,
Revoke a token, then nibble a bite. 🥕"

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely describes the main objective of the changeset: re-exporting necessary types from the oidc-client package.
Description check	✅ Passed	The description covers the main changes and includes a JIRA ticket reference. It mentions re-exporting types, README updates, and package.json changes, though it lacks detailed explanation of specific changes made.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b51ea11 and b89ad58.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (20)

• e2e/oidc-app/package.json (1 hunks)
• e2e/oidc-app/tsconfig.app.json (0 hunks)
• e2e/oidc-app/tsconfig.json (0 hunks)
• packages/oidc-client/README.md (1 hunks)
• packages/oidc-client/src/lib/authorize.request.ts (1 hunks)
• packages/oidc-client/src/lib/authorize.request.types.ts (1 hunks)
• packages/oidc-client/src/lib/authorize.request.utils.ts (2 hunks)
• packages/oidc-client/src/lib/authorize.slice.ts (1 hunks)
• packages/oidc-client/src/lib/client.store.ts (2 hunks)
• packages/oidc-client/src/lib/client.store.utils.ts (1 hunks)
• packages/oidc-client/src/lib/client.types.ts (1 hunks)
• packages/oidc-client/src/lib/exchange.request.ts (1 hunks)
• packages/oidc-client/src/lib/exchange.types.ts (1 hunks)
• packages/oidc-client/src/lib/exchange.utils.test.ts (1 hunks)
• packages/oidc-client/src/lib/exchange.utils.ts (1 hunks)
• packages/oidc-client/src/lib/logout.request.test.ts (1 hunks)
• packages/oidc-client/src/lib/logout.request.ts (2 hunks)
• packages/oidc-client/src/lib/oidc.api.ts (1 hunks)
• packages/oidc-client/src/lib/wellknown.api.ts (1 hunks)
• packages/oidc-client/src/types.ts (1 hunks)

Tip

📝 Customizable high-level summaries are now available in beta!

You can now customize how CodeRabbit generates the high-level summary in your pull requests — including its content, structure, tone, and formatting.

• Provide your own instructions using the high_level_summary_instructions setting.
• Format the summary however you like (bullet lists, tables, multi-section layouts, contributor stats, etc.).
• Use high_level_summary_in_walkthrough to move the summary from the description to the walkthrough section.

Example instruction:

"Divide the high-level summary into five sections:

1. 📝 Description — Summarize the main change in 50–60 words, explaining what was done.
2. 📓 References — List relevant issues, discussions, documentation, or related PRs.
3. 📦 Dependencies & Requirements — Mention any new/updated dependencies, environment variable changes, or configuration updates.
4. 📊 Contributor Summary — Include a Markdown table showing contributions:
   | Contributor | Lines Added | Lines Removed | Files Changed |
5. ✔️ Additional Notes — Add any extra reviewer context.
   Keep each section concise (under 200 words) and use bullet or numbered lists for clarity."

Note: This feature is currently in beta for Pro-tier users, and pricing will be announced later.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit b89ad58

Command	Status	Duration	Result
nx run-many -t build --no-agents	✅ Succeeded	<1s	View ↗
nx affected -t build lint test e2e-ci	✅ Succeeded	1m 27s	View ↗

---

☁️ Nx Cloud last updated this comment at 2025-11-18 23:24:49 UTC

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 18.79%. Comparing base (fa3d434) to head (b89ad58).
⚠️ Report is 62 commits behind head on main.

❌ Your project status has failed because the head coverage (18.79%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #495      +/-   ##
==========================================
+ Coverage   18.52%   18.79%   +0.27%     
==========================================
  Files         138      140       +2     
  Lines       27402    27640     +238     
  Branches      963      980      +17     
==========================================
+ Hits         5076     5195     +119     
- Misses      22326    22445     +119     

Files with missing lines	Coverage Δ
packages/oidc-client/src/lib/authorize.request.ts	33.33% <100.00%> (ø)
...ges/oidc-client/src/lib/authorize.request.types.ts	100.00% <ø> (ø)
...ges/oidc-client/src/lib/authorize.request.utils.ts	43.33% <ø> (-0.76%)	⬇️
packages/oidc-client/src/lib/authorize.slice.ts	5.00% <100.00%> (+5.00%)	⬆️
packages/oidc-client/src/lib/client.store.ts	27.34% <100.00%> (ø)
packages/oidc-client/src/lib/client.store.utils.ts	61.03% <100.00%> (ø)
packages/oidc-client/src/lib/client.types.ts	100.00% <100.00%> (ø)
packages/oidc-client/src/lib/exchange.request.ts	94.73% <ø> (ø)
packages/oidc-client/src/lib/exchange.types.ts	100.00% <ø> (ø)
packages/oidc-client/src/lib/exchange.utils.ts	97.14% <ø> (ø)
... and 4 more

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/davinci-client@495

@forgerock/oidc-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/oidc-client@495

@forgerock/protect

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/protect@495

@forgerock/sdk-types

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-types@495

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-utilities@495

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/iframe-manager@495

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-logger@495

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-oidc@495

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-request-middleware@495

@forgerock/storage

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/storage@495

commit: b51ea11

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packages/oidc-client/src/lib/authorize.request.ts (1)

15-36: Consider making createClientStore a type-only import and updating JSDoc

createClientStore is only used in the store: ReturnType<typeof createClientStore> annotation, so it could be imported with import type to avoid an unnecessary runtime dependency. Also, the authorizeµ JSDoc does not mention the store parameter, which can be updated for clarity.

packages/oidc-client/src/lib/authorize.request.utils.ts (1)

11-60: Align JSDoc return types with AuthorizationError

The functions here now use AuthorizationError in their TypeScript signatures (buildAuthorizeOptionsµ, createAuthorizeErrorµ, handleResponseµ), but the JSDoc still refers to AuthorizeErrorResponse in some @returns annotations. It would be good to update the JSDoc to use AuthorizationError (or otherwise match the actual types) to avoid confusion for consumers and tooling.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between abc449e and d822caf.

⛔ Files ignored due to path filters (1)

• pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (17)

• e2e/oidc-app/package.json (1 hunks)
• e2e/oidc-app/tsconfig.app.json (0 hunks)
• e2e/oidc-app/tsconfig.json (0 hunks)
• packages/oidc-client/README.md (1 hunks)
• packages/oidc-client/package.json (1 hunks)
• packages/oidc-client/src/lib/authorize.request.ts (1 hunks)
• packages/oidc-client/src/lib/authorize.request.types.ts (1 hunks)
• packages/oidc-client/src/lib/authorize.request.utils.ts (1 hunks)
• packages/oidc-client/src/lib/client.store.ts (2 hunks)
• packages/oidc-client/src/lib/client.store.utils.ts (1 hunks)
• packages/oidc-client/src/lib/exchange.request.ts (1 hunks)
• packages/oidc-client/src/lib/exchange.types.ts (1 hunks)
• packages/oidc-client/src/lib/exchange.utils.test.ts (1 hunks)
• packages/oidc-client/src/lib/logout.request.test.ts (1 hunks)
• packages/oidc-client/src/lib/oidc.api.ts (1 hunks)
• packages/oidc-client/src/lib/wellknown.api.ts (1 hunks)
• packages/oidc-client/src/types.ts (1 hunks)

💤 Files with no reviewable changes (2)

• e2e/oidc-app/tsconfig.app.json
• e2e/oidc-app/tsconfig.json

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-09-23T20:50:26.537Z

Learnt from: ancheetah
Repo: ForgeRock/ping-javascript-sdk PR: 417
File: packages/sdk-effects/storage/src/lib/storage.effects.ts:11-12
Timestamp: 2025-09-23T20:50:26.537Z
Learning: When the storage client API was changed from returning void to GenericError | null in SDKS-4361, call sites in DaVinci client and OIDC client were not updated to handle the returned errors, creating a follow-up task for proper error handling implementation.

Applied to files:

• packages/oidc-client/src/types.ts

🧬 Code graph analysis (1)

packages/oidc-client/src/lib/authorize.request.types.ts (1)

packages/oidc-client/src/types.ts (1)

• GetAuthorizationUrlOptions (13-13)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: Mend Code Security Check
• GitHub Check: pr

🔇 Additional comments (12)

packages/oidc-client/src/lib/exchange.utils.test.ts (1)

10-11: Type-only imports here are appropriate and safe

OidcConfig and GetAuthorizationUrlOptions are used purely as annotations, so switching these to import type is correct and has no runtime effect on the tests.

packages/oidc-client/src/lib/client.store.utils.ts (1)

8-31: Value import for loggerFn matches ReturnType<typeof loggerFn> usage

Switching loggerFn to a runtime import is necessary so ReturnType<typeof loggerFn> is valid; this keeps the logger extra argument correctly typed while only passing the instance through Redux middleware.

packages/oidc-client/src/lib/logout.request.test.ts (1)

11-36: MSW v2-style handlers and type-only imports look consistent

Using http/HttpResponse for the mocked endpoints aligns with the modern msw API, and converting OauthTokens/OidcConfig to import type is correct since they’re used only in annotations/generics.

packages/oidc-client/src/lib/client.store.ts (1)

7-23: Runtime/type import split for logger and storage is sound

Using runtime imports for loggerFn and createStorage while moving CustomLogger, LogLevel, and StorageConfig to import type cleanly separates value vs. type usage; the as StorageConfig cast remains purely compile-time, so this doesn’t affect runtime behavior.

packages/oidc-client/src/lib/exchange.types.ts (1)

7-29: Type-only import of OidcConfig matches its usage

OidcConfig is referenced only inside the TokenRequestOptions interface, so converting it to import type is correct and avoids adding any runtime dependency on ./config.types.js.

packages/oidc-client/src/lib/wellknown.api.ts (1)

10-21: WellKnownResponse correctly converted to a type-only import

Since WellKnownResponse is used solely as a generic type for the RTK Query endpoint, importing it with import type is a safe, purely compile-time change.

e2e/oidc-app/package.json (1)

12-16: E2E app dependency reduction is reasonable—verify no stale imports

Having the e2e app depend only on @forgerock/oidc-client fits the re-export strategy; just confirm there are no remaining @forgerock/javascript-sdk or @forgerock/sdk-types imports in the e2e source before merging.

packages/oidc-client/package.json (1)

40-42: Public publish configuration looks correct—align with release workflow

Adding "publishConfig": { "access": "public" } is the right knob for exposing @forgerock/oidc-client on npm; just ensure this matches your registry permissions and any changeset/release process you follow for version bumps.

packages/oidc-client/src/lib/exchange.request.ts (1)

15-17: Type-only imports for exchange typings look good

Using StorageConfig from @forgerock/storage and TokenExchangeErrorResponse as type-only imports keeps runtime lean while aligning with the public type surface; no behavior change implied here.

packages/oidc-client/src/lib/authorize.request.types.ts (1)

7-10: Centralizing authorize option types looks consistent

Defining BuildAuthorizationData and OptionalAuthorizeOptions here, based on GetAuthorizationUrlOptions, matches their usage in the utils and cleanly exposes them as part of the public type surface.

packages/oidc-client/src/types.ts (1)

11-18: Public type re-exports align with the package’s API goals

Re-exporting GenericError, GetAuthorizationUrlOptions, WellKnownResponse, request-middleware, logger, and storage types as type-only exports from this barrel matches the PR’s goal of exposing all required external types via oidc-client without adding runtime weight.

packages/oidc-client/src/lib/oidc.api.ts (1)

4-19: The logger is consistently wired in all relevant store configurations; no action needed.

Verification confirms that all createClientStore calls found in the codebase pass a logger instance. Since oidcApi is only used with stores created through createClientStore, and the parameter is consistently provided at all call sites, the runtime concern does not apply. The code pattern is safe and correct.

[github-actions]

Deployed e34580a to https://ForgeRock.github.io/ping-javascript-sdk/pr-495/e34580a78513f883adc4f07e1fa9cd9850ec3842 branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/journey-client - 0.0 KB (-82.4 KB, -100.0%)

📊 Minor Changes

📈 @forgerock/oidc-client - 23.4 KB (+0.3 KB)
📈 @forgerock/journey-client - 82.4 KB (+0.0 KB)

➖ No Changes

➖ @forgerock/device-client - 9.2 KB
➖ @forgerock/protect - 150.1 KB
➖ @forgerock/sdk-utilities - 7.5 KB
➖ @forgerock/sdk-types - 8.0 KB
➖ @forgerock/storage - 1.4 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/iframe-manager - 2.4 KB
➖ @forgerock/sdk-request-middleware - 4.5 KB
➖ @forgerock/sdk-oidc - 2.6 KB
➖ @forgerock/davinci-client - 39.5 KB

---

13 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}

[ryanbas21]

This seems unnecessary, it doesnt hurt anything but publishConfig takes precedence when defined so we dont really need it if we want cli control.

[ancheetah]

removed