From 3452b9d91a0c9f380429028fb0b374a63b0c7213 Mon Sep 17 00:00:00 2001
From: Brion <info@brionmario.com>
Date: Mon, 4 Aug 2025 19:02:57 +0530
Subject: [PATCH 1/3] feat: add getDecodedIdToken function to AsgardeoContext
 and integrate it in AsgardeoProvider

---
 .../react/src/contexts/Asgardeo/AsgardeoContext.ts    | 11 ++++++++++-
 .../react/src/contexts/Asgardeo/AsgardeoProvider.tsx  |  5 +++--
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/packages/react/src/contexts/Asgardeo/AsgardeoContext.ts b/packages/react/src/contexts/Asgardeo/AsgardeoContext.ts
index 3f1f1887..0f8f6e94 100644
--- a/packages/react/src/contexts/Asgardeo/AsgardeoContext.ts
+++ b/packages/react/src/contexts/Asgardeo/AsgardeoContext.ts
@@ -17,7 +17,7 @@
  */
 
 import {Context, createContext} from 'react';
-import {HttpRequestConfig, HttpResponse, Organization, SignInOptions} from '@asgardeo/browser';
+import {HttpRequestConfig, HttpResponse, IdToken, Organization, SignInOptions} from '@asgardeo/browser';
 import AsgardeoReactClient from '../../AsgardeoReactClient';
 
 /**
@@ -89,6 +89,14 @@ export type AsgardeoContextProps = {
    * signInOptions: { prompt: "login", fidp: "OrganizationSSO" }
    */
   signInOptions?: SignInOptions;
+  /**
+   * Function to retrieve the decoded ID token.
+   * This function decodes the ID token and returns its payload.
+   * It can be used to access user claims and other information contained in the ID token.
+   *
+   * @returns A promise that resolves to the decoded ID token payload.
+   */
+  getDecodedIdToken?: () => Promise<IdToken>;
 };
 
 /**
@@ -115,6 +123,7 @@ const AsgardeoContext: Context<AsgardeoContextProps | null> = createContext<null
     requestAll: () => null,
   },
   signInOptions: {},
+  getDecodedIdToken: null,
 });
 
 AsgardeoContext.displayName = 'AsgardeoContext';
diff --git a/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx b/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx
index 3ef1e71f..51ea2c02 100644
--- a/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx
+++ b/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx
@@ -395,7 +395,8 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
         request: asgardeo.request.bind(asgardeo),
         requestAll: asgardeo.requestAll.bind(asgardeo),
       },
-      signInOptions
+      signInOptions,
+      getDecodedIdToken: asgardeo.getDecodedIdToken.bind(asgardeo),
     }),
     [
       applicationId,
@@ -412,7 +413,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
       signInSilently,
       user,
       asgardeo,
-      signInOptions
+      signInOptions,
     ],
   );
 

From 51137e9b9410fd2279ae475b55d5e63d47e91cf5 Mon Sep 17 00:00:00 2001
From: Brion <info@brionmario.com>
Date: Mon, 4 Aug 2025 19:18:20 +0530
Subject: [PATCH 2/3] feat: replace enableOIDCSessionManagement with
 syncSession for session management configuration

---
 packages/browser/src/__legacy__/client.ts            |  2 +-
 .../src/__legacy__/clients/main-thread-client.ts     |  2 +-
 .../src/__legacy__/clients/web-worker-client.ts      |  6 +++---
 .../src/__legacy__/helpers/authentication-helper.ts  |  4 ++--
 .../browser/src/__legacy__/models/client-config.ts   |  2 +-
 packages/javascript/src/models/config.ts             | 12 ++++++++++++
 .../react/src/contexts/Asgardeo/AsgardeoProvider.tsx |  4 ++++
 7 files changed, 24 insertions(+), 8 deletions(-)

diff --git a/packages/browser/src/__legacy__/client.ts b/packages/browser/src/__legacy__/client.ts
index f4b0292e..d681eb86 100755
--- a/packages/browser/src/__legacy__/client.ts
+++ b/packages/browser/src/__legacy__/client.ts
@@ -53,7 +53,7 @@ import {SPAUtils} from './utils';
 const DefaultConfig: Partial<AuthClientConfig<Config>> = {
   autoLogoutOnTokenRefreshError: false,
   checkSessionInterval: 3,
-  enableOIDCSessionManagement: false,
+  syncSession: false,
   periodicTokenRefresh: false,
   sessionRefreshInterval: 300,
   storage: BrowserStorage.SessionStorage,
diff --git a/packages/browser/src/__legacy__/clients/main-thread-client.ts b/packages/browser/src/__legacy__/clients/main-thread-client.ts
index 0bdb7222..98b0aacb 100755
--- a/packages/browser/src/__legacy__/clients/main-thread-client.ts
+++ b/packages/browser/src/__legacy__/clients/main-thread-client.ts
@@ -406,7 +406,7 @@ export const MainThreadClient = async (
     await _authenticationClient.reInitialize(config);
 
     // Re-initiates check session if the check session endpoint is updated.
-    if (config.enableOIDCSessionManagement && isCheckSessionIframeDifferent) {
+    if (config.syncSession && isCheckSessionIframeDifferent) {
       _sessionManagementHelper.reset();
 
       checkSession();
diff --git a/packages/browser/src/__legacy__/clients/web-worker-client.ts b/packages/browser/src/__legacy__/clients/web-worker-client.ts
index 673526cb..4fbdd829 100755
--- a/packages/browser/src/__legacy__/clients/web-worker-client.ts
+++ b/packages/browser/src/__legacy__/clients/web-worker-client.ts
@@ -506,7 +506,7 @@ export const WebWorkerClient = async (
             SPAUtils.setSignOutURL(url, config.clientId, instanceID);
 
             // Enable OIDC Sessions Management only if it is set to true in the config.
-            if (config.enableOIDCSessionManagement) {
+            if (config.syncSession) {
               checkSession();
             }
 
@@ -534,7 +534,7 @@ export const WebWorkerClient = async (
       await startAutoRefreshToken();
 
       // Enable OIDC Sessions Management only if it is set to true in the config.
-      if (config.enableOIDCSessionManagement) {
+      if (config.syncSession) {
         checkSession();
       }
 
@@ -829,7 +829,7 @@ export const WebWorkerClient = async (
     await communicate<Partial<AuthClientConfig<WebWorkerClientConfig>>, void>(message);
 
     // Re-initiates check session if the check session endpoint is updated.
-    if (config.enableOIDCSessionManagement && isCheckSessionIframeDifferent) {
+    if (config.syncSession && isCheckSessionIframeDifferent) {
       _sessionManagementHelper.reset();
 
       checkSession();
diff --git a/packages/browser/src/__legacy__/helpers/authentication-helper.ts b/packages/browser/src/__legacy__/helpers/authentication-helper.ts
index dc75514a..d7b7dcc8 100644
--- a/packages/browser/src/__legacy__/helpers/authentication-helper.ts
+++ b/packages/browser/src/__legacy__/helpers/authentication-helper.ts
@@ -480,7 +480,7 @@ export class AuthenticationHelper<T extends MainThreadClientConfig | WebWorkerCl
             }
 
             // Enable OIDC Sessions Management only if it is set to true in the config.
-            if (checkSession && typeof checkSession === 'function' && config.enableOIDCSessionManagement) {
+            if (checkSession && typeof checkSession === 'function' && config.syncSession) {
               checkSession();
             }
           } else {
@@ -606,7 +606,7 @@ export class AuthenticationHelper<T extends MainThreadClientConfig | WebWorkerCl
         this._spaHelper.refreshAccessTokenAutomatically(this);
 
         // Enable OIDC Sessions Management only if it is set to true in the config.
-        if (config.enableOIDCSessionManagement) {
+        if (config.syncSession) {
           checkSession();
         }
 
diff --git a/packages/browser/src/__legacy__/models/client-config.ts b/packages/browser/src/__legacy__/models/client-config.ts
index e807e7a7..19842432 100644
--- a/packages/browser/src/__legacy__/models/client-config.ts
+++ b/packages/browser/src/__legacy__/models/client-config.ts
@@ -25,7 +25,7 @@ export interface SPAConfig {
    * @remarks If the consumer app the OP is hosted in different domains,
    * third party cookies has to be enabled for this to work properly.
    */
-  enableOIDCSessionManagement?: boolean;
+  syncSession?: boolean;
   checkSessionInterval?: number;
   sessionRefreshInterval?: number;
   resourceServerURLs?: string[];
diff --git a/packages/javascript/src/models/config.ts b/packages/javascript/src/models/config.ts
index 6791e60c..6c860600 100644
--- a/packages/javascript/src/models/config.ts
+++ b/packages/javascript/src/models/config.ts
@@ -185,6 +185,18 @@ export interface BaseConfig<T = unknown> extends WithPreferences {
    * @see {@link SignUpOptions} for more details.
    */
   signUpOptions?: SignUpOptions;
+
+  /**
+   * Flag to indicate whether the Application session should be synchronized with the IdP session.
+   * @remarks This uses the OIDC iframe base session management feature to keep the application session in sync with the IdP session.
+   * WARNING: This may not work in all browsers due to 3rd party cookie restrictions.
+   * It is recommended to use this feature only if you are aware of the implications and have tested it in your target browsers.
+   * If you are not sure, it is safer to leave this option as `false`.
+   * @example
+   * syncSession: true
+   * @see {@link https://openid.net/specs/openid-connect-session-management-1_0.html#IframeBasedSessionManagement}
+   */
+  syncSession?: boolean;
 }
 
 export interface WithPreferences {
diff --git a/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx b/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx
index 51ea2c02..07038768 100644
--- a/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx
+++ b/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx
@@ -57,6 +57,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
   organizationHandle,
   applicationId,
   signInOptions,
+  syncSession,
   ...rest
 }: PropsWithChildren<AsgardeoProviderProps>): ReactElement => {
   const reRenderCheckRef: RefObject<boolean> = useRef(false);
@@ -83,6 +84,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
     signUpUrl,
     signInUrl,
     signInOptions,
+    syncSession,
     ...rest,
   });
 
@@ -397,6 +399,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
       },
       signInOptions,
       getDecodedIdToken: asgardeo.getDecodedIdToken.bind(asgardeo),
+      syncSession,
     }),
     [
       applicationId,
@@ -414,6 +417,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
       user,
       asgardeo,
       signInOptions,
+      syncSession,
     ],
   );
 

From f01f421acb6bafe10142cb329641749cc4cd64bb Mon Sep 17 00:00:00 2001
From: Brion <info@brionmario.com>
Date: Mon, 4 Aug 2025 20:20:18 +0530
Subject: [PATCH 3/3] feat: expose getDecodedIdToken from the public API

---
 .changeset/gold-tires-hug.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .changeset/gold-tires-hug.md

diff --git a/.changeset/gold-tires-hug.md b/.changeset/gold-tires-hug.md
new file mode 100644
index 00000000..3217a5fe
--- /dev/null
+++ b/.changeset/gold-tires-hug.md
@@ -0,0 +1,7 @@
+---
+'@asgardeo/browser': patch
+'@asgardeo/javascript': patch
+'@asgardeo/react': patch
+---
+
+Expose `getDecodedIdToken` from the public API