asgardeo · brionmario · Aug 4, 2025 · Aug 4, 2025 · Aug 4, 2025 · Aug 4, 2025
diff --git a/.changeset/gold-tires-hug.md b/.changeset/gold-tires-hug.md
@@ -0,0 +1,7 @@
+---
+'@asgardeo/browser': patch
+'@asgardeo/javascript': patch
+'@asgardeo/react': patch
+---
+
+Expose `getDecodedIdToken` from the public API
diff --git a/packages/browser/src/__legacy__/client.ts b/packages/browser/src/__legacy__/client.ts
@@ -53,7 +53,7 @@ import {SPAUtils} from './utils';
 const DefaultConfig: Partial<AuthClientConfig<Config>> = {
   autoLogoutOnTokenRefreshError: false,
   checkSessionInterval: 3,
-  enableOIDCSessionManagement: false,
+  syncSession: false,
   periodicTokenRefresh: false,
   sessionRefreshInterval: 300,
   storage: BrowserStorage.SessionStorage,

diff --git a/packages/browser/src/__legacy__/clients/main-thread-client.ts b/packages/browser/src/__legacy__/clients/main-thread-client.ts
@@ -406,7 +406,7 @@ export const MainThreadClient = async (
     await _authenticationClient.reInitialize(config);
 
     // Re-initiates check session if the check session endpoint is updated.
-    if (config.enableOIDCSessionManagement && isCheckSessionIframeDifferent) {
+    if (config.syncSession && isCheckSessionIframeDifferent) {
       _sessionManagementHelper.reset();
 
       checkSession();

diff --git a/packages/browser/src/__legacy__/clients/web-worker-client.ts b/packages/browser/src/__legacy__/clients/web-worker-client.ts
@@ -506,7 +506,7 @@ export const WebWorkerClient = async (
             SPAUtils.setSignOutURL(url, config.clientId, instanceID);
 
             // Enable OIDC Sessions Management only if it is set to true in the config.
-            if (config.enableOIDCSessionManagement) {
+            if (config.syncSession) {
               checkSession();
             }
 
@@ -534,7 +534,7 @@ export const WebWorkerClient = async (
       await startAutoRefreshToken();
 
       // Enable OIDC Sessions Management only if it is set to true in the config.
-      if (config.enableOIDCSessionManagement) {
+      if (config.syncSession) {
         checkSession();
       }
 
@@ -829,7 +829,7 @@ export const WebWorkerClient = async (
     await communicate<Partial<AuthClientConfig<WebWorkerClientConfig>>, void>(message);
 
     // Re-initiates check session if the check session endpoint is updated.
-    if (config.enableOIDCSessionManagement && isCheckSessionIframeDifferent) {
+    if (config.syncSession && isCheckSessionIframeDifferent) {
       _sessionManagementHelper.reset();
 
       checkSession();

diff --git a/packages/browser/src/__legacy__/helpers/authentication-helper.ts b/packages/browser/src/__legacy__/helpers/authentication-helper.ts
@@ -480,7 +480,7 @@ export class AuthenticationHelper<T extends MainThreadClientConfig | WebWorkerCl
             }
 
             // Enable OIDC Sessions Management only if it is set to true in the config.
-            if (checkSession && typeof checkSession === 'function' && config.enableOIDCSessionManagement) {
+            if (checkSession && typeof checkSession === 'function' && config.syncSession) {
               checkSession();
             }
           } else {
@@ -606,7 +606,7 @@ export class AuthenticationHelper<T extends MainThreadClientConfig | WebWorkerCl
         this._spaHelper.refreshAccessTokenAutomatically(this);
 
         // Enable OIDC Sessions Management only if it is set to true in the config.
-        if (config.enableOIDCSessionManagement) {
+        if (config.syncSession) {
           checkSession();
         }
 

diff --git a/packages/browser/src/__legacy__/models/client-config.ts b/packages/browser/src/__legacy__/models/client-config.ts
@@ -25,7 +25,7 @@ export interface SPAConfig {
    * @remarks If the consumer app the OP is hosted in different domains,
    * third party cookies has to be enabled for this to work properly.
    */
-  enableOIDCSessionManagement?: boolean;
+  syncSession?: boolean;
   checkSessionInterval?: number;
   sessionRefreshInterval?: number;
   resourceServerURLs?: string[];

diff --git a/packages/javascript/src/models/config.ts b/packages/javascript/src/models/config.ts
@@ -185,6 +185,18 @@ export interface BaseConfig<T = unknown> extends WithPreferences {
    * @see {@link SignUpOptions} for more details.
    */
   signUpOptions?: SignUpOptions;
+
+  /**
+   * Flag to indicate whether the Application session should be synchronized with the IdP session.
+   * @remarks This uses the OIDC iframe base session management feature to keep the application session in sync with the IdP session.
+   * WARNING: This may not work in all browsers due to 3rd party cookie restrictions.
+   * It is recommended to use this feature only if you are aware of the implications and have tested it in your target browsers.
+   * If you are not sure, it is safer to leave this option as `false`.
+   * @example
+   * syncSession: true
+   * @see {@link https://openid.net/specs/openid-connect-session-management-1_0.html#IframeBasedSessionManagement}
+   */
+  syncSession?: boolean;
 }
 
 export interface WithPreferences {

diff --git a/packages/react/src/contexts/Asgardeo/AsgardeoContext.ts b/packages/react/src/contexts/Asgardeo/AsgardeoContext.ts
@@ -17,7 +17,7 @@
  */
 
 import {Context, createContext} from 'react';
-import {HttpRequestConfig, HttpResponse, Organization, SignInOptions} from '@asgardeo/browser';
+import {HttpRequestConfig, HttpResponse, IdToken, Organization, SignInOptions} from '@asgardeo/browser';
 import AsgardeoReactClient from '../../AsgardeoReactClient';
 
 /**
@@ -89,6 +89,14 @@ export type AsgardeoContextProps = {
    * signInOptions: { prompt: "login", fidp: "OrganizationSSO" }
    */
   signInOptions?: SignInOptions;
+  /**
+   * Function to retrieve the decoded ID token.
+   * This function decodes the ID token and returns its payload.
+   * It can be used to access user claims and other information contained in the ID token.
+   *
+   * @returns A promise that resolves to the decoded ID token payload.
+   */
+  getDecodedIdToken?: () => Promise<IdToken>;
 };
 
 /**
@@ -115,6 +123,7 @@ const AsgardeoContext: Context<AsgardeoContextProps | null> = createContext<null
     requestAll: () => null,
   },
   signInOptions: {},
+  getDecodedIdToken: null,
 });
 
 AsgardeoContext.displayName = 'AsgardeoContext';

diff --git a/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx b/packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx
@@ -57,6 +57,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
   organizationHandle,
   applicationId,
   signInOptions,
+  syncSession,
   ...rest
 }: PropsWithChildren<AsgardeoProviderProps>): ReactElement => {
   const reRenderCheckRef: RefObject<boolean> = useRef(false);
@@ -83,6 +84,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
     signUpUrl,
     signInUrl,
     signInOptions,
+    syncSession,
     ...rest,
   });
 
@@ -395,7 +397,9 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
         request: asgardeo.request.bind(asgardeo),
         requestAll: asgardeo.requestAll.bind(asgardeo),
       },
-      signInOptions
+      signInOptions,
+      getDecodedIdToken: asgardeo.getDecodedIdToken.bind(asgardeo),
+      syncSession,
     }),
     [
       applicationId,
@@ -412,7 +416,8 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
       signInSilently,
       user,
       asgardeo,
-      signInOptions
+      signInOptions,
+      syncSession,
     ],
   );