Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Notification that checking session is initialized #686

Closed
valdian opened this issue Apr 27, 2020 · 8 comments
Closed

Notification that checking session is initialized #686

valdian opened this issue Apr 27, 2020 · 8 comments
Labels
investigate

Comments

@valdian
Copy link
Contributor

valdian commented Apr 27, 2020
edited

When my Angular app starts and there are valid tokens in the local storage, the app needs to know, whether the user from the token is still logged in to the identity provider (IdentityServer in my case) or not. And it needs to know it before it displays any content to the user. I am using session management. So in other words, the app needs to wait for the first message from the check session iframe and see whether its value "changed" or "unchanged".

To be able to do this, I need to listen to messages from the iframe in my code, but I think this notification could be provided by the library. OidcSecurityService could have a property onCheckSessionSetup(): Observable<boolean>, which would emit true after the first message is received from the iframe. After it emits true, I could just check the value of the checkSessionChanged property of OidcSecurityService.

What do you think about it? If you think, that it could be useful also for other developers, I can implement it and create a pull request. Or is there any other way how I could handle the situation described above?
@valdian valdian changed the title Notification that checking session was initialized Notification that checking session is initialized Apr 27, 2020
@damienbod
Copy link
Owner

@valdian thanks. I think we have this covered in the soon to be released version 11. @FabianGosebrink we have this added to the event service, right?

Here's the branch with the latest changes:

https://github.com/damienbod/angular-auth-oidc-client/tree/dev-version-11

or the master issue with the progress.

#609

Greetings Damien

@FabianGosebrink
Copy link
Collaborator

FabianGosebrink commented Apr 27, 2020
edited

I am not sure I understand the requirement 100% correctly, but we have implemented a publicEventService which throws an event CheckSessionChanged with 'changed' if this got back from the checkSession. With release 11 you can register like this

import { PublicEventsService } from 'angular-auth-oidc-client';

 constructor(private eventService: PublicEventsService) {
        this.eventService
            .registerForEvents()
            .pipe(filter((notification) => notification.type === EventTypes.CheckSessionChanged))
            .subscribe((value) => console.log('CheckSessionChanged with value ', value));
    }

HTH

Fabian

@jorisbrauns
Copy link

Maybe a stupid question but how do we know when a release will be made or is ready..

@FabianGosebrink
Copy link
Collaborator

The question is not stupid at all. We are planning a release in the upcoming days. We are using the corona time a bit :) But we want it to be a little battle tested. Do you want to be an early tester? We might come back to you then...

@valdian
Copy link
Contributor Author

valdian commented Apr 27, 2020
edited

Thanks for your answers, I will try to describe more, what I am talking about.

We have multiple Angular apps which use our Identity Server as an identity provider. We implemented single sign out and it works. When a user has App A in one browser tab and App B in another tab and he logs out in App A, then in app B, he is redirected to a "Session expired" page and the user data are removed from the browser.

But also this situation can occur:
User 1 (who is logged in neither in App A nor in App B) logs in to App A.
He goes to App B and he gets a new token from the identity provider.
He logs out from App B and logs in as User 2.
He goes to App A (which still has a valid token for User 1), the app displays some content for User 1, then after a few seconds onCheckSessionChanged emits a value true and he is redirected to the "Session expired" page.

I implemented this to prevent this situation:
After the user is authenticated, the app waits for the first message from the check session iframe. If the message is 'unchanged', it displays the content to the user. If the message is 'changed', it does the login.

But as I said, I need to listen to the messages from the check session iframe in my code, since this library does not give me any confirmation, that the user is unchanged. My idea was, that the library could give such information.

@FabianGosebrink I checked the code of CheckSessionService in dev-version-11 branch. The event you mentioned is thrown only when the message is 'changed', so it does not help me. If it was thrown also for the message 'unchanged', it would be what I need.

Or should we handle this problem differently? I will be thankful for any ideas.

This was referenced Apr 28, 2020
Closed
Merged
@damienbod
Copy link
Owner

We add this

@FabianGosebrink
Copy link
Collaborator

FabianGosebrink commented Apr 28, 2020
edited

Hey @valdian , we just merged a PR #692 to provide the appropriate event.

In version 11 you can do

this.eventService
  .registerForEvents()
  .pipe(filter((notification) => notification.type === EventTypes.CheckSessionReceived))
  .subscribe((value) => console.log('CheckSessionReceived with value from app', value));

@valdian
Copy link
Contributor Author

valdian commented Apr 29, 2020

Thanks!

@valdian valdian mentioned this issue May 20, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
investigate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jorisbrauns @damienbod @FabianGosebrink @valdian