feat: replace enableOIDCSessionManagement with syncSession for session management configuration

Author: brionmario

packages/browser/src/__legacy__/client.ts

@@ -53,7 +53,7 @@ import {SPAUtils} from './utils';
 const DefaultConfig: Partial<AuthClientConfig<Config>> = {
   autoLogoutOnTokenRefreshError: false,
   checkSessionInterval: 3,
-  enableOIDCSessionManagement: false,
+  syncSession: false,
   periodicTokenRefresh: false,
   sessionRefreshInterval: 300,
   storage: BrowserStorage.SessionStorage,

packages/browser/src/__legacy__/clients/main-thread-client.ts

@@ -406,7 +406,7 @@ export const MainThreadClient = async (
     await _authenticationClient.reInitialize(config);
 
     // Re-initiates check session if the check session endpoint is updated.
-    if (config.enableOIDCSessionManagement && isCheckSessionIframeDifferent) {
+    if (config.syncSession && isCheckSessionIframeDifferent) {
       _sessionManagementHelper.reset();
 
       checkSession();

packages/browser/src/__legacy__/clients/web-worker-client.ts

@@ -506,7 +506,7 @@ export const WebWorkerClient = async (
             SPAUtils.setSignOutURL(url, config.clientId, instanceID);
 
             // Enable OIDC Sessions Management only if it is set to true in the config.
-            if (config.enableOIDCSessionManagement) {
+            if (config.syncSession) {
               checkSession();
             }
 
@@ -534,7 +534,7 @@ export const WebWorkerClient = async (
       await startAutoRefreshToken();
 
       // Enable OIDC Sessions Management only if it is set to true in the config.
-      if (config.enableOIDCSessionManagement) {
+      if (config.syncSession) {
         checkSession();
       }
 
@@ -829,7 +829,7 @@ export const WebWorkerClient = async (
     await communicate<Partial<AuthClientConfig<WebWorkerClientConfig>>, void>(message);
 
     // Re-initiates check session if the check session endpoint is updated.
-    if (config.enableOIDCSessionManagement && isCheckSessionIframeDifferent) {
+    if (config.syncSession && isCheckSessionIframeDifferent) {
       _sessionManagementHelper.reset();
 
       checkSession();

packages/browser/src/__legacy__/helpers/authentication-helper.ts

@@ -480,7 +480,7 @@ export class AuthenticationHelper<T extends MainThreadClientConfig | WebWorkerCl
             }
 
             // Enable OIDC Sessions Management only if it is set to true in the config.
-            if (checkSession && typeof checkSession === 'function' && config.enableOIDCSessionManagement) {
+            if (checkSession && typeof checkSession === 'function' && config.syncSession) {
               checkSession();
             }
           } else {
@@ -606,7 +606,7 @@ export class AuthenticationHelper<T extends MainThreadClientConfig | WebWorkerCl
         this._spaHelper.refreshAccessTokenAutomatically(this);
 
         // Enable OIDC Sessions Management only if it is set to true in the config.
-        if (config.enableOIDCSessionManagement) {
+        if (config.syncSession) {
           checkSession();
         }
 

packages/browser/src/__legacy__/models/client-config.ts

@@ -25,7 +25,7 @@ export interface SPAConfig {
    * @remarks If the consumer app the OP is hosted in different domains,
    * third party cookies has to be enabled for this to work properly.
    */
-  enableOIDCSessionManagement?: boolean;
+  syncSession?: boolean;
   checkSessionInterval?: number;
   sessionRefreshInterval?: number;
   resourceServerURLs?: string[];

packages/javascript/src/models/config.ts

@@ -185,6 +185,18 @@ export interface BaseConfig<T = unknown> extends WithPreferences {
    * @see {@link SignUpOptions} for more details.
    */
   signUpOptions?: SignUpOptions;
+
+  /**
+   * Flag to indicate whether the Application session should be synchronized with the IdP session.
+   * @remarks This uses the OIDC iframe base session management feature to keep the application session in sync with the IdP session.
+   * WARNING: This may not work in all browsers due to 3rd party cookie restrictions.
+   * It is recommended to use this feature only if you are aware of the implications and have tested it in your target browsers.
+   * If you are not sure, it is safer to leave this option as `false`.
+   * @example
+   * syncSession: true
+   * @see {@link https://openid.net/specs/openid-connect-session-management-1_0.html#IframeBasedSessionManagement}
+   */
+  syncSession?: boolean;
 }
 
 export interface WithPreferences {

packages/react/src/contexts/Asgardeo/AsgardeoProvider.tsx

@@ -57,6 +57,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
   organizationHandle,
   applicationId,
   signInOptions,
+  syncSession,
   ...rest
 }: PropsWithChildren<AsgardeoProviderProps>): ReactElement => {
   const reRenderCheckRef: RefObject<boolean> = useRef(false);
@@ -83,6 +84,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
     signUpUrl,
     signInUrl,
     signInOptions,
+    syncSession,
     ...rest,
   });
 
@@ -397,6 +399,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
       },
       signInOptions,
       getDecodedIdToken: asgardeo.getDecodedIdToken.bind(asgardeo),
+      syncSession,
     }),
     [
       applicationId,
@@ -414,6 +417,7 @@ const AsgardeoProvider: FC<PropsWithChildren<AsgardeoProviderProps>> = ({
       user,
       asgardeo,
       signInOptions,
+      syncSession,
     ],
   );