[pull] main from AxaFrance:main #1
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…me time (#1300) (release)
* feat(oidc): dpop inside serviceworker * test * update * update * update * update
* Update OidcServiceWorker.ts (alpha) * Update OidcServiceWorker.ts * Update OidcServiceWorker.ts
* fix(oidc-service-worker): stream already consumed * fix
…release) * fix: prevent infinite loop on renew token flow * feat: refatoring background tries and removing GIVE_UP --------- Co-authored-by: Matheus Tavares Frigo <matheus_frigo@sicredi.com.br>
…nd well-known configuration (release) (#1592) * fix: add persistent storage caching for userInfo to prevent loss on page refresh Fixes #898 Problem: - UserInfo was only cached in memory (oidc.userInfo) - Lost on page refresh, causing unnecessary /userinfo network requests - Performance issue for users with configured storage Solution: - Add storage check before network fetch using existing storage configuration - Store userInfo result after successful fetch for persistence across refreshes - Follows same security pattern as existing token storage - Respects noCache parameter to bypass both memory and storage cache Implementation: - Only 4 lines added to userInfoAsync function - Uses oidc.configuration.storage (same as tokens) - Storage key: oidc.{configurationName}.userInfo - Graceful fallback when storage not configured Security: - UserInfo is less sensitive than tokens (already stored in same location) - Uses optional chaining for safe access - Maintains all existing security controls Benefits: - Eliminates unnecessary userinfo network requests on page refresh - Improves performance for users with storage configuration - Zero breaking changes, backward compatible - Reuses existing infrastructure * fix: implement consistent storage caching for userInfo and well-known configuration Fixes #898 Problems: 1. UserInfo lost on page refresh causing unnecessary /userinfo network requests 2. Well-known configuration cache hardcoded to sessionStorage, ignoring user storage preferences Root Causes: - UserInfo only cached in memory (oidc.userInfo), lost on refresh - Well-known cache always used sessionStorage instead of configuration.storage - Inconsistent storage behavior across different cached data types Solutions: 1. UserInfo Persistent Caching: - Add storage check before network fetch using existing storage configuration - Store userInfo result after successful fetch for persistence across refreshes - Use same storage key pattern: oidc.{configurationName}.userInfo 2. Well-Known Cache Storage Consistency: - Respect user's configuration.storage instead of hardcoded sessionStorage - Maintain backward compatibility with fallback to sessionStorage Implementation: - Only 5 lines of code added across 2 files - Uses oidc.configuration.storage (same as tokens) - Graceful fallback when storage not configured - Respects noCache parameter to bypass both memory and storage cache Security: - UserInfo is less sensitive than tokens (already stored in same location) - Uses optional chaining for safe access - Maintains all existing security controls Benefits: - Eliminates unnecessary userinfo and well-known network requests on page refresh - Consistent storage behavior across all cached data (tokens, userInfo, well-known) - Improves performance for users with persistent storage configuration - Zero breaking changes, backward compatible - Reuses existing infrastructure
* fix(oidc-client): renew token silent login
…1603) When using localStorage as the session storage, the userInfo stays present even after logging out. Due to this and with the recent addition of caching, invalid data gets eventually loaded from the localStorage (as there is no validation on load) and will display wrong information in some cases (e.g. user has switched account on the IdP).
…ect_uri (#1606) (release) Co-authored-by: Jean-Marc Rakotoarisoa <jeanmarc.rakotoarisoa@axa.fr>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot] (v2.0.0-alpha.4)
Can you help keep this open source service alive? 💖 Please sponsor : )