feat(oidc-client): add oidc session check with response type of id_token and none

.changeset/brave-foxes-dance.md

@@ -0,0 +1,6 @@
+---
+'@forgerock/iframe-manager': minor
+'@forgerock/oidc-client': minor
+---
+
+Add `session.check()` method to oidc client for OIDC prompt=none session verification, with `response_type=none` and `response_type=id_token` support.

e2e/oidc-app/src/ping-am/index.html

@@ -21,6 +21,8 @@ <h1>OIDC App | PingAM Login</h1>
       <button id="logout">Logout</button>
       <button id="user-info-btn">User Info</button>
       <button id="revoke">Revoke Token</button>
+      <button id="session-check-btn">Session Check (none)</button>
+      <button id="session-check-id-token-btn">Session Check (id_token)</button>
       <a href="/ping-am/">Start Over</a>
     </div>
     <script type="module" src="./main.ts"></script>

e2e/oidc-app/src/ping-one/index.html

@@ -21,6 +21,8 @@ <h1>OIDC App | P1 Login</h1>
       <button id="logout">Logout</button>
       <button id="user-info-btn">User Info</button>
       <button id="revoke">Revoke Token</button>
+      <button id="session-check-btn">Session Check (none)</button>
+      <button id="session-check-id-token-btn">Session Check (id_token)</button>
       <a href="/ping-one/">Start Over</a>
     </div>
     <script type="module" src="./main.ts"></script>

e2e/oidc-app/src/utils/oidc-app.ts

@@ -10,15 +10,16 @@ import { oidc } from '@forgerock/oidc-client';
 import type {
   AuthorizationError,
   GenericError,
-  GetAuthorizationUrlOptions,
   OauthTokens,
   OidcClient,
+  OidcConfig,
+  SessionCheckOptions,
   TokenExchangeErrorResponse,
 } from '@forgerock/oidc-client/types';
 
 let tokenIndex = 0;
 
-function displayError(error) {
+function displayError(error: unknown) {
   const errorEl = document.createElement('div');
   errorEl.innerHTML = `<p><strong>Error:</strong> <span class="error">${JSON.stringify(error, null, 2)}</span></p>`;
   document.body.appendChild(errorEl);
@@ -27,25 +28,44 @@ function displayError(error) {
 function displayTokenResponse(
   response: OauthTokens | TokenExchangeErrorResponse | GenericError | AuthorizationError,
 ) {
-  const appEl = document.getElementById('app');
   if ('error' in response || !('accessToken' in response)) {
     console.error('Token Error:', response);
     displayError(response);
   } else {
     console.log('Token Response:', response);
-    document.getElementById('logout').style.display = 'block';
-    document.getElementById('user-info-btn').style.display = 'block';
-    document.getElementById('login-background').style.display = 'none';
-    document.getElementById('login-redirect').style.display = 'none';
+    const appEl = document.getElementById('app');
+    const logoutEl = document.getElementById('logout');
+    const userInfoBtnEl = document.getElementById('user-info-btn');
+    const loginBackgroundEl = document.getElementById('login-background');
+    const loginRedirectEl = document.getElementById('login-redirect');
+
+    if (logoutEl) {
+      logoutEl.style.display = 'block';
+    }
+    if (userInfoBtnEl) {
+      userInfoBtnEl.style.display = 'block';
+    }
+    if (loginBackgroundEl) {
+      loginBackgroundEl.style.display = 'none';
+    }
+    if (loginRedirectEl) {
+      loginRedirectEl.style.display = 'none';
+    }
 
     const tokenInfoEl = document.createElement('div');
     tokenInfoEl.innerHTML = `<p><strong>Access Token:</strong> <span id="accessToken-${tokenIndex}">${response.accessToken}</span></p>`;
-    appEl.appendChild(tokenInfoEl);
+    appEl?.appendChild(tokenInfoEl);
     tokenIndex++;
   }
 }
 
-export async function oidcApp({ config, urlParams }) {
+export async function oidcApp({
+  config,
+  urlParams,
+}: {
+  config: OidcConfig;
+  urlParams: URLSearchParams;
+}) {
   const code = urlParams.get('code');
   const state = urlParams.get('state');
   const piflow = urlParams.get('piflow');
@@ -56,20 +76,23 @@ export async function oidcApp({ config, urlParams }) {
   });
   if ('error' in oidcClient) {
     displayError(oidcClient);
+    return;
   }
 
-  document.getElementById('login-background').addEventListener('click', async () => {
-    const authorizeOptions: GetAuthorizationUrlOptions =
+  document.getElementById('login-background')?.addEventListener('click', async () => {
+    const authorizeOptions =
       piflow === 'true'
         ? {
             clientId: config.clientId,
             redirectUri: config.redirectUri,
             scope: config.scope,
             responseType: config.responseType ?? 'code',
-            responseMode: 'pi.flow',
+            responseMode: 'pi.flow' as const,
           }
         : undefined;
-    const response = await oidcClient.authorize.background(authorizeOptions);
+    const response = await oidcClient.authorize?.background(authorizeOptions);
+
+    if (!response) return;
 
     if ('error' in response) {
       console.error('Authorization Error:', response);
@@ -85,13 +108,16 @@ export async function oidcApp({ config, urlParams }) {
       // Handle success response from background authorization
     } else if ('code' in response) {
       console.log('Authorization Code:', response.code);
-      const tokenResponse = await oidcClient.token.exchange(response.code, response.state);
-      displayTokenResponse(tokenResponse);
+      const tokenResponse = await oidcClient.token?.exchange(response.code, response.state);
+      if (tokenResponse) {
+        displayTokenResponse(tokenResponse);
+      }
     }
   });
 
-  document.getElementById('login-redirect').addEventListener('click', async () => {
-    const authorizeUrl = await oidcClient.authorize.url();
+  document.getElementById('login-redirect')?.addEventListener('click', async () => {
+    const authorizeUrl = await oidcClient.authorize?.url();
+    if (!authorizeUrl) return;
     if (typeof authorizeUrl !== 'string' && 'error' in authorizeUrl) {
       console.error('Authorization URL Error:', authorizeUrl);
       displayError(authorizeUrl);
@@ -102,23 +128,31 @@ export async function oidcApp({ config, urlParams }) {
     }
   });
 
-  document.getElementById('get-tokens').addEventListener('click', async () => {
-    const response = await oidcClient.token.get();
-    displayTokenResponse(response);
+  document.getElementById('get-tokens')?.addEventListener('click', async () => {
+    const response = await oidcClient.token?.get();
+    if (response) {
+      displayTokenResponse(response);
+    }
   });
 
-  document.getElementById('get-tokens-background').addEventListener('click', async () => {
-    const response = await oidcClient.token.get({ backgroundRenew: true });
-    displayTokenResponse(response);
+  document.getElementById('get-tokens-background')?.addEventListener('click', async () => {
+    const response = await oidcClient.token?.get({ backgroundRenew: true });
+    if (response) {
+      displayTokenResponse(response);
+    }
   });
 
-  document.getElementById('renew-tokens').addEventListener('click', async () => {
-    const response = await oidcClient.token.get({ backgroundRenew: true, forceRenew: true });
-    displayTokenResponse(response);
+  document.getElementById('renew-tokens')?.addEventListener('click', async () => {
+    const response = await oidcClient.token?.get({ backgroundRenew: true, forceRenew: true });
+    if (response) {
+      displayTokenResponse(response);
+    }
   });
 
-  document.getElementById('user-info-btn').addEventListener('click', async () => {
-    const userInfo = await oidcClient.user.info();
+  document.getElementById('user-info-btn')?.addEventListener('click', async () => {
+    const userInfo = await oidcClient.user?.info();
+
+    if (!userInfo) return;
 
     if ('error' in userInfo) {
       console.error('User Info Error:', userInfo);
@@ -129,42 +163,78 @@ export async function oidcApp({ config, urlParams }) {
       const appEl = document.getElementById('app');
       const userInfoEl = document.createElement('div');
       userInfoEl.innerHTML = `<p><strong>User Info:</strong> <span id="userInfo">${JSON.stringify(userInfo, null, 2)}</span></p>`;
-      appEl.appendChild(userInfoEl);
+      appEl?.appendChild(userInfoEl);
     }
   });
 
-  document.getElementById('revoke').addEventListener('click', async () => {
-    const response = await oidcClient.token.revoke();
+  document.getElementById('revoke')?.addEventListener('click', async () => {
+    const response = await oidcClient.token?.revoke();
+
+    if (!response) return;
 
     if ('error' in response) {
       console.error('Token Revocation Error:', response);
       displayError(response);
     } else {
       const appEl = document.getElementById('app');
-      const userInfoEl = document.createElement('div');
-      userInfoEl.innerHTML = `<p>Token successfully revoked</p>`;
-      appEl.appendChild(userInfoEl);
+      const revokeEl = document.createElement('div');
+      revokeEl.innerHTML = `<p>Token successfully revoked</p>`;
+      appEl?.appendChild(revokeEl);
     }
   });
 
-  document.getElementById('logout').addEventListener('click', async () => {
-    const response = await oidcClient.user.logout();
+  document.getElementById('logout')?.addEventListener('click', async () => {
+    const response = await oidcClient.user?.logout();
+
+    if (!response) return;
 
     if ('error' in response) {
       console.error('Logout Error:', response);
       displayError(response);
     } else {
       console.log('Logout successful');
-      document.getElementById('logout').style.display = 'none';
-      document.getElementById('user-info-btn').style.display = 'none';
-      document.getElementById('login-background').style.display = 'block';
-      document.getElementById('login-redirect').style.display = 'block';
+      const logoutEl = document.getElementById('logout');
+      const userInfoBtnEl = document.getElementById('user-info-btn');
+      const loginBackgroundEl = document.getElementById('login-background');
+      const loginRedirectEl = document.getElementById('login-redirect');
+
+      if (logoutEl) {
+        logoutEl.style.display = 'none';
+      }
+      if (userInfoBtnEl) {
+        userInfoBtnEl.style.display = 'none';
+      }
+      if (loginBackgroundEl) {
+        loginBackgroundEl.style.display = 'block';
+      }
+      if (loginRedirectEl) {
+        loginRedirectEl.style.display = 'block';
+      }
       window.location.assign(window.location.origin + window.location.pathname);
     }
   });
 
+  document.getElementById('session-check-btn')?.addEventListener('click', async () => {
+    const result = await oidcClient.session?.check();
+    const appEl = document.getElementById('app');
+    const el = document.createElement('div');
+    el.innerHTML = `<p><strong>Session Check (none):</strong></p><pre id="session-check-result">${JSON.stringify(result, null, 2)}</pre>`;
+    appEl?.appendChild(el);
+  });
+
+  document.getElementById('session-check-id-token-btn')?.addEventListener('click', async () => {
+    const options: SessionCheckOptions = { responseType: 'id_token' };
+    const result = await oidcClient.session?.check(options);
+    const appEl = document.getElementById('app');
+    const el = document.createElement('div');
+    el.innerHTML = `<p><strong>Session Check (id_token):</strong></p><pre id="session-check-id-token-result">${JSON.stringify(result, null, 2)}</pre>`;
+    appEl?.appendChild(el);
+  });
+
   if (code && state) {
-    const response = await oidcClient.token.exchange(code, state);
-    displayTokenResponse(response);
+    const response = await oidcClient.token?.exchange(code, state);
+    if (response) {
+      displayTokenResponse(response);
+    }
   }
 }