Merge pull request #1247 from bachratyg/main

fix: UserSessionChanged should be raised regardless of sid claim. Sid is not part of the session management spec.
authts · Nov 16, 2023 · 7e22407 · 7e22407
2 parents 3a2ccf2 + 630a680
commit 7e22407
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 21 deletions.
diff --git a/docs/oidc-client-ts.api.md b/docs/oidc-client-ts.api.md
@@ -601,7 +601,6 @@ export class SessionMonitor {
         session_state: string;
         profile: {
             sub: string;
-            sid: string;
         } | null;
     }) => Promise<void>;
     // (undocumented)
@@ -611,7 +610,6 @@ export class SessionMonitor {
 // @public (undocumented)
 export interface SessionStatus {
     session_state: string;
-    sid?: string;
     sub?: string;
 }
 

diff --git a/src/SessionMonitor.ts b/src/SessionMonitor.ts
@@ -13,7 +13,6 @@ export class SessionMonitor {
     private readonly _logger = new Logger("SessionMonitor");
 
     private _sub: string | undefined;
-    private _sid: string | undefined;
     private _checkSessionIFrame?: CheckSessionIFrame;
 
     public constructor(private readonly _userManager: UserManager) {
@@ -43,9 +42,8 @@ export class SessionMonitor {
             if (session) {
                 const tmpUser = {
                     session_state: session.session_state,
-                    profile: session.sub && session.sid ? {
+                    profile: session.sub ? {
                         sub: session.sub,
-                        sid: session.sid,
                     } : null,
                 };
                 void this._start(tmpUser);
@@ -56,7 +54,7 @@ export class SessionMonitor {
     protected _start = async (
         user: User | {
             session_state: string;
-            profile: { sub: string; sid: string } | null;
+            profile: { sub: string } | null;
         },
     ): Promise<void> => {
         const session_state = user.session_state;
@@ -67,12 +65,10 @@ export class SessionMonitor {
 
         if (user.profile) {
             this._sub = user.profile.sub;
-            this._sid = user.profile.sid;
             logger.debug("session_state", session_state, ", sub", this._sub);
         }
         else {
             this._sub = undefined;
-            this._sid = undefined;
             logger.debug("session_state", session_state, ", anonymous user");
         }
 
@@ -108,7 +104,6 @@ export class SessionMonitor {
     protected _stop = (): void => {
         const logger = this._logger.create("_stop");
         this._sub = undefined;
-        this._sid = undefined;
 
         if (this._checkSessionIFrame) {
             this._checkSessionIFrame.stop();
@@ -126,9 +121,8 @@ export class SessionMonitor {
                     if (session) {
                         const tmpUser = {
                             session_state: session.session_state,
-                            profile: session.sub && session.sid ? {
+                            profile: session.sub ? {
                                 sub: session.sub,
-                                sid: session.sid,
                             } : null,
                         };
                         void this._start(tmpUser);
@@ -153,13 +147,8 @@ export class SessionMonitor {
                     raiseEvent = false;
                     this._checkSessionIFrame.start(session.session_state);
 
-                    if (session.sid === this._sid) {
-                        logger.debug("same sub still logged in at OP, restarting check session iframe; session_state", session.session_state);
-                    }
-                    else {
-                        logger.debug("same sub still logged in at OP, session state has changed, restarting check session iframe; session_state", session.session_state);
-                        this._userManager.events._raiseUserSessionChanged();
-                    }
+                    logger.debug("same sub still logged in at OP, session state has changed, restarting check session iframe; session_state", session.session_state);
+                    this._userManager.events._raiseUserSessionChanged();
                 }
                 else {
                     logger.debug("different subject signed into OP", session.sub);

diff --git a/src/SessionStatus.ts b/src/SessionStatus.ts
@@ -9,6 +9,4 @@ export interface SessionStatus {
     session_state: string;
     /** Subject identifier */
     sub?: string;
-    /** Session ID */
-    sid?: string;
 }
diff --git a/src/UserManager.ts b/src/UserManager.ts
@@ -388,7 +388,6 @@ export class UserManager {
                 return {
                     session_state: signinResponse.session_state,
                     sub: signinResponse.profile.sub,
-                    sid: signinResponse.profile.sid,
                 };
             }