search

AxaFrance / oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).
MIT License
571 stars 152 forks source link

Cleanup missing : Toggling between service worker & non-service worker #1299

Closed pgangwani closed 4 months ago

pgangwani commented 4 months ago

Issue and Steps to Reproduce

Issues

  1. Whenever we switch from non-service worker to service worker for a production app in same configurationName, we should cleanup storage like storage.remove(oidc.${configurationName})
  2. On similar line if one switch from service worker to non-serviceworker , we should deregister the service worker with immediate effect and Let the storage be used for storing any token payloads etc

Versions

any verison in 7.x.x

Screenshots

Screenshot 2024-02-15 at 11 20 38 PM Screenshot 2024-02-15 at 11 20 18 PM

Expected

Cleanup / Deregistration should happen if we switch between most secured of service worker and non service worker.

Actual

Either getting service worker not registering even after turning off the approch or getting storage having token payload forever. Sometime it gets stuck with Loading screen for users.

Additional Details

We need to implement turn off & on for service worker approach

pgangwani commented 4 months ago

@guillaume-chervet PLease review this issue. Please let me know if any further details required .

guillaume-chervet commented 4 months ago

hi @pgangwani ,

I'am currious, why do you offer a way to the user to register/unregister service worker? What is your application need?

How to your actually unregistrer service worker ?

pgangwani commented 4 months ago

hi @pgangwani ,

I'am currious, why do you offer a way to the user to register/unregister service worker? What is your application need?

How to your actually unregistrer service worker ?

What I meant is we shouldnt give user register/unregister capability but should be done by the library itself. Couple of scenerios: A)

  1. Use non service worker approach and deploy
  2. Notice the storage which holds all the tokens
  3. Now, in the same server we enable service worker by build and deploy
  4. Goto storage, tokens still exist.
  5. This is clean up scnerio 1

B)

  1. Use service worker approach and deploy
  2. Notice that service woerk is registered on / root of the site
  3. Now, disable service worker approach by building the config, keep configurationName everything same and deploy
  4. Service worker has not unregistered even though we are not using service worker approach
  5. This is cleanup scnerios 2
pgangwani commented 4 months ago

@guillaume-chervet did you get chance to look at above response? is PR #1081 related ? I can contribute.

guillaume-chervet commented 4 months ago

hi @pgangwani , I think, I can document (may be you can help? :p) this part more with sample of code, but i think it does not need to be inside the library for many reason : it is dev only feature, it will facilitate life for potential hacker.

pgangwani commented 4 months ago

Closing based on as designed