Open Alykod opened 1 year ago
guillaume-chervet
commented
1 year ago Hi @Alykod , that a good question. I am using silent signin for doing this, but it work well on all browsers only if oidc server are on the same domain than your app.
For just a session cookie check, i have to search how to do that.
guillaume-chervet
commented
1 year ago Hi have already implemented check session for single logout. It it possible to use that but it require oidc server and app on thz same domain to work well because of the new cookie restriction : https://connect2id.com/products/server/docs/api/check-session
Alykod
commented
1 year ago Hi. Thank you for responding so quickly. The identity server is in fact on the same domain. So I need to create a check session function similar to the one used for single logout ?
guillaume-chervet
commented
1 year ago The simplest is to perform a silentlogin like you can do in the demo on multi page when your are login from first page : https://black-rock-0dc6b0d03.1.azurestaticapps.net/
Issue and Steps to Reproduce
Event for validating that the auth session is still active.
If i open 2 tabs, and Identity cookies while listening to the events, then I refresh, I see the "tryKeepExistingSessionAsync_end" with a message "tokens inside storage are valid"
Is there a way to actually validate that the identity server session is still active, or a function that returns current auth status
Current config
{ authority: process.env.REACT_APP_IDENTITY_SERVER_URL, client_id: process.env.REACT_APP_IDENTITY_CLIENT_ID, redirect_uri:
${window.location.origin}/authentication/callback, scope:${process.env.REACT_APP_IDENTITY_SERVER_SCOPES}, monitor_session: true, silent_redirect_uri:${window.location.origin}/callback, silent_login_uri:${window.location.origin}/authentication/silent} (Dont mind the uris, I am testing things around).Additional Details
I have multiple applications that depend on the same identity session, and they have different client ids and scopes. I would like to be able to track when the identity session is no longer valid, or is gone, so i can reinitialize the auth flow, or take appropriate measures.