Missing slim bundle documentation

[raeffs]

Hi

Is there some documentation about the "slim" and "rsa256.slim" bundles?

I was not able to find any information on the purpose of those bundles or when and how they can be used.

[rassie]

Let's try to ping @ivantm and @brockallen to clarify this, but I'm afraid both rs256 and slim variants (including their combination) are only compiled to be used in UMD situation, i.e. by using those bundles directly. A solution for people using oidc-client as a library with ES6 imports seems to be missing at this time.

[ivantm]

A solution for people using oidc-client as a library with ES6 imports seems to be missing at this time.

While there isn't a simple clean solution, it's possible to do this currently at the build-tool level. I use Rollup but you could do something similar with Webpack too.

import alias from 'rollup-plugin-alias';

// ... and then in the rollup plugins array:
alias({
  './JoseUtil.js': __dirname + '/node_modules/oidc-client/src/JoseUtilRsa.js', // Use slim RSA-only build
  'oidc-client': __dirname + '/node_modules/oidc-client/index.js', // overrides the current main entry in package.json
}

A better future-facing option would be to have a separate entry point for the RSA-only version for people to import.

Do you have an ideal approach in mind that would work for you?

Re: documentation, I'll try write something up when I get some time.

[rassie]

I'm not sure I'd be able to propose an ideal approach, but basically I would like to be able to either keep my import { UserManager, WebStorageStateStore } from 'oidc-client'; or change it to something like import { UserManager, WebStorageStateStore } from 'oidc-client/slim';. I've spent a couple of hours today, trying to whip something up for Webpack using NormalModuleReplacementPlugin, but without much luck. Maybe resolve is more akin to your proposed workaround. I might find a bit of time for that early next week.

[raeffs]

I came to the conclusion that this library isn't well suited for my use cases (and I have the impression that maintenance haltet - just my impression based on looking at the open issues). I used it for a large Angular application. But there are many other options available, for example angular-oauth2-oidc or microsoft-authentication-library-for-js.

For Angular applications I recommend angular-oauth2-oidc, especially if you don't need the implicit flow and instead use the code flow. In that case you can use the library without the need for jsrasign, which results in smaller bundle sizes. Also it does not require the library to be loaded in the silent signin callback pages.

These were two reasons I started to wonder what the slim bundle is about.