Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Removal of implicit flow goes too far, also removes loading of user info

See original GitHub issue

https://github.com/authts/oidc-client-ts/issues/152 removes implicit flow, thats fine and all, but the same PR also removes loading of user info, resulting in the User.profile field to be always empty.

Similarly, the same PR also removes includeIdTokenInSilentRenew which imo also should be brought back as it is useful and not related to implicit flow. I also cannot se a way to get the ID token raw value (only access_token and refresh_token).

Issue Analytics

State:
Created 2 years ago
Comments:5 (5 by maintainers)

Top GitHub Comments

1reaction

longsleepcommented, Nov 2, 2021

i have reverted the id_token, can you please review the merge request? I really wished you would have seen all that before the removal 😃

With #171 and #172 I seem to have an existing app completely working fine with oidc-client-ts.

Not sure what the expected size changes are, but i can share these:

  132.23 KB (-68.42 KB)  build/static/js/34.ab17a56f.chunk.js
  28.31 KB (+19.29 KB)   build/static/js/main.92169897.chunk.js

So almost 50 KB less with an otherwise almost drop-in replacement is pretty nice 👍

1reaction

longsleepcommented, Oct 28, 2021

but user?.id_token is part of the removed implicit flow…

Any flow can result in an id_token being returned. With code flow the ID token is returned from the token endpoint.

A client gets an ID token whenever the scope contains openid and thus can also use it for any other the other endpoints where an ID token or the information from it is useful to further limit/restrict operation.