* Query OP for user's current signin status. * * @returns A promise object with session_state and subject identifier.
(args: QuerySessionStatusArgs = {})
| 456 | * @returns A promise object with session_state and subject identifier. |
| 457 | */ |
| 458 | public async querySessionStatus(args: QuerySessionStatusArgs = {}): Promise<SessionStatus | null> { |
| 459 | const logger = this._logger.create("querySessionStatus"); |
| 460 | const { |
| 461 | silentRequestTimeoutInSeconds, |
| 462 | ...requestArgs |
| 463 | } = args; |
| 464 | const url = this.settings.silent_redirect_uri; |
| 465 | if (!url) { |
| 466 | logger.throw(new Error("No silent_redirect_uri configured")); |
| 467 | } |
| 468 | |
| 469 | const user = await this._loadUser(); |
| 470 | const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds }); |
| 471 | const navResponse = await this._signinStart({ |
| 472 | request_type: "si:s", // this acts like a signin silent |
| 473 | redirect_uri: url, |
| 474 | prompt: "none", |
| 475 | id_token_hint: this.settings.includeIdTokenInSilentRenew ? user?.id_token : undefined, |
| 476 | response_type: this.settings.query_status_response_type, |
| 477 | scope: "openid", |
| 478 | skipUserInfo: true, |
| 479 | ...requestArgs, |
| 480 | }, handle); |
| 481 | try { |
| 482 | const extraHeaders: Record<string, ExtraHeader> = {}; |
| 483 | const signinResponse = await this._client.processSigninResponse(navResponse.url, extraHeaders); |
| 484 | logger.debug("got signin response"); |
| 485 | |
| 486 | if (signinResponse.session_state && signinResponse.profile.sub) { |
| 487 | logger.info("success for subject", signinResponse.profile.sub); |
| 488 | return { |
| 489 | session_state: signinResponse.session_state, |
| 490 | sub: signinResponse.profile.sub, |
| 491 | }; |
| 492 | } |
| 493 | |
| 494 | logger.info("success, user not authenticated"); |
| 495 | return null; |
| 496 | } catch (err) { |
| 497 | if (this.settings.monitorAnonymousSession && err instanceof ErrorResponse) { |
| 498 | switch (err.error) { |
| 499 | case "login_required": |
| 500 | case "consent_required": |
| 501 | case "interaction_required": |
| 502 | case "account_selection_required": |
| 503 | logger.info("success for anonymous user"); |
| 504 | return { |
| 505 | session_state: err.session_state!, |
| 506 | }; |
| 507 | } |
| 508 | } |
| 509 | throw err; |
| 510 | } |
| 511 | } |
| 512 | |
| 513 | protected async _signin(args: CreateSigninRequestArgs, handle: IWindow, verifySub?: string): Promise<User> { |
| 514 | const navResponse = await this._signinStart(args, handle); |
no test coverage detected