* Trigger a silent request (via refresh token or an iframe) to the authorization endpoint. * * @returns A promise that contains the authenticated `User`.
(args: SigninSilentArgs = {})
| 310 | * @returns A promise that contains the authenticated `User`. |
| 311 | */ |
| 312 | public async signinSilent(args: SigninSilentArgs = {}): Promise<User | null> { |
| 313 | const logger = this._logger.create("signinSilent"); |
| 314 | const { |
| 315 | silentRequestTimeoutInSeconds, |
| 316 | ...requestArgs |
| 317 | } = args; |
| 318 | // first determine if we have a refresh token, or need to use iframe |
| 319 | let user = await this._loadUser(); |
| 320 | // use refresh token unless forceIframeAuth is explicitly true |
| 321 | if (!args.forceIframeAuth && user?.refresh_token) { |
| 322 | logger.debug("using refresh token"); |
| 323 | const state = new RefreshState(user as Required<User>); |
| 324 | return await this._useRefreshToken({ |
| 325 | state, |
| 326 | redirect_uri: requestArgs.redirect_uri, |
| 327 | resource: requestArgs.resource, |
| 328 | extraTokenParams: requestArgs.extraTokenParams, |
| 329 | timeoutInSeconds: silentRequestTimeoutInSeconds, |
| 330 | }); |
| 331 | } |
| 332 | |
| 333 | let dpopJkt: string | undefined; |
| 334 | if (this.settings.dpop?.bind_authorization_code) { |
| 335 | dpopJkt = await this.generateDPoPJkt(this.settings.dpop); |
| 336 | } |
| 337 | |
| 338 | const url = this.settings.silent_redirect_uri; |
| 339 | if (!url) { |
| 340 | logger.throw(new Error("No silent_redirect_uri configured")); |
| 341 | } |
| 342 | |
| 343 | let verifySub: string | undefined; |
| 344 | if (user && this.settings.validateSubOnSilentRenew) { |
| 345 | logger.debug("subject prior to silent renew:", user.profile.sub); |
| 346 | verifySub = user.profile.sub; |
| 347 | } |
| 348 | |
| 349 | const handle = await this._iframeNavigator.prepare({ silentRequestTimeoutInSeconds }); |
| 350 | user = await this._signin({ |
| 351 | request_type: "si:s", |
| 352 | redirect_uri: url, |
| 353 | prompt: "none", |
| 354 | id_token_hint: this.settings.includeIdTokenInSilentRenew ? user?.id_token : undefined, |
| 355 | dpopJkt, |
| 356 | ...requestArgs, |
| 357 | }, handle, verifySub); |
| 358 | if (user) { |
| 359 | if (user.profile?.sub) { |
| 360 | logger.info("success, signed in subject", user.profile.sub); |
| 361 | } |
| 362 | else { |
| 363 | logger.info("no subject"); |
| 364 | } |
| 365 | } |
| 366 | |
| 367 | return user; |
| 368 | } |
| 369 |
no test coverage detected