Oidc provider uses storage type also for oidc client configuration

core/src/navigation/services/navigation.js

@@ -205,11 +205,7 @@ class NavigationClass {
           this.buildVirtualTree(node, nodeNamesInCurrentPath, pathParams);
 
           // STANDARD PROCEDURE
-          let children = await this.getChildren(
-            node,
-            newContext,
-            nodeNamesInCurrentPath
-          );
+          let children = await this.getChildren(node, newContext);
           const newNodeNamesInCurrentPath = nodeNamesInCurrentPath.slice(1);
           result = this.buildNode(
             newNodeNamesInCurrentPath,

core/src/services/auth-layer.js

@@ -128,13 +128,13 @@ class AuthLayerSvcClass {
     );
 
     if (hasAuthSuccessFulFn && AuthStoreSvc.isNewlyAuthorized()) {
-      AuthStoreSvc.removeNewlyAuthorized();
       await LuigiAuth.handleAuthEvent(
         'onAuthSuccessful',
         idpProviderSettings,
         authData
       );
     }
+    AuthStoreSvc.removeNewlyAuthorized();
 
     if (
       GenericHelpers.isFunction(

core/webpack-ie11.config.js

@@ -1,7 +1,6 @@
 const path = require('path');
 const MiniCssExtractPlugin = require('mini-css-extract-plugin');
 const CleanWebpackPlugin = require('clean-webpack-plugin');
-const commonPlugins = require('./webpack-common-plugins');
 const commonRules = require('./webpack-common-rules');
 const exec = require('child_process').exec;
 const fundamentalStyles = require('./fundamentalStyleClasses');

core/webpack.config.js

@@ -4,7 +4,6 @@ const CleanWebpackPlugin = require('clean-webpack-plugin');
 const BundleAnalyzerPlugin = require('webpack-bundle-analyzer')
   .BundleAnalyzerPlugin;
 const commonRules = require('./webpack-common-rules');
-const commonPlugins = require('./webpack-common-plugins');
 const exec = require('child_process').exec;
 const fundamentalStyles = require('./fundamentalStyleClasses');
 

plugins/auth/public/auth-oidc/.gitignore

@@ -0,0 +1,2 @@
+# vendor
+oidc-client.min.js

plugins/auth/public/auth-oidc/silent-callback.html

@@ -1,4 +1,4 @@
-<script src="/assets/auth-oidc/plugin.js"></script>
+<script src="/assets/auth-oidc/oidc-client.min.js"></script>
 <script>
   var mgr = new Oidc.UserManager();
   mgr.signinSilentCallback().catch(error => {

plugins/auth/src/auth-oidc/index.js

@@ -1,4 +1,8 @@
-import Oidc from 'oidc-client';
+import {
+  UserManager,
+  WebStorageStateStore,
+  InMemoryWebStorage
+} from 'oidc-client';
 import { Helpers } from '../helpers';
 import { thirdPartyCookiesStatus } from '../third-party-cookies-check';
 export default class openIdConnect {
@@ -16,16 +20,35 @@ export default class openIdConnect {
       silent_redirect_uri:
         window.location.origin + '/assets/auth-oidc/silent-callback.html'
     };
+
     const mergedSettings = Helpers.deepMerge(defaultSettings, settings);
 
     // Prepend current url to redirect_uri, if it is a relative path
     ['redirect_uri', 'post_logout_redirect_uri'].forEach(key => {
       mergedSettings[key] = Helpers.prependOrigin(mergedSettings[key]);
     });
 
+    // set storage type
+    const storageType = Luigi.getConfigValue('auth.storage');
+    const isValidStore = ['none', 'sessionStorage', 'localStorage'].includes(
+      storageType
+    );
+    if (isValidStore && storageType == 'none') {
+      mergedSettings.userStore = new WebStorageStateStore({
+        store: new InMemoryWebStorage()
+      });
+      mergedSettings.stateStore = new WebStorageStateStore({
+        store: new InMemoryWebStorage()
+      });
+    } else if (isValidStore) {
+      mergedSettings.stateStore = new WebStorageStateStore({
+        store: window[storageType]
+      });
+    } // else fall back to OIDC default
+
     this.settings = mergedSettings;
 
-    this.client = new Oidc.UserManager(this.settings);
+    this.client = new UserManager(this.settings);
 
     this.client.events.addUserLoaded(async payload => {
       let profile = payload.profile;
@@ -168,9 +191,8 @@ export default class openIdConnect {
         return resolve(true);
       }
 
-      this.client
-        .signinRedirectCallback()
-        .then(authenticatedUser => {
+      this.tryToSignIn()
+        .then((authenticatedUser = {}) => {
           if (authenticatedUser.error) {
             return console.error(
               'Error',
@@ -211,4 +233,22 @@ export default class openIdConnect {
         });
     });
   }
+
+  async tryToSignIn() {
+    try {
+      // If the user was just redirected here from the sign in page, sign them in.
+      await this.client.signinRedirectCallback();
+      console.debug('User was redirected via the sign-in page. Now signed in.');
+    } catch (error) {
+      console.debug(
+        "Sign-in redirect callback doesn't work. Let's try a silent sign-in.",
+        error
+      );
+      // Barring that, if the user chose to have the Identity Server remember their
+      // credentials and permission decisions, we may be able to silently sign them
+      // back in via a background iframe.
+      await this.client.signinSilent();
+      console.debug('Silent sign-in completed.');
+    }
+  }
 }

plugins/auth/src/auth-oidc/webpack-extra.config.js

@@ -0,0 +1,18 @@
+const CopyWebpackPlugin = require('copy-webpack-plugin');
+
+const pluginRoot = __dirname + '/../../../';
+module.exports = {
+  plugins: [
+    new CopyWebpackPlugin(
+      [
+        {
+          from: pluginRoot + 'node_modules/oidc-client/dist/oidc-client.min.js',
+          to: pluginRoot + 'auth/public/auth-oidc'
+        }
+      ],
+      {
+        verbose: true
+      }
+    )
+  ]
+};

plugins/package.json

@@ -37,9 +37,11 @@
     "acorn": "^6.0.5",
     "babel-loader": "^8.0.5",
     "bundlesize": "^0.17.0",
+    "copy-webpack-plugin": "^5.1.1",
     "core-js": "^3.0.1",
     "diff": ">=3.5.0",
     "lodash": ">=4.17.13",
+    "lodash.merge": "^4.6.2",
     "mixin-deep": ">=1.3.2",
     "npm": ">=6.13.4",
     "oidc-client": "^1.10.1",