oidc-client isLoggedIn()

Question

What is the most concise and accurate way to determine isLoggedIn() with odic-client?

Much like the Angualr2 example my first method was:

// return true if user (token) exists.
public isLoggedIn(): Promise<boolean> {
    return this.userManager.getUser().then(user => !!user);
}

Then to handle expired tokens:

// return true if user (token) exists and not expired.
public isLoggedIn(): Promise<boolean> {
    return this.userManager.getUser().then(user => {
        if (!user) {
            return false;
        }
        return !user.expired;
    });
}

A requirement of my app is that it not show the user as logged in if the OP has revoked the session so, following the logic here, my next method was:

// return true if user (token) and session (cookie) exists and sub matches and not expired.
public async isLoggedIn(): Promise<boolean> {
    const session = await this.userManager.querySessionStatus().catch(() => null);
    const user = await this.userManager.getUser();
    if (!user || !session) {
        return false;
    }
    if (session.sub !== user.profile.sub) {
        return false;
    }
    return !user.expired;
}

Now I'm noticing that if I start my app with an expired token silent renew gets a new token with the session cookie after my isLoggedIn() logic so, I have a false negative. There is the userLoaded event but that dosn't fire if the token is still valid.

If the app started with an expired token, user.expired will be true right? — hashbytes, Jun 11 '19 at 21:03

oidc-client isLoggedIn()

0 Answers0