Ability to "load" a client instance from persisted state

Question

Ability to "load" a client instance from persisted state

Opened this issue 7 years ago · 11 comments

There should be a way to instantiate a client for a particular identity provider from the cache. This is useful because it prevents extra network requests to the identity provider when it's already saved ID/access tokens.

dmitrizagidulin commented 7 years ago

Ok, cool!

Answer 1 · 2017-06-06T15:38:07.000Z

Thanks. Will implement this next.

Answer 2 · 2017-06-06T18:36:43.000Z

Quick question - would you like this method to register a client if no cached copy exists? Or just resolve to null if no stored client is found?

Answer 3 · 2017-06-06T18:52:10.000Z

I'd rather there not be side effects. Since this client is designed to manage one session at a time I'm looking for something like:

const oidcClient = new Client('https://example.com', options) // loads any ID/Access tokens from storage
oidcClient.currentUser() // null if no stored user, webId otherwise

Answer 4 · 2017-06-06T18:56:48.000Z

No prob.

So this sounds like this is orthogonal to the rp client? As in, instantiating the client will load the last webId + tokens that were stored for that provider, but doesn't concern itself with the rp client (until it's needed by login())?

Answer 5 · 2017-06-06T19:02:03.000Z

I was using the term client to refer to the interface this library exposes. I'm considering the rp client lib an implementation detail in that context.

Answer 6 · 2017-06-06T19:06:00.000Z

Got it. Couple more questions. One, would it be ok if the loading of user was performed by a factory method rather than constructor? Something like:

const oidcClient = Client.for('https://example.com', options) // loads any ID/Access tokens from storage
oidcClient.currentUser() // null if no stored user, webId otherwise

Two, just to double check - should calling oidcClient.logout() clear the stored webId & tokens for that provider? (So that the next time currentUser() is called, it would return null).

Answer 7 · 2017-06-06T19:08:07.000Z

One, would it be ok if the loading of user was performed by a factory method rather than constructor?

Yeah totally.

Two, just to double check - should calling oidcClient.logout() clear the stored webId & tokens for that provider? (So that the next time currentUser() is called, it would return null).

Yep

Answer 8 · 2017-06-06T19:16:27.000Z

Would it also make sense to store the last selected provider uri (in local storage)? So that the app doesn't have to remember that https://example.com was it?

This would give something like:

const oidcClient = Client.for(options)
// ^ loads the last selected provider, https://example.com if available, and loads the webId + tokens for it

And maybe make providerUri as one of the options?

Answer 9 · 2017-06-06T19:17:14.000Z

At the very least, I'd like to see the concept of "current user" for a developer-specified IDP URL. Currently it relies on the current window URL - https://github.com/solid/solid-auth-oidc/blob/master/src/index.js#L83

It'd also be really nice to index the last used IDP by app URL. That way you can pick up the last used user session for the current app.

Answer 10 · 2017-06-06T19:17:55.000Z

I think we're saying the same thing