Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Question: better flows description, improving documentation #1490

Open
lomboboo opened this issue Jan 2, 2025 · 4 comments
Open

Question: better flows description, improving documentation #1490

lomboboo opened this issue Jan 2, 2025 · 4 comments

Comments

@lomboboo
Copy link

lomboboo commented Jan 2, 2025
edited
Loading

Question

I find that this package implements a lot of cool features with clever ideas, but I feel like documentation doesn't match it.
I would really like to have some diagrams/charts that would explain how everything works or at least the most important flows.

I found some videos and articles that describes "How it works", but this is rather standard, basic OIDC docs rather than flows for this specific implementation. I would like to know more how ServiceWorker tied up with OIDC here (eg., debugging, storage, multi tabs with lock mechanisms etc).

Another field to improve docs for me would be events and in particular events related to this implementation (eg., lockNotAvailable, tryKeepExistingSession etc.).

Lastly, I think it would be so much easier for others to switch and start using this package if all the configuration options were described, preferably with examples and/or "gotchas", how/if they collide with other options, OidcTrustedDomains.js domains can be regex expressions etc. This also related to all the XHR requests developer can see during the flow (eg. OidcKeepAliveServiceWorker.json request - what does it do, how it affects the flow etc.).

I had to go through the source code to make it work in my setup, so I've spent some time with the library and found answers to some of the questions, but it really should be a part of the docs, which will speed the setup and understanding for new devs.

Thanks again for the great work with this package!
@guillaume-chervet
Copy link
Contributor

hi @lomboboo completly agree ! I need to write more documentation. Thnak you for your feedback :)

@lomboboo
Copy link
Author

I am also curious and it's not strictly related to the documentation - since monitor session is implemented via iframe it WILL NOT work with SameSite=Lax/Strict session cookie (only with SameSite=None), which is strongly advisable from the security perspective. Is there an alternative ?

@guillaume-chervet
Copy link
Contributor

Hi @lomboboo, I will have time next week for updates.
In Fact iframe it works with the same domain/sub domains event (chat GPT said wrong things about this). I need to describe it more in details.

@lomboboo
Copy link
Author

@guillaume-chervet Can you please elaborate a bit on the OidcServiceWorker.js and OidcTrustedDomains.js files?

Could it be a part of the configuration maybe?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lomboboo @guillaume-chervet