Adrienne / Add front channel and silent login to replace logged_state cookies

[adrienne-deriv]

Changes:

Please provide a summary of the change.

• Add front channels to Deriv.app, which when rendered in an iframe will clear local storage and any related to authentication state
• Move logged_state syncing logic to only be used in Safari
• Add silent login feature using prompt=none, which will automatically checks if the user is logged in if client.accounts have not been populated yet, local storage is empty
  • this will render an iframe to /silent-callback.html which will check if user has session in Hydra (which will return a code parameter in the URL)
  • if user does not have a session in Hydra, Hydra will return an query parameter error=login_required which indicates that the user is logged out

Screenshots:

Please provide some screenshots of the change.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Updated (UTC)
deriv-app	✅ Ready (Inspect)	Visit Preview	Feb 24, 2025 6:36am

[github-actions]

A production App ID was automatically generated for this PR. (log)

• PR: Adrienne / Add front channel and silent login to replace logged_state cookies #18069
• URLs:
  • w/ App ID + Server: https://deriv-app-git-fork-adrienne-deriv-front-channel-silent-login.binary.sx?qa_server=red.derivws.com&app_id=31898
  • Original: https://deriv-app-git-fork-adrienne-deriv-front-channel-silent-login.binary.sx
• App ID: 31898

Click here to copy & paste above information.

- **PR**: [https://github.com/deriv-com/deriv-app/pull/18069](https://github.com/deriv-com/deriv-app/pull/18069)
- **URLs**:
    - **w/ App ID + Server**: https://deriv-app-git-fork-adrienne-deriv-front-channel-silent-login.binary.sx?qa_server=red.derivws.com&app_id=31898
    - **Original**: https://deriv-app-git-fork-adrienne-deriv-front-channel-silent-login.binary.sx
- **App ID**: `31898`

[github-actions]

⏳ Generating Lighthouse report...

[adrienne-deriv]

This is to ensure Safari is still using logged_state, because at the moment front channels do not work in Safari due to Storage partitioning in Intelligent Tracking Prevention

https://stackoverflow.com/questions/63921299/safari-setting-localstorage-inside-iframe-is-not-correctly-shared

[adrienne-deriv]

So if we log out at https://hub.deriv.com, Hydra will render front channels (i.e. creating iframes in https://hub.deriv.com to https://app.deriv.com/front-channel.html) which SHOULD clear local storage in Chrome and Firefox, but it will not work in Safari due to the issue mentioned above

[adrienne-deriv]

This prevents the silent-callback.html and front-channel.html iframes to be navigated in the main window

[adrienne-deriv]

When we call OIDC logout, it will render all front-channels (including the caller's front channel). This caused an issue in Deriv.app where if you clear the local storage while you are still signing out, after signing out it redirects you to the /authorize page

[adrienne-deriv]

This storage clearance is referenced from packages/core/src/Services/logout.js

[adrienne-deriv]

This is the main hook for the logged_state logic, I just renamed it to useLoggedStateLoginAndLogout from useSilentLoginAndLogout

[adrienne-deriv]

If we are in Safari, don't use prompt none

[adrienne-deriv]

Only trigger logged_state checks in Safari

[amam-deriv]

[Q] is callback needed here?

[adrienne-deriv]

Tested this, this is not needed anymore since the silent callback and front channel are served statically under /silent-callback.html and /front-channel.html, will remove this change