Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feat periodic session checks #2032

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Feat periodic session checks #2032

wants to merge 7 commits into from

Conversation

bjoern-m
Copy link
Contributor

@bjoern-m bjoern-m commented Jan 24, 2025
edited
Loading

Description

This PR includes an overhaul of session management within the SDK.

Implementation

  1. Improved Session Validation
  • Updated the Scheduler to support periodic and timeout-based session validation.
  • Added configurable intervals and callback mechanisms for enhanced session handling.
  1. BroadcastChannel Integration
  • Introduced the SessionChannel class to facilitate inter-tab communication for session-related events, including expiration, creation, and leadership requests for session validation.
  1. Visibility and Activity Tracking
  • Developed the WindowActivityManager to monitor window focus, blur, and visibility changes.
  • Ensures session validation occurs only in the active tab or window, optimizing performance and resource usage.
  1. Session Created Event Changes
  • The optional jwt field is no longer included in the session-created-event.
  • The expirationSeconds field has been deprecated.
  • Instead, the token claims are now passed through the session-created-event and shared across all browser windows or tabs.
  1. Deprecation of the is_valid() Function
  • The hanko.session.is_valid() function is now deprecated.
  • It now functions similarly to await hanko.sessionClient.validate() by requesting the API to check the session but blocks the browser threads.
  • Users are advised to use the non-blocking hanko.sessionClient.validate() instead.
  1. Local Storage Clean-Up
  • Removed the need to store session-related information, such as the JWT or its expiry, in local storage.
  • All session-related data is now managed without relying on local storage.

@bjoern-m bjoern-m marked this pull request as ready for review January 24, 2025 10:55
lfleischmann
lfleischmann reviewed Feb 13, 2025
View reviewed changes
frontend/frontend-sdk/src/Hanko.ts
@@ -25,6 +24,8 @@ import { SessionClient } from "./lib/client/SessionClient";
* if email delivery by Hanko is enabled. If email delivery by Hanko is disabled and the
* relying party configures a webhook for the "email.send" event, then the set language is
* reflected in the payload of the token contained in the webhook request.
* @property {number=} sessionCheckInterval - Interval for session validity checks in milliseconds.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • The readme also mentions the following: "Must be greater than 3000 (3s)." I think this info would be useful here too.

  • Also: it looks like it defaults to 30000 if I provide a value under 3000, so no error or the like. Maybe also mention this? Ignore this bulletpoint if I misinterpreted this.

frontend/frontend-sdk/src/lib/Dto.ts
* @property {Pick<Email, "address" | "is_primary" | "is_verified">} [email] - Email information associated with the subject (optional).
* @property {string} session_id - The session identifier linked to the claims.
*/
export interface Claims {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Claims now also contain a username (introduced in #2036), should we also add this here?

@bjoern-m bjoern-m marked this pull request as draft February 17, 2025 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lfleischmann lfleischmann lfleischmann left review comments

@FreddyDevelop FreddyDevelop Awaiting requested review from FreddyDevelop

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
Hanko
Status: 🆕 New
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bjoern-m @lfleischmann