Offer new event for session_unchanged

[sprudel79]

In our web application we would like to execute further logic at the same time when a session check is done.
Inside the sessionCheckEventListener there are right now three cases that can happen during a session check: unchanged, changed or error.
For the last two cases there are events thrown like:

this.eventsSubject.next(new OAuthInfoEvent('session_changed'));

or

this.eventsSubject.next(new OAuthInfoEvent('session_error'));

But for the unchanged case a simple debug message is printed out.

So I would like to request that there will be also an event thrown for the unchanged case to be able to subscribe to it and to add logic to be executed:

this.eventsSubject.next(new OAuthInfoEvent('session_unchanged'));

Thanks!

[8jigarpatel]

Could someone explain the difference between session_changed and session_terminated?

I am trying to implement something, to log user out from all tabs etc when they logout of the Identity Server. (This case triggers session_changed event in all angular app tabs)

Scenario where a user has 2 or more angular app tabs open, and they log out of one - then the session_terminated event gets triggered, and I simply location.reload() in other tabs where the event is received, that logs user out. I tried the logout method provided by the service, but that one would take user to the Identity Server logout page, and not bring them back to angular app (I.e., login redirect to Identity Server) page

[jeroenheijmans]

@8jigarpatel

Could someone explain the difference between session_changed and session_terminated?

The session_changed event is equivalent to OpenId session check's changed. The session_terminated event is more specific to this library, it is emitted when the library is reasonably sure that the user was signed out.

---

As for the original request, it does make sense to add an event per the feature request, it should be quite easy to add:

angular-oauth2-oidc/projects/lib/src/oauth-service.ts

Lines 1242 to 1244 in 8d152c2

	protected handleSessionUnchanged(): void {
	this.debug('session check', 'session unchanged');
	}

angular-oauth2-oidc/projects/lib/src/events.ts

Lines 1 to 25 in 8d152c2

	export type EventType =
	| 'discovery_document_loaded'
	| 'jwks_load_error'
	| 'invalid_nonce_in_state'
	| 'discovery_document_load_error'
	| 'discovery_document_validation_error'
	| 'user_profile_loaded'
	| 'user_profile_load_error'
	| 'token_received'
	| 'token_error'
	| 'code_error'
	| 'token_refreshed'
	| 'token_refresh_error'
	| 'silent_refresh_error'
	| 'silently_refreshed'
	| 'silent_refresh_timeout'
	| 'token_validation_error'
	| 'token_expires'
	| 'session_changed'
	| 'session_error'
	| 'session_terminated'
	| 'logout'
	| 'popup_closed'
	| 'popup_blocked'
	| 'token_revoke_error';

[jonyeezs]

Would love something like this.
Here's my use case.

1. A user logs into the app.
2. On the same tab the user as another user.
3. Tab should be on the new user.
4. If the user refreshes it should still be the same user.

The foundation here is on OIDC.

If the user refreshes the tab, it won't do tryLogin again.
To have a better user experience we check if the user has an authorized access token. If it does we allow the user to use that token.
BUT if the authenticated user is different we want to load the app with that authenticated user. To do that its all OIDC.

How i intend to use this is to check session_unchanged vs session_changed.
When a user has gone through the auth flow, i then checkSession() immediately.
Currently I'll have to wait on an interval for any session_changed event. But what would be better if i get an immediate session_unchanged and i then can proceed to know that the current user is the authenticated user so i don't have to perform a code flow again.