Session Monitoring for RP test client

lullis · lullis · commit 2e3656d491f9 · 2025-12-18T21:02:11.000+01:00
I couldn't get it to work with the test idp, so I added environment
variables to allow overriding the options that were hard-coded.
diff --git a/tests/app/rp/.env.example b/tests/app/rp/.env.example
@@ -0,0 +1,24 @@
+# OAuth Configuration
+# OIDC Issuer URL (Identity Provider endpoint)
+PUBLIC_OIDC_ISSUER=http://localhost:8000/o
+
+# OAuth Client ID
+PUBLIC_OAUTH_CLIENT_ID=2EIxgjlyy5VgCp2fjhEpKLyRtSMMPK0hZ0gBpNdm
+
+# Redirect URI after authentication
+PUBLIC_OIDC_REDIRECT_URI=http://localhost:5173
+
+# Post logout redirect URI
+PUBLIC_OIDC_POST_LOGOUT_REDIRECT_URI=http://localhost:5173
+
+# Identity Provider base URL (for device authorization flow)
+PUBLIC_IDP_URL=http://127.0.0.1:8000
+
+# Device authorization client ID (can be different from OIDC client ID)
+PUBLIC_DEVICE_CLIENT_ID=Qg8AaxKLs1c2W3PR70Sv5QxuSEREicKUlf83iGX3
+
+# OIDC Discovery endpoint path (relative to IDP URL)
+PUBLIC_OIDC_DISCOVERY_PATH=/o/.well-known/openid-configuration
+
+# Session monitoring client ID (can be same as OIDC client ID)
+PUBLIC_SESSION_CLIENT_ID=2EIxgjlyy5VgCp2fjhEpKLyRtSMMPK0hZ0gBpNdm
diff --git a/tests/app/rp/src/routes/+layout.svelte b/tests/app/rp/src/routes/+layout.svelte
@@ -1,13 +1,30 @@
 <script>
+	import { browser } from '$app/environment';
 	import { onMount } from 'svelte';
 	import { page } from '$app/stores';
+	import { OidcContext } from '@dopry/svelte-oidc';
+	import { env } from '$env/dynamic/public';
+
+	// OIDC Configuration
+	const metadata = {};
 
 	// Materialize tabs initialization
 	onMount(() => {
 		if (typeof M !== 'undefined') {
 			const tabs = document.querySelectorAll('.tabs');
 			M.Tabs.init(tabs);
 		}
+
+		// Debug: Log URL parameters on mount
+		if (browser) {
+			const params = new URLSearchParams(window.location.search);
+			console.log('DEBUG Layout: URL params:', Object.fromEntries(params.entries()));
+			if (params.has('session_state')) {
+				console.log('DEBUG Layout: session_state in URL:', params.get('session_state'));
+			} else {
+				console.log('DEBUG Layout: NO session_state in URL');
+			}
+		}
 	});
 </script>
 
@@ -60,13 +77,37 @@
 					>Device Authorization Flow</a
 				>
 			</li>
+			<li class="tab">
+				<a href="/session" class:active={$page.url.pathname === '/session'}
+					>Session Management</a
+				>
+			</li>
 		</ul>
 	</div>
 </nav>
 
-<div class="container">
-	<slot />
-</div>
+{#if browser}
+	<OidcContext
+		issuer={env.PUBLIC_OIDC_ISSUER}
+		client_id={env.PUBLIC_OAUTH_CLIENT_ID}
+		redirect_uri={env.PUBLIC_OIDC_REDIRECT_URI}
+		post_logout_redirect_uri={env.PUBLIC_OIDC_POST_LOGOUT_REDIRECT_URI}
+		{metadata}
+		scope="openid"
+		extraOptions={{
+			mergeClaims: true,
+			monitorSession: true
+		}}
+	>
+		<div class="container">
+			<slot />
+		</div>
+	</OidcContext>
+{:else}
+	<div class="container">
+		<slot />
+	</div>
+{/if}
 
 <style>
 	.tabs .tab a {
diff --git a/tests/app/rp/src/routes/+page.svelte b/tests/app/rp/src/routes/+page.svelte
@@ -1,10 +1,8 @@
 <script>
-	import { browser } from '$app/environment';
 	import {
 		EventLog,
 		LoginButton,
 		LogoutButton,
-		OidcContext,
 		RefreshTokenButton,
 		accessToken,
 		authError,
@@ -13,72 +11,51 @@
 		isLoading,
 		userInfo
 	} from '@dopry/svelte-oidc';
-
-	const metadata = {};
 </script>
 
-{#if browser}
-	<OidcContext
-		issuer="http://localhost:8000/o"
-		client_id="2EIxgjlyy5VgCp2fjhEpKLyRtSMMPK0hZ0gBpNdm"
-		redirect_uri="http://localhost:5173"
-		post_logout_redirect_uri="http://localhost:5173"
-		{metadata}
-		scope="openid"
-		extraOptions={{
-			mergeClaims: true
-		}}
-	>
-		<div class="row">
-			<div class="col s12">
-				<LoginButton>Login</LoginButton>
-				<LogoutButton>Logout</LogoutButton>
-				<RefreshTokenButton>refreshToken</RefreshTokenButton>
-			</div>
-		</div>
-		<div class="row">
-			<div class="col s12">
-				<table>
-					<thead>
-						<tr><th>isLoading</th><th>isAuthenticated</th><th>authError</th></tr>
-					</thead>
-					<tbody>
-						<tr>
-							<td>{$isLoading}</td>
-							<td>{$isAuthenticated}</td>
-							<td>{$authError || 'None'}</td>
-						</tr>
-					</tbody>
-				</table>
-			</div>
-		</div>
-		<div class="row">
-			<div class="col s12">
-				<table>
-					<thead>
-						<tr><th style="width: 20%;">store</th><th style="width: 80%;">value</th></tr
-						>
-					</thead>
-					<tbody>
-						<tr
-							><td>userInfo</td><td
-								><pre>{JSON.stringify($userInfo, null, 2) || ''}</pre></td
-							></tr
-						>
-						<tr
-							><td>accessToken</td><td style="word-break: break-all;"
-								>{$accessToken}</td
-							></tr
-						>
-						<tr><td>idToken</td><td style="word-break: break-all;">{$idToken}</td></tr>
-					</tbody>
-				</table>
-			</div>
-		</div>
-		<div class="row">
-			<div class="col s12">
-				<EventLog />
-			</div>
-		</div>
-	</OidcContext>
-{/if}
+<div class="row">
+	<div class="col s12">
+		<LoginButton>Login</LoginButton>
+		<LogoutButton>Logout</LogoutButton>
+		<RefreshTokenButton>refreshToken</RefreshTokenButton>
+	</div>
+</div>
+<div class="row">
+	<div class="col s12">
+		<table>
+			<thead>
+				<tr><th>isLoading</th><th>isAuthenticated</th><th>authError</th></tr>
+			</thead>
+			<tbody>
+				<tr>
+					<td>{$isLoading}</td>
+					<td>{$isAuthenticated}</td>
+					<td>{$authError || 'None'}</td>
+				</tr>
+			</tbody>
+		</table>
+	</div>
+</div>
+<div class="row">
+	<div class="col s12">
+		<table>
+			<thead>
+				<tr><th style="width: 20%;">store</th><th style="width: 80%;">value</th></tr>
+			</thead>
+			<tbody>
+				<tr
+					><td>userInfo</td><td><pre>{JSON.stringify($userInfo, null, 2) || ''}</pre></td></tr
+				>
+				<tr
+					><td>accessToken</td><td style="word-break: break-all;">{$accessToken}</td></tr
+				>
+				<tr><td>idToken</td><td style="word-break: break-all;">{$idToken}</td></tr>
+			</tbody>
+		</table>
+	</div>
+</div>
+<div class="row">
+	<div class="col s12">
+		<EventLog />
+	</div>
+</div>
diff --git a/tests/app/rp/src/routes/device/+page.svelte b/tests/app/rp/src/routes/device/+page.svelte
@@ -1,10 +1,11 @@
 <script>
 	import { browser } from '$app/environment';
 	import { onDestroy } from 'svelte';
+	import { env } from '$env/dynamic/public';
 
 	// Configuration
-	const IDP_URL = 'http://127.0.0.1:8000';
-	const CLIENT_ID = 'Qg8AaxKLs1c2W3PR70Sv5QxuSEREicKUlf83iGX3';
+	const IDP_URL = env.PUBLIC_IDP_URL;
+	const CLIENT_ID = env.PUBLIC_DEVICE_CLIENT_ID;
 	const POLLING_INTERVAL = 5000; // 5 seconds
 
 	// State variables
@@ -313,8 +314,8 @@
 			and verification URI.
 		</li>
 		<li>
-			<strong>User authorizes:</strong> The user visits the verification URI on another device
-			(like a phone or computer), enters the user code, and approves the authorization.
+			<strong>User authorizes:</strong> The user visits the verification URI on another device (like
+			a phone or computer), enters the user code, and approves the authorization.
 		</li>
 		<li>
 			<strong>Device polls for token:</strong> Meanwhile, the device polls the token endpoint using
diff --git a/tests/app/rp/src/routes/session/+page.svelte b/tests/app/rp/src/routes/session/+page.svelte
@@ -0,0 +1,9 @@
+<script>
+	import SessionMonitor from '$lib/components/SessionMonitor.svelte';
+</script>
+
+<svelte:head>
+	<title>OIDC Session Management Test</title>
+</svelte:head>
+
+<SessionMonitor />
