fix: Service revocation detect/react enhancements (#287)

openziti · Apr 22, 2024 · 7f01c65 · 7f01c65
1 parent e4c70b1
commit 7f01c65
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 15 deletions.
diff --git a/package.json b/package.json
@@ -95,7 +95,7 @@
     "@auth0/auth0-spa-js": "^2.0.4",
     "@azure/msal-browser": "^2.38.0",
     "@babel/runtime": "^7.17.9",
-    "@openziti/ziti-browzer-core": "^0.40.0",
+    "@openziti/ziti-browzer-core": "^0.40.1",
     "bowser": "^2.11.0",
     "cookie-interceptor": "^1.0.0",
     "core-js": "^3.22.8",

diff --git a/src/oidc/utils.js b/src/oidc/utils.js
@@ -324,3 +324,22 @@ export const pkceLogout = async (oidcConfig, redirectURI) => {
 
 };
 
+
+/**
+ * pkceLogoutIsNeeded
+ * 
+ * @param {*} oidcConfig 
+ */
+ export const pkceLogoutIsNeeded = async (oidcConfig) => {
+
+    const {authorizationServer} = await validateAndGetOIDCForPKCE(oidcConfig);
+
+    let asurl = new URL(authorizationServer.authorization_endpoint);
+
+    if (asurl.hostname.includes('auth0.com')) {
+        return true;
+    } else {
+        return false;
+    }
+
+};
diff --git a/src/runtime.js b/src/runtime.js
@@ -45,6 +45,7 @@ import {
   getPKCERedirectURI, 
   pkceLogin, 
   pkceLogout,
+  pkceLogoutIsNeeded,
   pkceCallback,
   PKCEToken,
 } from './oidc/utils';
@@ -1067,11 +1068,17 @@ class ZitiBrowzerRuntime {
 
     this.logger.trace(`sessionCreationErrorEventHandler() `, sessionCreationErrorEvent);
 
+    window.zitiBrowzerRuntime.wb.messageSW({
+      type: 'UNREGISTER', 
+      payload: {
+      } 
+    });
+
     window.zitiBrowzerRuntime.browzer_error({
       status:   409,
       code:     ZBR_CONSTANTS.ZBR_ERROR_CODE_SERVICE_UNREACHABLE,
       title:    `Ziti Service [${window.zitiBrowzerRuntime.zitiConfig.browzer.bootstrapper.target.service}] cannot be reached -- [${sessionCreationErrorEvent.error}]`,
-      message:  `The request conflicts with the current state of the network.`
+      message:  `Access was revoked from your Identity, or the Service might be down.`
     });
 
   }
@@ -1093,11 +1100,17 @@ class ZitiBrowzerRuntime {
 
     this.logger.trace(`channelConnectFailEventHandler() `, channelConnectFailEvent);
 
+    window.zitiBrowzerRuntime.wb.messageSW({
+      type: 'UNREGISTER', 
+      payload: {
+      } 
+    });
+
     window.zitiBrowzerRuntime.browzer_error({
       status:   409,
       code:     ZBR_CONSTANTS.ZBR_ERROR_CODE_SERVICE_UNREACHABLE,
       title:    `Ziti Service [${channelConnectFailEvent.serviceName}] connect attempt failed on Ziti Network.`,
-      message:  `The web server might be down.`
+      message:  `Access was revoked from your Identity, or the Service might be down.`
     });
 
   }
@@ -1555,14 +1568,16 @@ class ZitiBrowzerRuntime {
           // Local data indicates that the user is not authenticated, however, the IdP might still think the authentication
           // is alive/valid (a common Auth0 situation), so, we will force/tell the IdP to do a logout. 
 
-          // let logoutInitiated = this.getCookie( this.authTokenName + '_logout_initiated' );
-          // if (isEqual(logoutInitiated, '')) {
-            // document.cookie = this.authTokenName + '_logout_initiated' + "=" + "yes" + "; path=/";
-            // this.logger.trace(`initialize() calling pkceLogout`);
-            // pkceLogout( getOIDCConfig(), getPKCERedirectURI().toString() );
-            // await delay(1000); // we need to pause a bit or the 'login' call below will cancel the 'logout'
-          // }
-          // document.cookie = this.authTokenName + '_logout_initiated'+'=; Max-Age=-99999999;';
+          if (pkceLogoutIsNeeded(getOIDCConfig())) {
+            let logoutInitiated = this.getCookie( this.authTokenName + '_logout_initiated' );
+            if (isEqual(logoutInitiated, '')) {
+              document.cookie = this.authTokenName + '_logout_initiated' + "=" + "yes" + "; path=/";
+              this.logger.trace(`initialize() calling pkceLogout`);
+              pkceLogout( getOIDCConfig(), getPKCERedirectURI().toString() );
+              await delay(1000); // we need to pause a bit or the 'login' call below will cancel the 'logout'
+            }
+            document.cookie = this.authTokenName + '_logout_initiated'+'=; Max-Age=-99999999;';
+          }
 
           this.logger.trace(`initialize() calling pkceLogin`);
 

diff --git a/yarn.lock b/yarn.lock
@@ -1200,10 +1200,10 @@
     "@types/emscripten" "^1.39.6"
     "@wasmer/wasi" "^1.0.2"
 
-"@openziti/ziti-browzer-core@^0.40.0":
-  version "0.40.0"
-  resolved "https://registry.yarnpkg.com/@openziti/ziti-browzer-core/-/ziti-browzer-core-0.40.0.tgz#699c4a70be9d9c8bc0ba8c3f8d269dff846fbd70"
-  integrity sha512-bonpsIIbXdBhQHnRONW7zPEgiwFEILwzoe9VsMhPcSRkr1wQbLkZkdAMJYqIKw6Bg2Uq9GMsbD9KpAjtGML0Lg==
+"@openziti/ziti-browzer-core@^0.40.1":
+  version "0.40.1"
+  resolved "https://registry.yarnpkg.com/@openziti/ziti-browzer-core/-/ziti-browzer-core-0.40.1.tgz#0d992ba3aafd902a311906d6165f3767ffb5e181"
+  integrity sha512-IndDEsEbShAcV6KPj2Ygt+WYKifWL56tjbIBbM/7PGuOkMjSm6fWeVk+5Z7Ksyte2uMphNttB171kwL/vFtGnQ==
   dependencies:
     "@openziti/libcrypto-js" "^0.19.0"
     "@openziti/ziti-browzer-edge-client" "^0.6.2"