chore: added front channel and silent callback page

Author: adrienne-deriv

package-lock.json

@@ -115,6 +115,16 @@ const copyConfig = base => {
             to: 'localstorage-sync.html',
             toType: 'file',
         },
+        {
+            from: path.resolve(__dirname, '../src/root_files/front-channel.html'),
+            to: 'front-channel.html',
+            toType: 'file',
+        },
+        {
+            from: path.resolve(__dirname, '../src/root_files/silent-callback.html'),
+            to: 'silent-callback.html',
+            toType: 'file',
+        },
         { from: path.resolve(__dirname, '../src/root_files/robots.txt'), to: 'robots.txt', toType: 'file' },
         { from: path.resolve(__dirname, '../src/root_files/sitemap.xml'), to: 'sitemap.xml', toType: 'file' },
         {

packages/core/build/config.js

@@ -98,6 +98,7 @@
         "@datadog/browser-rum": "^5.11.0",
         "@deriv-com/analytics": "1.30.2",
         "@deriv-com/auth-client": "1.4.0",
+        "oidc-client-ts": "^3.1.0",
         "@deriv-com/quill-tokens": "2.0.4",
         "@deriv-com/quill-ui": "1.24.4",
         "@deriv-com/translations": "1.3.9",

packages/core/package.json

@@ -167,11 +167,13 @@ const AppContent: React.FC<{ passthrough: unknown }> = observer(({ passthrough }
     }, [has_wallet, current_language, changeSelectedLanguage, is_dark_mode_on, setDarkMode]);
 
     const isCallBackPage = window.location.pathname.includes('callback');
+    const isOauthFlowPage =
+        window.location.pathname.includes('front-channel') || window.location.pathname.includes('silent-callback');
 
     return (
         <ThemeProvider theme={is_dark_mode_on ? 'dark' : 'light'}>
-            <LandscapeBlocker />
-            {!isCallBackPage && <Header />}
+            {!isOauthFlowPage && <LandscapeBlocker />}
+            {!isCallBackPage && !isOauthFlowPage && <Header />}
             <ErrorBoundary root_store={store}>
                 <AppContents>
                     {/* TODO: [trader-remove-client-base] */}

packages/core/src/App/AppContent.tsx

@@ -11,6 +11,8 @@ import Endpoint from 'Modules/Endpoint';
 
 import OSRedirect from '../Containers/OSRedirect';
 import CallbackPage from '../../Modules/Callback/CallbackPage.tsx';
+import FrontChannelPage from '../../Modules/FrontChannel';
+import SilentCallbackPage from '../../Modules/SilentCallback';
 
 const CFDCompareAccounts = React.lazy(
     () => import(/* webpackChunkName: "cfd-compare-accounts" */ '@deriv/cfd/src/Containers/cfd-compare-accounts')
@@ -367,6 +369,18 @@ const getModules = () => {
             is_authenticated: false,
             getTitle: () => 'Callback',
         },
+        {
+            path: routes.front_channel_page,
+            component: FrontChannelPage,
+            is_authenticated: false,
+            getTitle: () => 'FrontChannel',
+        },
+        {
+            path: routes.silent_callback_page,
+            component: SilentCallbackPage,
+            is_authenticated: false,
+            getTitle: () => 'Silent Callback',
+        },
     ];
 
     return modules;
@@ -385,6 +399,12 @@ const initRoutesConfig = () => [
     { path: routes.os_redirect, component: OSRedirect, getTitle: () => localize('Redirect') },
     { path: routes.redirect, component: Redirect, getTitle: () => localize('Redirect') },
     { path: routes.callback_page, component: CallbackPage, getTitle: () => 'Callback' },
+    { path: routes.front_channel_page, component: FrontChannelPage, getTitle: () => 'FrontChannel' },
+    {
+        path: routes.silent_callback_page,
+        component: SilentCallbackPage,
+        getTitle: () => 'Silent Callback',
+    },
     {
         path: routes.complaints_policy,
         component: lazyLoadComplaintsPolicy(),

packages/core/src/App/Constants/routes-config.js

@@ -0,0 +1,15 @@
+import React from 'react';
+import { withRouter } from 'react-router-dom';
+import { useStore } from '@deriv/stores';
+
+const FrontChannelPage = () => {
+    const store = useStore();
+    const { logout, is_client_store_initialized } = store.client;
+
+    React.useEffect(() => {
+        if (is_client_store_initialized) logout();
+    }, [is_client_store_initialized]);
+    return <></>;
+};
+
+export default withRouter(FrontChannelPage);

packages/core/src/Modules/FrontChannel/FrontChannelPage.tsx

@@ -0,0 +1,3 @@
+import FrontChannelPage from './FrontChannelPage';
+
+export default FrontChannelPage;

packages/core/src/Modules/FrontChannel/index.ts

@@ -0,0 +1,53 @@
+import { requestOidcToken, requestLegacyToken } from '@deriv-com/auth-client';
+import React, { useCallback, useEffect } from 'react';
+import { withRouter, useLocation } from 'react-router-dom';
+
+const SilentCallbackPage = () => {
+    const fetchTokens = useCallback(() => {
+        try {
+            window.parent.postMessage({
+                event: 'login_successful',
+                value: {
+                    acct1: 'abcd1234',
+                },
+            });
+        } catch (err) {
+            console.error('unable to exchange tokens during silent login', err);
+            window.parent.postMessage({
+                event: 'login_error',
+                value: err,
+            });
+        }
+    }, []);
+
+    useEffect(() => {
+        const params = new URLSearchParams(window.location.search);
+        const oneTimeCode = params.get('code');
+        const errorType = params.get('error');
+
+        if (errorType === 'login_required') {
+            window.parent.postMessage({
+                event: 'login_required',
+            });
+        } else if (errorType === 'consent_required') {
+            window.parent.postMessage({
+                event: 'login_successful',
+                value: {
+                    acct1: 'abcd1234',
+                },
+            });
+        } else {
+            if (oneTimeCode) {
+                fetchTokens();
+            }
+        }
+    }, []);
+
+    return (
+        <div>
+            <h1>Silent callback</h1>
+        </div>
+    );
+};
+
+export default withRouter(SilentCallbackPage);

packages/core/src/Modules/SilentCallback/SilentCallback.tsx

@@ -0,0 +1,3 @@
+import SilentCallbackPage from './SilentCallback';
+
+export default SilentCallbackPage;

packages/core/src/Modules/SilentCallback/index.ts

@@ -1,4 +1,4 @@
-<!DOCTYPE html>
+<!doctype html>
 <html lang="en" translate="no" dir="auto">
     <head>
         <!-- Set skeleton theme color properties -->
@@ -85,7 +85,10 @@
                 var antiClickjack = document.getElementById('antiClickjack');
                 antiClickjack.parentNode.removeChild(antiClickjack);
             } else {
-                top.location = self.location;
+                const isAuthFlow = /\/(silent-callback|front-channel)($|\/)/.test(self.location.pathname);
+                if (!isAuthFlow) {
+                    top.location = self.location;
+                }
             }
         </script>
         <!-- End Anti-Clickjack -->

packages/core/src/index.html

@@ -0,0 +1,13 @@
+<!doctype html>
+<html>
+    <head>
+        <title>Deriv</title>
+        <meta charset="utf-8" />
+        <meta name="referrer" content="origin" />
+        <script>
+            localStorage.removeItem('client.accounts');
+        </script>
+    </head>
+
+    <body></body>
+</html>

packages/core/src/root_files/front-channel.html

@@ -0,0 +1,25 @@
+<!doctype html>
+<html>
+    <head>
+        <title>Deriv</title>
+        <meta charset="utf-8" />
+        <meta name="referrer" content="origin" />
+        <script>
+            const params = new URLSearchParams(window.location.search);
+            const oneTimeCode = params.get('code');
+            const errorType = params.get('error');
+
+            if (errorType === 'login_required') {
+                window.parent.postMessage({
+                    event: 'login_required',
+                });
+            } else if (errorType === 'consent_required' || oneTimeCode) {
+                window.parent.postMessage({
+                    event: 'sso_required',
+                });
+            }
+        </script>
+    </head>
+
+    <body></body>
+</html>

packages/core/src/root_files/silent-callback.html

@@ -8,6 +8,7 @@
         "@binary-com/binary-document-uploader": "^2.4.8",
         "@deriv-com/analytics": "1.30.2",
         "@deriv-com/auth-client": "1.4.0",
+        "oidc-client-ts": "^3.1.0",
         "@deriv-com/ui": "1.36.4",
         "@deriv-com/utils": "^0.0.42",
         "@deriv/api": "^1.0.0",

packages/hooks/package.json

@@ -46,7 +46,7 @@ const useOauth2 = ({ handleLogout }: { handleLogout: () => Promise<void> }) => {
         });
     };
 
-    return { isOAuth2Enabled, oAuthLogout: logoutHandler, loginHandler };
+    return { isOAuth2Enabled: true, oAuthLogout: logoutHandler, loginHandler };
 };
 
 export default useOauth2;

packages/hooks/src/useOauth2.ts

@@ -2,6 +2,7 @@ import { useEffect } from 'react';
 import Cookies from 'js-cookie';
 
 import { requestOidcAuthentication } from '@deriv-com/auth-client';
+import { UserManager, WebStorageStateStore } from 'oidc-client-ts';
 
 /**
  * Handles silent login and single logout logic for OAuth2.
@@ -26,49 +27,58 @@ const useSilentLoginAndLogout = ({
     const clientAccounts = JSON.parse(localStorage.getItem('client.accounts') || '{}');
     const isClientAccountsPopulated = Object.keys(clientAccounts).length > 0;
     const isSilentLoginExcluded =
-        window.location.pathname.includes('callback') || window.location.pathname.includes('endpoint');
+        window.location.pathname.includes('callback') ||
+        window.location.pathname.includes('silent-callback') ||
+        window.location.pathname.includes('endpoint');
 
     useEffect(() => {
+        window.addEventListener(
+            'message',
+            message => {
+                if (message.data?.event === 'login_required') {
+                    console.log('OIDC: prompt none says we are logged out');
+                    if (isClientAccountsPopulated) {
+                        oAuthLogout();
+                    }
+                } else if (message.data?.event === 'sso_required') {
+                    console.log('OIDC: we need to SSO NOW');
+                    // requestOidcAuthentication({
+                    //     redirectCallbackUri: `${window.location.origin}/callback`,
+                    // });
+                }
+            },
+            false
+        );
         // NOTE: Remove this logic once social signup is intergated with OIDC
         const params = new URLSearchParams(window.location.search);
         const isUsingLegacyFlow = params.has('token1') && params.has('acct1');
         if (isUsingLegacyFlow && loggedState === 'false' && isOAuth2Enabled) {
             return;
         }
 
-        if (
-            !isUsingLegacyFlow &&
-            loggedState === 'true' &&
-            !isClientAccountsPopulated &&
-            isOAuth2Enabled &&
-            is_client_store_initialized &&
-            !isSilentLoginExcluded
-        ) {
-            // Perform silent login
-            requestOidcAuthentication({
-                redirectCallbackUri: `${window.location.origin}/callback`,
+        if (isOAuth2Enabled && !isUsingLegacyFlow && !isClientAccountsPopulated && !isSilentLoginExcluded) {
+            console.log('OIDC: checking if we need SSO...');
+            const userManager = new UserManager({
+                authority: 'https://qa20.deriv.dev',
+                client_id: '1000005',
+                redirect_uri: 'https://localhost:8443/callback',
+                silent_redirect_uri: 'https://localhost:8443/silent-callback',
+                response_type: 'code',
+                scope: 'openid',
+                stateStore: new WebStorageStateStore({ store: window.localStorage }),
+                // this is enabled by default, it runs a silent renew service in the background which triggers the prompt=none auth calls
+                // Source: https://github.com/authts/oidc-client-ts/blob/9ccae8f87b3e9e2df349aaf6f007964ced287b02/src/UserManagerSettings.ts#L140
+                // Notable issue: https://github.com/authts/oidc-client-ts/issues/1174
+                automaticSilentRenew: false,
+            });
+            userManager.signinSilent({
+                extraQueryParams: {
+                    brand: 'deriv',
+                },
+                silentRequestTimeoutInSeconds: 60000,
             });
         }
-
-        if (
-            !isUsingLegacyFlow &&
-            loggedState === 'false' &&
-            is_client_store_initialized &&
-            isOAuth2Enabled &&
-            isClientAccountsPopulated &&
-            !window.location.pathname.includes('callback')
-        ) {
-            // Perform single logout
-            oAuthLogout();
-        }
-    }, [
-        loggedState,
-        isClientAccountsPopulated,
-        is_client_store_initialized,
-        isOAuth2Enabled,
-        oAuthLogout,
-        isSilentLoginExcluded,
-    ]);
+    }, [isOAuth2Enabled]);
 };
 
 export default useSilentLoginAndLogout;

packages/hooks/src/useSilentLoginAndLogout.ts

@@ -2,6 +2,8 @@ import { getUrlSmartTrader } from '../url/helpers';
 
 export const routes = {
     callback_page: '/callback',
+    front_channel_page: '/front-channel',
+    silent_callback_page: '/silent-callback',
     reset_password: '/',
     error404: '/404',
     index: '/index',
@@ -128,8 +130,3 @@ export const ACCOUNTS_OS_POI_STATUS_URL =
     process.env.NODE_ENV === 'production'
         ? 'https://hub.deriv.com/Accounts/ProofOfIdentityStatus'
         : 'https://staging-hub.deriv.com/Accounts/ProofOfIdentityStatus';
-
-export const ACCOUNTS_OS_POA_URL =
-    process.env.NODE_ENV === 'production'
-        ? 'https://hub.deriv.com/Accounts/ProofOfAddress'
-        : 'https://staging-hub.deriv.com/Accounts/ProofOfAddress';