Event type 'received_first_token' is never fired

[nhumblot]

Hello,

On master branch, projects\lib\src\events.ts references a received_first_token event type.

By searching into the code, it looks like there is no place where this event is fired.

Should this event type be removed or should it be implemented?

Personally, I think it can be a useful addition, especially for preserving state.

If it needs to be implemented, what would be the business rule to implement? I'm not sure about that.

By looking at the OpenId Connect specification, the id_token is required in a successful implicit flow response, the access_token is not returned if response_type value used is id_token.

We can set oidc to false and not use OpenId Connect, then only an access_token is received.

For the password flow, we never receive an id_token but we receive an access_token.

Maybe we could go with this?

Feature: received_first_token

Scenario: trigger one received_first_token event when an access_token is received with oidc mode off
    Given no id_token and no access_token is present in the OAuthStorage
    And oidc is false
    And requestAccessToken is true
    And there is an access_token is the hash fragment
    And there is a valid nonce in state
    When tryLogin
    Then one 'received_first_token' event is triggered

Scenario: trigger one received_first_token event when an id_token is received using implicit flow
    Given no id_token and no access_token is present in the OAuthStorage
    And oidc is true
    And requestAccessToken is false
    And there is an id_token is the hash fragment
    And there is a valid nonce in state
    When tryLogin
    Then one 'received_first_token' event is triggered

Scenario: trigger one received_first_token event when an access_token and an id_token are received using implicit flow
    Given no id_token and no access_token is present in the OAuthStorage
    And oidc is true
    And requestAccessToken is true
    And there is an access_token is the hash fragment
    And there is an id_token is the hash fragment
    And there is a valid nonce in state
    When tryLogin
    Then one 'received_first_token' event is triggered

Scenario: trigger one received_first_token event when access_token is received using password flow
    Given no id_token and no access_token is present in the OAuthStorage
    And a userName
    And a password
    When token is fetched successfully using password flow with userName and password
    Then one 'received_first_token' event is triggered

Whatever solution is chosen (remove or implement), I'm volunteer to work on the chosen solution if allowed. 🙂

Kind regards.

[manfredsteyer]

Thanks for pointing us to this. I've removed the event, b/c a consumer can create sth like this very easily using RxJS with filter(...) and first().