Oidc-client-js: Lib size and dependency on jsrsasign

Created on 3 Sep 2020  路  3Comments  路  Source: IdentityModel/oidc-client-js

Currently I am building my one oidc-client from sources but there is still huge dependency there on shipped jsrsasign.

My codecoverage on initial load for oidc-client-js looks like this.
Screenshot 2020-09-03 at 09 48 35

question
Source
picture primozs

Most helpful comment

My plan is to eventually drop implicit support, as it's deprecated.

picture brockallen on 3 Sep 2020
👍3

All 3 comments

This is a long standing issue and a dup of a prior issue. As of now, it is what it is. In the future, perhaps there will be time/support to rework this library and drop implicit support.

brockallen picture brockallen on 3 Sep 2020

Could not find an open issue but #23 might be the duplicate issue being referred to?

I heard before indeed that jsrsasign is only needed for Implict Flow, but not for Code+PKCE flow - that's what you also mean @brockallen, right?

I follow another library (angular-oauth2-openid) where the maintainer decided to extract validation to a separate library/package you need to include if you use Implicit Flow. That way you won't have the extra bundle size if you have the (currently recommended?) Code+PKCE flow for browser apps. At the cost of extra bootstrapping work for Implicit Flow.

Perhaps this approach would be feasible for oidc-client-js as well? Just a thought.

jeroenheijmans picture jeroenheijmans on 3 Sep 2020

My plan is to eventually drop implicit support, as it's deprecated.

brockallen picture brockallen on 3 Sep 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

StephenRedd picture StephenRedd  路  5Comments
tomeinar picture tomeinar  路  3Comments
ycrumeyrolle picture ycrumeyrolle  路  5Comments
tamias picture tamias  路  3Comments
eckersalld picture eckersalld  路  5Comments