checkSession

Deprecation Notice

This SDK is deprecated in favor of the Core and UI JS SDKs. See Migrating to the latest SDKs to use the latest Core and UI SDKs.

Support for the Legacy JS SDK ends on 28 February, 2021.

reach5('checkSession',
  auth: object,
  callback: function,
}

About this command

Check if an SSO session is active, and if so, authenticate the current user silently and return an Authentication Result object.

If no valid session is present, an error object is returned with a login_required error key.

Examples

reach5('checkSession', {
    nonce: 'abcd' // The nonce links the retrieved id token with the local session
}, function (err, authResult) {
  if (err) {
    if (err.error === 'login_required') {
      // No active session
    } else {
      // Unexpected error
      console.error(err)
    }
  } else {
    // Authenticate the current user locally
  }
});

Parameters

auth object

List of authentication options

responseType string

The desired OAuth2 grant type. Use code to request an authorization code (recommended) or token for a token set (implicit grant, discouraged).

Defaults to code when redirectUri is provided, and to token otherwise. For messenger account linking, responseType should be set to messenger_code.

redirectUri string

The URL where the user will be redirected back to after authentication. This value is required with code response type and defaults to the current page with token response type. For messenger account linking, redirectUri should be set with the redirect_uri query param provided by Facebook on url.

state string

Persist data between user being directed to the authorization server and back again. Use case : Help mitigate CSRF attacks or indicating which app’s pages to redirect to after authorization. Could be Base64 encoded JSON object, JWT or nonce.

prompt string

Specify whether the social provider should explicitly prompt the user for reauthentication or consent.

The defined values are:

  • none: No authentication nor consent. The user must be already authenticated in social provider.

  • login: The social provider must prompt the user for reauthentication.

  • consent: The social provider must prompt for consent.

nonce string

String value used to associate a local session with an ID Token, and to mitigate replay attacks. The value is passed through unmodified to the ID Token.

popupMode boolean

Whether or not to use popup mode. Defaults to false.

This mode is not recommended due to known bugs in Android or Firefox in iOS.

origin string

Free text parameter describing the source of the login (only for reporting purposes).

scope string[]

List of space-delimited, case-sensitive strings representing the requested scope.

Optional if the fetchBasicProfile option is set to true and default scopes are the allowed scopes set up in the client’s configuration.

fetchBasicProfile boolean

Fetch user’s basic profile information when they sign in. Adds profile, email, phone and openid to the requested scopes. Defaults to true.

accessToken string

Enables social login linking to an existing account with a fresh token (less than 5 minutes old).

providerScope string

Only for login with social provider

List of space-delimited, case-sensitive strings representing the requested scope at the social provider. Defaults to the scope configured for the given provider in your ReachFive console.

requireRefreshToken boolean

If set to true, an OAuth 2.0 Refresh Token will be present in the token response. Defaults to false.

Settings this parameter to true is equivalent to adding the OpenID’s offline_access scope value to the requested scopes.

Only accessible if your Client’s authorization method is Post, and if the Refresh Token option is selected.

callback string

Event callback that was used with on.