Frontend: Document login.next and login.logout in common README #5506

This commit is contained in:
Michael Mayer 2026-05-19 11:47:08 +00:00
parent 1b95b8e043
commit 1647cbfe88

View file

@ -1,6 +1,6 @@
## View Helper Guidelines
**Last Updated:** March 8, 2026
**Last Updated:** May 19, 2026
### Focus Management
@ -17,6 +17,7 @@ When integrating third-party clients such as native mobile apps that embed the P
- Storage keys are namespaced per app site via `storageNamespace` and use the format `pp:<storageNamespace>:<key>`. When no namespace is available, the fallback prefix is `pp:root:`.
- Session restore requires both `session.token` and `session.id`. A token-only write does not create an authenticated session state during startup.
- Optional session metadata keys are `session.provider`, `session.user`, `session.scope`, `session.data`, and `session.error`.
- The login-flow keys `login.next` and `login.logout` live in namespaced `localStorage` outside the `session.*` prefix so they survive the OIDC callback's clear list. `login.next` is the deep-link target captured by the global router guard via `$session.setLoginRedirectUrl(to.href)`; the `/login` route reads it through `$session.hasLoginRedirectUrl()` (deep-link arrival signal) and consumes it with `$session.followLoginRedirectUrl()` after authentication. `login.logout` is a one-shot raised by every logout path so the very next deep-link arrival skips the auto-OIDC bounce, letting users sign in locally instead.
- The storage preference flag is always stored in namespaced `localStorage` under `session`. A value of `"true"` tells the app to use namespaced `sessionStorage` for the active session; any other value falls back to namespaced `localStorage`.
- `Session` must resolve `storageNamespace` from the actual client config shape used at runtime. In production, that value may be present on `config.values.storageNamespace` even when a direct `config.storageNamespace` property is absent.
- The OIDC callback template clears legacy global auth/session payload keys and namespaced session data keys from `localStorage` and `sessionStorage`, but preserves the `session` storage-preference flag so OIDC flows using ephemeral `sessionStorage` remain logged in after redirect.