fix(journey-client): add query param handling back to resume function

[vatsalparikh]

JIRA Ticket

https://pingidentity.atlassian.net/browse/SDKS-4796

Description

resume function in journey client is now handling query params again. We were already handling this in forgerock legacy sdk and after discussion on slack, decided to add back these query params to resume function.

Did you add a changeset?
Yes

Summary by CodeRabbit

• New Features

  • Enhanced resume() method now automatically parses and forwards additional redirect parameters (error details, security tokens, and session identifiers) for improved OAuth/SSO integration. Added support for fallback journey selection via URL parameters.

• Documentation

  • Updated parameter parsing documentation to reflect expanded parameter support and handling behavior.

[changeset-bot]

🦋 Changeset detected

Latest commit: 9f4d2ba

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 12 packages

Name	Type
@forgerock/journey-client	Patch
@forgerock/davinci-client	Patch
@forgerock/device-client	Patch
@forgerock/oidc-client	Patch
@forgerock/protect	Patch
@forgerock/sdk-types	Patch
@forgerock/sdk-utilities	Patch
@forgerock/iframe-manager	Patch
@forgerock/sdk-logger	Patch
@forgerock/sdk-oidc	Patch
@forgerock/sdk-request-middleware	Patch
@forgerock/storage	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[coderabbitai]

Warning

Rate limit exceeded

@vatsalparikh has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 52 minutes and 39 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 52 minutes and 39 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: a65bccf8-3eca-43e4-88f9-4ccaa91d0d6d

📥 Commits

Reviewing files that changed from the base of the PR and between 49a3524 and 9f4d2ba.

📒 Files selected for processing (4)

• .changeset/good-numbers-act.md
• interface_mapping.md
• packages/journey-client/src/lib/client.store.test.ts
• packages/journey-client/src/lib/client.store.ts

📝 Walkthrough

Walkthrough

This pull request introduces a major version release for @forgerock/journey-client, restoring legacy resume() redirect query-parameter handling while extending it to parse additional OAuth/AM parameters including error details, nonce, RelayState, scope, suspendedId, and authIndexValue. The parsed parameters are forwarded through options.query, with precedence rules ensuring explicit options override URL-extracted values.

Changes

Cohort / File(s)	Summary
Release metadata .changeset/good-numbers-act.md	Changeset entry marking major version update documenting the restored and extended resume() parameter handling, including legacy redirect query parameters and fallback journey selection via authIndexValue.
Documentation interface_mapping.md	Updated interface documentation to reflect that resume() now parses and forwards additional redirect URL parameters (error, errorCode, errorMessage, nonce, RelayState, scope, suspendedId, authIndexValue) through options.query instead of requiring manual extraction.
Implementation & tests packages/journey-client/src/lib/client.store.ts, packages/journey-client/src/lib/client.store.test.ts	Extended resume() method to extract additional OAuth/AM parameters from redirect URLs, merge them with options.query (where explicit options take precedence), and conditionally set the journey property using options.journey with fallback to URL's authIndexValue. Two test cases validate parameter forwarding and precedence behavior.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• ryanbas21
• cerebrl
• ancheetah

Poem

🐰 Hop, hop! The rabbit binds parameters tight,
Legacy routes now dancing in the light!
Error and nonce in the URL's song,
Journey resumption, where it belongs! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: restoring query parameter handling to the resume function.
Description check	✅ Passed	The description includes the required JIRA ticket, explains the changes, and confirms a changeset was added, following the template structure.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch sdks-4796-resume-query-params

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[nx-cloud]

View your CI Pipeline Execution ↗ for commit 9f4d2ba

Command	Status	Duration	Result
nx run-many -t build --no-agents	✅ Succeeded	<1s	View ↗
nx affected -t build lint test typecheck e2e-ci	✅ Succeeded	7m 35s	View ↗

---

☁️ Nx Cloud last updated this comment at 2026-04-25 00:07:40 UTC

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packages/journey-client/src/lib/client.store.test.ts (1)

252-296: Good coverage — consider also asserting the authIndexValue → journey fallback.

The two new tests cover legacy parameter forwarding and the URL-vs-options.query precedence rules well. However, the changeset specifically calls out that authIndexValue is now used as a fallback journey value, and there's no test exercising that path (i.e., a resume(url) where url contains authIndexValue and options.journey is omitted, asserting that the start/next request uses authIndexValue as the journey, and that options.journey overrides it when both are supplied).

Adding a test or two here would lock down the journey fallback behavior introduced at lines 272–274 of client.store.ts and prevent silent regressions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/journey-client/src/lib/client.store.test.ts` around lines 252 - 296,
Add tests to cover the authIndexValue → journey fallback: create a resume call
where the resumeUrl contains authIndexValue (e.g.,
...?authIndexValue=theJourney) and options.journey is omitted, then inspect the
outgoing request (mockFetch.mock.calls[1][0]) and assert
url.searchParams.get('journey') === 'theJourney'; also add a complementary case
where both authIndexValue in the URL and options.journey are provided and assert
that url.searchParams.get('journey') equals the options.journey value (verifying
client.resume's fallback/override behavior around authIndexValue and the journey
parameter).

packages/journey-client/src/lib/client.store.ts (1)

255-275: Precedence order is correct, but consider documenting it on the resume() JSDoc.

The construction order — URL-extracted params first, then ...options.query last — correctly makes caller-supplied options.query win over redirect-URL values, and tests at lines 280–296 of client.store.test.ts lock that in. Same for options.journey ?? authIndexValue.

Two small notes (non-blocking):

1. URL params with empty-string values are silently dropped due to the value && { value } truthy guard, while values from options.query are not filtered. This asymmetry is fine for OAuth-spec-compliant flows, but worth being aware of if a server ever sends ?error= (empty).
2. resume() lacks a JSDoc block describing parameter parsing and the options > URL > authIndexValue precedence rules — given this is a behavioral restore that's now part of the public contract (per the changeset/major bump), an inline doc comment would prevent future regressions.

📝 Optional doc-comment suggestion

+    /**
+     * Resumes a journey after an external redirect.
+     *
+     * Parses the following query parameters from `url` and forwards them via `resumeOptions.query`:
+     * `code`, `state`, `form_post_entry`, `responsekey`, `error`, `errorCode`, `errorMessage`,
+     * `nonce`, `RelayState`, `scope`, `suspendedId`. The `authIndexValue` parameter is used as a
+     * fallback for `journey` when `options.journey` is not provided.
+     *
+     * Precedence: values supplied in `options.query` / `options.journey` override values parsed
+     * from the URL.
+     */
     resume: async (url: string, options?: ResumeOptions): Promise<JourneyResult> => {

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@packages/journey-client/src/lib/client.store.ts` around lines 255 - 275, Add
a JSDoc block to the resume() function describing how parameters are parsed and
the precedence rules: list that URL-extracted params (e.g., code, error,
errorCode, errorMessage, form_post_entry, nonce, RelayState, responsekey, scope,
state, suspendedId) are merged into resumeOptions first, then options.query is
spread last so caller-supplied options.query wins, and journey is set via
options.journey ?? authIndexValue; also note the asymmetry that URL params with
empty-string values are currently dropped by the truthy guards (e.g., ...(code
&& { code })) while options.query values are not filtered, and document this
behavior and its implications for OAuth flows to prevent future regressions.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@interface_mapping.md`:
- Line 329: The migration note is stale: it incorrectly tells users to manually
extract suspendedId, RelayState, and authIndexValue into options.query even
though the table above and the resume() implementation now auto-parse and
forward those parameters; update interface_mapping.md to either remove the note
or rewrite it to state that suspendedId, RelayState, and authIndexValue are now
auto-parsed and will be forwarded by resume(), and warn only if consumers
intentionally want to override those SDK-extracted values by supplying
options.query.

---

Nitpick comments:
In `@packages/journey-client/src/lib/client.store.test.ts`:
- Around line 252-296: Add tests to cover the authIndexValue → journey fallback:
create a resume call where the resumeUrl contains authIndexValue (e.g.,
...?authIndexValue=theJourney) and options.journey is omitted, then inspect the
outgoing request (mockFetch.mock.calls[1][0]) and assert
url.searchParams.get('journey') === 'theJourney'; also add a complementary case
where both authIndexValue in the URL and options.journey are provided and assert
that url.searchParams.get('journey') equals the options.journey value (verifying
client.resume's fallback/override behavior around authIndexValue and the journey
parameter).

In `@packages/journey-client/src/lib/client.store.ts`:
- Around line 255-275: Add a JSDoc block to the resume() function describing how
parameters are parsed and the precedence rules: list that URL-extracted params
(e.g., code, error, errorCode, errorMessage, form_post_entry, nonce, RelayState,
responsekey, scope, state, suspendedId) are merged into resumeOptions first,
then options.query is spread last so caller-supplied options.query wins, and
journey is set via options.journey ?? authIndexValue; also note the asymmetry
that URL params with empty-string values are currently dropped by the truthy
guards (e.g., ...(code && { code })) while options.query values are not
filtered, and document this behavior and its implications for OAuth flows to
prevent future regressions.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5c8ad935-7f40-4494-89d3-26828f676f75

📥 Commits

Reviewing files that changed from the base of the PR and between 8e77da3 and 49a3524.

📒 Files selected for processing (4)

• .changeset/good-numbers-act.md
• interface_mapping.md
• packages/journey-client/src/lib/client.store.test.ts
• packages/journey-client/src/lib/client.store.ts

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Stale migration note contradicts the restored auto-parsing behavior.

The note tells consumers they must manually extract suspendedId, RelayState, and authIndexValue and pass them via options.query, but the table directly above (and the resume() implementation in this PR) now auto-parses and forwards exactly those parameters. Either drop this note or invert its meaning so readers aren't told to do redundant work that may even override the SDK-extracted values.

📝 Suggested fix

-> **Migration note:** If your app relies on `suspendedId`, `RelayState`, or `authIndexValue` URL parameters being auto-parsed, you must extract them manually from the URL and pass them via `options.query` in the new SDK.
+> **Migration note:** `suspendedId`, `RelayState`, and `authIndexValue` (used as a journey fallback) are auto-parsed and forwarded — no manual extraction is required. If you need to override any of these, pass them explicitly via `options.query` (or `options.journey`), which take precedence over values parsed from the URL.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	> **Migration note:** If your app relies on `suspendedId`, `RelayState`, or `authIndexValue` URL parameters being auto-parsed, you must extract them manually from the URL and pass them via `options.query` in the new SDK.
	> **Migration note:** `suspendedId`, `RelayState`, and `authIndexValue` (used as a journey fallback) are auto-parsed and forwarded — no manual extraction is required. If you need to override any of these, pass them explicitly via `options.query` (or `options.journey`), which take precedence over values parsed from the URL.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@interface_mapping.md` at line 329, The migration note is stale: it
incorrectly tells users to manually extract suspendedId, RelayState, and
authIndexValue into options.query even though the table above and the resume()
implementation now auto-parse and forward those parameters; update
interface_mapping.md to either remove the note or rewrite it to state that
suspendedId, RelayState, and authIndexValue are now auto-parsed and will be
forwarded by resume(), and warn only if consumers intentionally want to override
those SDK-extracted values by supplying options.query.

[pkg-pr-new]

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/davinci-client@583

@forgerock/device-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/device-client@583

@forgerock/journey-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/journey-client@583

@forgerock/oidc-client

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/oidc-client@583

@forgerock/protect

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/protect@583

@forgerock/sdk-types

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-types@583

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-utilities@583

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/iframe-manager@583

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-logger@583

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-oidc@583

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/sdk-request-middleware@583

@forgerock/storage

pnpm add https://pkg.pr.new/ForgeRock/ping-javascript-sdk/@forgerock/storage@583

commit: 9f4d2ba

[codecov-commenter]

Codecov Report

❌ Patch coverage is 90.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 15.72%. Comparing base (5d6747a) to head (9f4d2ba).
⚠️ Report is 37 commits behind head on main.

Files with missing lines	Patch %	Lines
packages/journey-client/src/lib/client.store.ts	90.00%	2 Missing ⚠️

❌ Your project status has failed because the head coverage (15.72%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #583       +/-   ##
===========================================
- Coverage   70.90%   15.72%   -55.18%     
===========================================
  Files          53      154      +101     
  Lines        2021    26682    +24661     
  Branches      377     1136      +759     
===========================================
+ Hits         1433     4196     +2763     
- Misses        588    22486    +21898     

Files with missing lines	Coverage Δ
packages/journey-client/src/lib/client.store.ts	80.51% <90.00%> (+7.13%)	⬆️

... and 100 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

Deployed 98a1cf5 to https://ForgeRock.github.io/ping-javascript-sdk/pr-583/98a1cf5b60e2028fb109bdc7048a87763cf0e099 branch gh-pages in ForgeRock/ping-javascript-sdk

[github-actions]

📦 Bundle Size Analysis

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/device-client - 0.0 KB (-9.9 KB, -100.0%)
🔻 @forgerock/journey-client - 0.0 KB (-89.9 KB, -100.0%)

📊 Minor Changes

📉 @forgerock/device-client - 9.9 KB (-0.0 KB)
📈 @forgerock/journey-client - 90.1 KB (+0.2 KB)

➖ No Changes

➖ @forgerock/davinci-client - 48.0 KB
➖ @forgerock/oidc-client - 25.2 KB
➖ @forgerock/sdk-utilities - 11.2 KB
➖ @forgerock/sdk-types - 7.9 KB
➖ @forgerock/protect - 150.1 KB
➖ @forgerock/storage - 1.5 KB
➖ @forgerock/sdk-oidc - 4.8 KB
➖ @forgerock/sdk-request-middleware - 4.5 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/iframe-manager - 2.4 KB

---

14 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

• Current Size: Total gzipped size of all files in the package's dist directory
• Baseline: Comparison against the latest build from the main branch
• Files included: All build outputs except source maps and TypeScript build cache
• Exclusions: .map, .tsbuildinfo, and .d.ts.map files

---

_{🔄 Updated automatically on each push to this PR}