Chrome DevTools extension for Ping Identity auth flow debugging by ryanbas21 · Pull Request #628 · ForgeRock/ping-javascript-sdk

ryanbas21 · 2026-05-08T20:57:54Z

Summary

A Chrome DevTools extension that captures, correlates, and diagnoses Ping Identity / ForgeRock authentication flows in real time. Replaces the manual workflow of copying tokens into jwt.io and cross-referencing network requests with a single panel that merges SDK events and network traffic into unified views.

Timeline — chronological table of all captured events (network + SDK) with a flow sidebar, colour-coded status, and an Inspector panel with contextual tabs (Headers, Body, SDK State, Collectors, Cookies, CORS, Diagnosis)
Flow — visual node rail showing the authentication flow as a sequence of SDK nodes with detail cards, playback controls, and a Flow Health diagnosis banner
Learn — canvas-based request lifecycle visualization mapping each request across Browser → Server → SDK → Form stages with animated connectors and error highlighting
Diagnosis engine — automated rule engine detecting CORS misconfigurations, expired JWTs, missing PKCE, connector errors, and more — with severity ratings and numbered remediation steps
Import/Export — flows can be exported as JSON or Markdown, imported from JSON, and saved as snapshots for offline analysis

Packages

Package	Description
`@forgerock/devtools-extension`	The Chrome extension (private, not published)
`@forgerock/devtools-bridge`	Opt-in SDK adapter — emits AuthEvents from subscribable clients
`@forgerock/devtools-types`	Shared AuthEvent Effect Schema definitions and TypeScript types

Architecture

TypeScript with Effect-TS on the data plane, Elm 0.19 on the view layer, Schema-validated at every boundary. Two-world content script architecture for security (MAIN world for page access, isolated world for chrome.runtime).

Screenshots

Flow View

Learn View

Timeline Tab

Test plan

Build extension with nx run devtools-extension:build
Load as unpacked extension in Chrome
Navigate to a Ping Identity / ForgeRock login page and trigger an auth flow
Verify Timeline captures network and SDK events with correct correlation
Verify Flow view renders node rail with status colours and detail cards
Verify Learn tab renders request lifecycle canvas with correct error highlighting
Verify diagnosis banner surfaces issues with remediation steps
Test import/export round-trip (export JSON → import → verify state)

changeset-bot · 2026-05-08T20:57:58Z

🦋 Changeset detected

Latest commit: 51353e7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 12 packages

Name	Type
@forgerock/journey-client	Minor
@forgerock/oidc-client	Minor
@forgerock/davinci-client	Minor
@forgerock/device-client	Minor
@forgerock/protect	Minor
@forgerock/sdk-types	Minor
@forgerock/sdk-utilities	Minor
@forgerock/iframe-manager	Minor
@forgerock/sdk-logger	Minor
@forgerock/sdk-oidc	Minor
@forgerock/sdk-request-middleware	Minor
@forgerock/storage	Minor

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

coderabbitai · 2026-05-08T20:58:01Z

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 95c4b8c9-7e84-4b75-8a5b-ee99ad7e1e9e

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Commit unit tests in branch chrome-extension

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

nx-cloud · 2026-05-08T20:58:50Z

View your CI Pipeline Execution ↗ for commit 51353e7

Command	Status	Duration	Result
`nx run-many -t build --no-agents`	✅ Succeeded	<1s	View ↗
`nx affected -t build lint test typecheck e2e-ci`	✅ Succeeded	1m 16s	View ↗

☁️ Nx Cloud last updated this comment at 2026-05-10 00:49:22 UTC

@@ -0,0 +1,119 @@
+import { describe, it, expect } from 'vitest';
+import { Effect } from 'effect';
+import { EventStoreService, EventStoreLive, makeEmptyFlowState } from './event-store.service.js';


nx-cloud

Nx Cloud has identified a flaky task in your failed CI:

🔂 Since the failure was identified as flaky, we triggered a CI rerun by adding an empty commit to this branch.

View detailed reasoning in Nx Cloud ↗

_{🎓 Learn more about Self-Healing CI on nx.dev}

codecov-commenter · 2026-05-09T18:02:43Z

Codecov Report

❌ Patch coverage is 0% with 11 lines in your changes missing coverage. Please review.
✅ Project coverage is 17.62%. Comparing base (5d6747a) to head (51353e7).
⚠️ Report is 94 commits behind head on main.

Files with missing lines	Patch %	Lines
packages/davinci-client/src/lib/client.store.ts	0.00%	11 Missing ⚠️

❌ Your patch status has failed because the patch coverage (0.00%) is below the target coverage (40.00%). You can increase the patch coverage or adjust the target coverage.
❌ Your project status has failed because the head coverage (17.62%) is below the target coverage (40.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@             Coverage Diff             @@
##             main     #628       +/-   ##
===========================================
- Coverage   70.90%   17.62%   -53.28%     
===========================================
  Files          53      154      +101     
  Lines        2021    24252    +22231     
  Branches      377     1159      +782     
===========================================
+ Hits         1433     4275     +2842     
- Misses        588    19977    +19389

Files with missing lines	Coverage Δ
packages/journey-client/src/lib/client.store.ts	`80.71% <ø> (+7.33%)`	⬆️
packages/oidc-client/src/lib/client.store.ts	`28.49% <ø> (ø)`
packages/davinci-client/src/lib/client.store.ts	`0.28% <0.00%> (ø)`

... and 102 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

pkg-pr-new · 2026-05-09T18:02:48Z

Open in StackBlitz

@forgerock/davinci-client

pnpm add https://pkg.pr.new/@forgerock/davinci-client@628

@forgerock/device-client

pnpm add https://pkg.pr.new/@forgerock/device-client@628

@forgerock/journey-client

pnpm add https://pkg.pr.new/@forgerock/journey-client@628

@forgerock/oidc-client

pnpm add https://pkg.pr.new/@forgerock/oidc-client@628

@forgerock/protect

pnpm add https://pkg.pr.new/@forgerock/protect@628

@forgerock/sdk-types

pnpm add https://pkg.pr.new/@forgerock/sdk-types@628

@forgerock/sdk-utilities

pnpm add https://pkg.pr.new/@forgerock/sdk-utilities@628

@forgerock/iframe-manager

pnpm add https://pkg.pr.new/@forgerock/iframe-manager@628

@forgerock/sdk-logger

pnpm add https://pkg.pr.new/@forgerock/sdk-logger@628

@forgerock/sdk-oidc

pnpm add https://pkg.pr.new/@forgerock/sdk-oidc@628

@forgerock/sdk-request-middleware

pnpm add https://pkg.pr.new/@forgerock/sdk-request-middleware@628

@forgerock/storage

pnpm add https://pkg.pr.new/@forgerock/storage@628

commit: 51353e7

Chrome extension for clients within the SDK ecosystem (javascript). Contains a bridge, extension, and types package. README.md documents feature set. chore: readme

- Narrow union type in message-handler tests before accessing event fields - Add `as const` to category literal in serialize-diagnosis test - Remove unknown property from oidc-bridge test config fixture - Add CardId, Vec2, CanvasState types and LearnMode to ViewMode in Elm - Add stub LearnMode case in View.elm for build compatibility

…ecycle view Add LearnView module with interactive canvas showing 4-card request lifecycle (Browser -> Server -> SDK -> Form) for each SDK node. Includes pan/zoom/drag canvas interactions, SVG icon cards with error visualization, and rail node selector. Wire into View toolbar as new Learn mode button alongside Timeline and Flow.

- Replace hardcoded (0,0) pan start with clientX/clientY JSON decoders - Add mousemove, mouseleave, and wheel event handlers to canvas SVG - Add card-level mousedown decoder for drag with clientX/clientY

Add expanded foreignObject panels to each canvas card showing contextual detail (request method/URL, response status/duration, SDK status transition, collector count). Add CSS classes for the Learn tab layout.

When no network events have a direct causedBy link to the selected SDK node, fall back to a time-window heuristic: find network events whose timestamp falls between this node and the next SDK node. This catches events for Journey/OIDC nodes and early flow steps where causedBy linkage may be missing.

- Pulse ring now targets the actual error source (SERVER for HTTP 4xx/5xx, BROWSER for CORS, SDK for SDK-only errors) - Arrow colors show error propagation direction (red only after error source) - SDK card distinguishes "received server error" vs "SDK error" - Richer expanded panels: color-coded status, error messages, URL in server detail - Browser card does not turn red on server errors (request was fine)

…ADME Replace TODO screenshot placeholders with actual screenshots of the Flow, Timeline, and Learn views. Add Learn section documenting the canvas-based request lifecycle visualization.

Decouple the extension from SDK-specific bridges into a network-first OIDC/OAuth2 debugger that works standalone with any OIDC provider. Network intelligence: - Well-known discovery (parses .well-known/openid-configuration) - OIDC semantic annotation (authorize, token, userinfo, etc.) - DPoP proof detection (RFC 9449) - PAR flow detection (RFC 9126) - OIDC flow tracker (cross-event correlation) - Shared JWT utils extracted from diagnosis engine Diagnosis engine: - 15 new rules across oidc-flow, dpop, and par categories - Flow-level PKCE check (warns once per flow, not per event) - Static asset filter prevents false positives on JS module loads - URL patterns anchored to avoid matching filenames Learn tab: - Flow-aware layout detection (DaVinci, Journey, OIDC Code/DPoP/PAR) - Journey-specific cards (Client -> AM Server -> Callbacks -> Result) - OIDC cards populated from phase-specific network events - Rail deduplicates network OIDC events by phase Panel fixes: - JWT decoding moved to pure Elm (base64url decoder + JSON parser) - Response bodies captured via entry.getContent() (was missing) - /access_token endpoint pattern added for PingAM - Inspector OIDC tab shows phase, PKCE, DPoP, tokens, errors - Timeline shows OIDC phase badges on network rows - Toolbar shows connection status (SDK connected / OIDC detected) Infra: - Fix typedoc failing on devtools-extension (no public API entry points) - OidcSemanticsSchema added to devtools-types - ExtendedFlowState with oidcConfig and lastOidcEventId

+  document.body.removeChild(ta);
+}
+
+const appRoot = document.getElementById('app');


github-actions · 2026-05-09T23:48:41Z

Deployed 9bb475f to https://ForgeRock.github.io/ping-javascript-sdk/pr-628/9bb475fc0127df1806cac3724e0fdf575c1caca2 branch gh-pages in ForgeRock/ping-javascript-sdk

github-actions · 2026-05-09T23:48:51Z

📦 Bundle Size Analysis

🚨 Significant Changes

🔻 @forgerock/device-client - 0.0 KB (-10.0 KB, -100.0%)
🔻 @forgerock/journey-client - 0.0 KB (-91.9 KB, -100.0%)

🆕 New Packages

🆕 @forgerock/devtools-extension - 270.6 KB (new)
🆕 @forgerock/devtools-bridge - 7.8 KB (new)
🆕 @forgerock/devtools-types - 7.9 KB (new)

📊 Minor Changes

📈 @forgerock/davinci-client - 49.1 KB (+0.3 KB)
📈 @forgerock/oidc-client - 25.5 KB (+0.3 KB)
📈 @forgerock/journey-client - 92.0 KB (+0.1 KB)

➖ No Changes

➖ @forgerock/device-client - 10.0 KB
➖ @forgerock/sdk-utilities - 11.2 KB
➖ @forgerock/sdk-types - 7.9 KB
➖ @forgerock/protect - 144.6 KB
➖ @forgerock/storage - 1.5 KB
➖ @forgerock/sdk-oidc - 4.8 KB
➖ @forgerock/sdk-request-middleware - 4.5 KB
➖ @forgerock/sdk-logger - 1.6 KB
➖ @forgerock/iframe-manager - 2.4 KB

17 packages analyzed • Baseline from latest main build

Legend

🆕 New package
🔺 Size increased
🔻 Size decreased
➖ No change

ℹ️ How bundle sizes are calculated

Current Size: Total gzipped size of all files in the package's dist directory
Baseline: Comparison against the latest build from the main branch
Files included: All build outputs except source maps and TypeScript build cache
Exclusions: .map, .tsbuildinfo, and .d.ts.map files

_{🔄 Updated automatically on each push to this PR}

Add --minify flag to all esbuild commands, reducing total dist size from 2.1 MB to 1.2 MB (~43%).

github-code-quality Bot found potential problems May 8, 2026

View reviewed changes

Comment thread packages/devtools-extension/src/background/event-store.service.test.ts

@@ -0,0 +1,119 @@

import { describe, it, expect } from 'vitest';

import { Effect } from 'effect';

import { EventStoreService, EventStoreLive, makeEmptyFlowState } from './event-store.service.js';