search

IdentityModel / oidc-client-js

OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Apache License 2.0
2.43k stars 842 forks source link

Unable to pass extraTokenParams to signinSilentCallback while silent renew in Angular app #1354

Closed Chandrama1 closed 3 years ago

Chandrama1 commented 3 years ago

I am using oidc-client library to provide authentication to an Angular 10 app. I am passing some extra params as shown below to the signinRedirect function. That is working as expected, but, when I am trying to do the same thing in the silent renew HTML file, the token endpoint doesn't get called. The identity provider is based on IdentityServer4.

auth.service.ts

private manager = new UserManager(getClientSettings());

function getClientSettings(): UserManagerSettings {
    return {
        authority: environment.authority,
        client_id: environment.client_id,
        redirect_uri: `${window.location.origin}/callback`,
        response_type: environment.response_type,
        scope: environment.scope,
        extraQueryParams: {
            appId: <ID>,
            domain: <DOMAIN>
        },
        filterProtocolClaims: true,
        loadUserInfo: true,
        userStore: new WebStorageStateStore({ store: window.localStorage }),
        automaticSilentRenew: true,
        silent_redirect_uri: `${window.location.origin}/assets/silent-callback.html`
    };

this.manager.signinRedirect({
    extraTokenParams: {
       appId: <ID>,
       domain: <DOMAIN>
    }
});

silent-callback.html

<script>
        const stsSettings = {
            authority: <AUTHORITY>,
            client_id: <CLIENT_ID>,
            response_type: 'code',
            scope: 'openid profile TestScope',
            filterProtocolClaims: true,
            loadUserInfo: true,
            extraQueryParams: {
                appId: <ID>,
                domain: <DOMAIN>
            }
        };
        new Oidc.UserManager(stsSettings).signinSilentCallback({
            extraTokenParams: {
                 appId: <ID>,
                domain: <DOMAIN>
            }
        });
</script>
brockallen commented 3 years ago

Depending on the workflow it might not be the instance of the UserManager in the iframe that's processing the code and thus calling the token endpoint.

Chandrama1 commented 3 years ago

Depending on the workflow it might not be the instance of the UserManager in the iframe that's processing the code and thus calling the token endpoint.

I am not sure what you meant to say. Do you mean that there may be multiple instances of the User Manager created and that is causing the problem? The silent-callback.html is outside the Angular project and is loading a local copy of oidc-client.min.js. Please let me know if this is this the correct way of doing it. PFA the file for your reference. silent-callback.txt

The requirement is to pass the below object to signinSilentCallback() just like I am passing it to signinRedirect(). May I know if this is even possible? extraTokenParams: { appId: <ID>, domain: <DOMAIN> }

brockallen commented 3 years ago

signinSilentCallback does not contact the token endpoint. It passes the result back to the parent window where the parent windows completes the protocol exchange. So this means any data you pass into signinSilentCallback is moot. Instead pass the params into signinSilent. Does that not work for you?

Chandrama1 commented 3 years ago

Tried with signinSilent. It worked. Thanks

Chandrama1 commented 3 years ago

this.manager.events.addAccessTokenExpiring(() => { console.log('token expiring'); this.manager.signinSilent({ extraTokenParams: { appId: 123, domain: 'abc.com' } }).then(user => { }).catch(e => { }); }); This worked for me hence closing it.