search

JamesRandall / AngularJS-OAuth2

Package for allowing an AngularJS application to authenticate with an OAuth 2 / Open ID Connect identity provider using the implicit flow.
MIT License
46 stars 42 forks source link

Auth token gets added to all requests #16

Closed pinnprophead closed 8 years ago

pinnprophead commented 8 years ago

After authorizing, when the application refreshes, the id_token is added to the urls of all requests, which makes them unable to be found.

404: http://localhost:1337/id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlJGNjZzcklvRmdWLWY4ZjhFS0pEWkRzMVVlWSIsImtpZCI6IlJGNjZzcklvRmdWLWY4ZjhFS0pEWkRzMVVlWSJ9.eyJub25jZSI6ImViNjcxZDM5NDAyODIzZTliY2JlZGNlNGJiODdiZTQ2IiwiaWF0IjoxNDQzNTM4NzA1LCJhdF9oYXNoIjoiSFZVYlA1VzNkN25aWlNTbEoxRmpmQSIsInN1YiI6ImQ3ZjVjMGUwLWIwZjYtNDY3NC1iZjU5LTIzNjJkYzIyOGMyZCIsImFtciI6WyJwYXNzd29yZCJdLCJhdXRoX3RpbWUiOjE0NDM1Mzg3MDUsImlkcCI6Imlkc3J2IiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzMDUvaWRlbnRpdHkiLCJhdWQiOiJhcHAiLCJleHAiOjE0NDM1MzkwMDUsIm5iZiI6MTQ0MzUzODcwNX0.P56pkrRjn7EajFZhB2v9VGQM6ODsiudOg0jQsjY-kOHH43oqX92KRi3Z1teNU1rG2T5cjtkrhFrfPIoEUeoqkr-e72MmoUA5vkUELnuEHEZW1qI53kVOnaW7G-40cSAHVPCH_GzBj_6haQ1Bjtko3yPp4GWVs1JGelgX2IcVhUWzdYeto4-v5G9JwQ8-O_Xhmllo_IrV94wpF7cpEZQiOJ2flh4SRI27Egf5Bgk26pJko3mX522Cc6m27DQwDrLZuk4gn3PM8YJlwTOsQkSgC5THdg4dJZzgNxkKKSIMZYPVtRth7wr4sfU92x8sp8F3UbqEglJ8lkm_3dXlAf91Mg&access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6IlJGNjZzcklvRmdWLWY4ZjhFS0pEWkRzMVVlWSIsImtpZCI6IlJGNjZzcklvRmdWLWY4ZjhFS0pEWkRzMVVlWSJ9.eyJjbGllbnRfaWQiOiJhcHAiLCJzY29wZSI6WyJvcGVuaWQiLCJwcm9maWxlIl0sInN1YiI6ImQ3ZjVjMGUwLWIwZjYtNDY3NC1iZjU5LTIzNjJkYzIyOGMyZCIsImFtciI6WyJwYXNzd29yZCJdLCJhdXRoX3RpbWUiOjE0NDM1Mzg3MDUsImlkcCI6Imlkc3J2IiwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3Q6NDQzMDUvaWRlbnRpdHkiLCJhdWQiOiJodHRwczovL2xvY2FsaG9zdDo0NDMwNS9pZGVudGl0eS9yZXNvdXJjZXMiLCJleHAiOjE0NDM1NDIzMDUsIm5iZiI6MTQ0MzUzODcwNX0.VE_BBF83CT9yerKN7t7T4F3ACtlf6Po88EJKJTeUjHXY19VF6JNwdotkvjLoTIncMmyupfS6DOBTQaFvxDkNicvWR4sMp4VFboSZepixN_OFl6fAlQMOxAoC6VM3aj2nN-vmqTpbWWFE8EQotqQZoNmrJUUhtgiEUk_ST6sNSqIinh3xGSHP6Hb8r5C_OfPi58OXGaq__Ath0RlZ7iyoSTsBamLBZSnMu6eYBu_2XLThPlqsgj1IDI-pOiRaTBlnSG54H2aDycitYlaxLayTqlV2QEkMlbWHws6IM_a01T7zcI5LfTFGcMvg1cq6W4hvrFA5rgSUYuPt2R5xVx6EAw&token_type=Bearer&expires_in=3600&scope=openid%20profile&state=87c08ad72d61acc2fb6d890ee20fd4dc&session_state=qrz1W5ivB5UgUhAbt4HLDpTkB-C1MUKW9bhW5FZWV2I.cf5d569a8edc82dcb9a74d8a6d8316d4app/views/home.html

How can I get the component to not put the id_token on the url?

(using NodeJS web server, angular, etc.)

JamesRandall commented 8 years ago

Looks like an issue with HTML5 mode in Angular. I'll take a look.

pinnprophead commented 8 years ago

This quit being a problem, and I think it was when I changed over to ui-router from angular-route.