search

JamesRandall / AngularJS-OAuth2

Package for allowing an AngularJS application to authenticate with an OAuth 2 / Open ID Connect identity provider using the implicit flow.
MIT License
46 stars 42 forks source link

Added Nonce and Nonce length parameters. #5

Open rndthoughts opened 9 years ago

rndthoughts commented 9 years ago

Thinktecture IdentityServer requires a Nonce value when asking for implementing OpenID scopes using the implicit flow. I have added a nonce parameter and random value generator to enable this situation.

pinnprophead commented 9 years ago

Thank you!

On Jun 5, 2015, at 5:16 AM, rndthoughts notifications@github.com wrote:

Thinktecture IdentityServer requires a Nonce value when asking for implementing OpenID scopes using the implicit flow. I have added a nonce parameter and random value generator to enable this situation.

You can view, comment on, or merge this pull request online at:

https://github.com/JamesRandall/AngularJS-OAuth2/pull/5 https://github.com/JamesRandall/AngularJS-OAuth2/pull/5 Commit Summary

Added Nonce and Nonce length parameters. File Changes

M dist/angularJsOAuth2.js https://github.com/JamesRandall/AngularJS-OAuth2/pull/5/files#diff-0 (26) Patch Links:

https://github.com/JamesRandall/AngularJS-OAuth2/pull/5.patch https://github.com/JamesRandall/AngularJS-OAuth2/pull/5.patch https://github.com/JamesRandall/AngularJS-OAuth2/pull/5.diff https://github.com/JamesRandall/AngularJS-OAuth2/pull/5.diff — Reply to this email directly or view it on GitHub https://github.com/JamesRandall/AngularJS-OAuth2/pull/5.

rndthoughts commented 9 years ago

Ah nuts, i just spotted the outstanding issue and that you'd already fixed it!

pinnprophead commented 9 years ago

James,

(this is pinnprophead) also known as Peter Steele!

Can you offer quick advice? I have the component / directive integrated into my app, and successfully calling the IdentityServer3 and getting back identity and authorization tokens. I can see them on the URL of the callback. But not sure how to for example change the button from Sign-In to Sign-Out?

I tried putting $watch on $rootscope for various events I saw in the component code, such as ‘oauth:authorizationError’ and ‘auth:internalservererror’

but it seems like those things are getting fired a lot, like before I even try to sign in. Or maybe they are getting fired when the value changes from undefined to false?

rndthoughts commented 9 years ago

Hey Peter, I had a similar problem until i spotted that the code wasn't ignoring the hash/pound(#) symbol when parsing the fragment returned. I modified line 36 and updated the regex to this:

var regex = /([^#&=]+)=([^&]*)/g;

And now the button changes correctly.

JamesRandall commented 9 years ago

Hi all,

I got the nonce (and state) stuff in today. I'll take a look at this in the next day or two. I've not seen it myself so want to do a bit of testing. Are you using html5 strict mode by any chance?