search

angularjs-oauth / oauth-ng

AngularJS directive for the OAuth 2.0 Implicit Flow
http://angularjs-oauth.github.io/oauth-ng/
MIT License
363 stars 156 forks source link

Support for loading keys from .well-known/openid-configuration #114

Closed jimmytheneutrino closed 8 years ago

jimmytheneutrino commented 8 years ago

Currently in oauth-ng the public keys for verifying idTokens should either be provided with tokens or separately configured.

Openid Connect also describes a possibility to load them dynamically using AP's published configuration (located at /.well-known/openid-configuration): https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig

This PR implements the support for this, which could be controlled via well-known configuration parameter. Its values correspond to: 1) falsy -> don't load keys in this way, 2) sync -> load keys synchronously before initializing oauth-ng services, 3) truthy -> load keys asynchonously.

HJoost commented 8 years ago

Hi,

i try to test your code. But the problem is, that I can not figure out where you set scope.issuer, scope.pubkey and scope.wellKnown

Do you any hint for me, please?

Thanks! Helmut

HJoost commented 8 years ago

Hi,

now I manged to get the login process working again. I will give feedback again during the next week.

jimmytheneutrino commented 8 years ago

So, what do you think?

jimmytheneutrino commented 8 years ago

Hi!

I updated the PR and added a test for loading keys via .well-known configuration.

Note that the current recommended approach for using oauth-ng with html5off mode will not work. Instead, something like the following snippet works:

    $urlRouterProvider.when("/access_token=:accessToken",
    /** @ngInject */
    function ($location) {
      var str = $location.path().substr(1);
      $location.path('/');
      $location.hash(str);
      $location.replace();
});
faraway commented 8 years ago

Hi @jimmytheneutrino, I originally added the OIDC support. This sounds like a great feature to add-on. I will take a look both the spec and the code tonight. Excited to see this PR : )

thxmike commented 8 years ago

When should we expect this commit to be in the main branch. We are in need of it https://github.com/angularjs-oauth/oauth-ng/issues/129

Sundeepns commented 8 years ago

We can use this too.

m00s commented 8 years ago

Merged in v0.4.10

jimmytheneutrino commented 8 years ago

Hi. Somebody also has to update the documentation for HTML5off mode.