search

capacitor-community / generic-oauth2

Generic Capacitor OAuth 2 client plugin. Stop the war in Ukraine!
MIT License
223 stars 106 forks source link

How to get Refresh Token with windowTarget: "_self". #222

Closed atmike closed 1 year ago

atmike commented 1 year ago

Description

I want to use this Library with windowTarget: "_self". At the Moment I can login and logout with Azure B2C and Azure AD. I'm doing this by using responseType: "token" to get the Token via URL.

My Problem is, that I'm not able to get a refresh token from the AD's. The redirect URL only contains the access_token but no refresh_token. I already tried to us the responseType: Code and than try to use the Code to get the access and refresh token. But here I do not have the code_verifier that is generated with in the Library to verify the code => let pkceCodeVerifier = generateRandom(withLength: 64)

Can any one tell how I can manage this?

Capacitor version:

In my test app I'm running without Capacitor

Library version:

4.0.0

OAuth Provider:

Azure B2C & Azure AD

Your Plugin Configuration

{
 getAzureInternalOAuth2Options(): OAuth2AuthenticateOptions {
    var tenantId = "6273e691-1111-2222-3333-e5267d5da3a6"; 
    var appId = "283a2967-1111-2222-3333-b249c0d72231";
    var redirectUrlWeb = "http://localhost:4200"; 
    return {
      appId: appId,
      authorizationBaseUrl: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize`,
      scope: "https://graph.microsoft.com/User.Read", 
      accessTokenEndpoint: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`,
      resourceUrl: "https://graph.microsoft.com/v1.0/me/",
      responseType: "token",
      pkceEnabled: true,
      logsEnabled: true,
      web: {
        redirectUrl: redirectUrlWeb,
        windowTarget: "_self",
        windowOptions: "height=600,left=0,top=0",
      },
      android: {
        redirectUrl: "msauth://{package-name}/{url-encoded-signature-hash}"
      },
      ios: {
        pkceEnabled: true, 
        redirectUrl: "msauth.{package-name}://auth"
      }
    };
  }

  getAzureB2COAuth2Options(): OAuth2AuthenticateOptions {
    var tenantId = "NameOfTheTenant"; 
    var appId = "066ed81b-0000-1111-2222-e5a54bc76fac";
    var redirectUrlWeb = "http://localhost:4200"; 
    var policyName: string = "B2C_1_susi";
    return {
      appId: appId,
      responseType: "token",
      authorizationBaseUrl: `https://${tenantId}.b2clogin.com/${tenantId}.onmicrosoft.com/${policyName}/oauth2/v2.0/authorize`,
      accessTokenEndpoint: '',
      scope: `https://${tenantId}.onmicrosoft.com/tasks-armawin`, 
      resourceUrl: "https://graph.microsoft.com/v1.0/me/",
      pkceEnabled: true,
      logsEnabled: true,
      web: {
        redirectUrl: redirectUrlWeb,
        windowTarget: "_self",
        windowOptions: "height=600,left=0,top=0"
      },
      android: {
        redirectUrl: "msauth://{package-name}/{url-encoded-signature-hash}" 
      },
      ios: {
        pkceEnabled: true, // workaround for bug #111
        redirectUrl: "msauth.{package-name}://auth"
      }
    };
  }
}

Affected Platform(s):

add the moment I'm testing only in Web

atmike commented 1 year ago

OK I found out that the it is not possible to get a refresh token in the implicit flow image But what a about the code flow? How to get Refresh token without the pkceCodeVerifier?

atmike commented 1 year ago

@moberwasserlechner Can tell me if there is a way to get to pkceCodeVerifier value? without this value I can do anything to refresh the token in a silent way. Please give me a short answer.

atmike commented 1 year ago

I have given up to use the plugin in the same window :(