search

damienbod / angular-auth-oidc-client

npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
https://www.npmjs.com/package/angular-auth-oidc-client
MIT License
1.12k stars 423 forks source link

[Bug]: Load config from HTTP implicit flow - not working #1695

Open Meteoeoeo opened 1 year ago

Meteoeoeo commented 1 year ago

Version

15.0.3

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

After checkAuth token is null, isAuthenticated is false

Steps to reproduce the behavior

No response

A clear and concise description of what you expected to happen.

No response

Additional context

After migration to v15 from v12 i have problem with getting configuration. Configuration inside checkauth is downloaded from service, but token is null and isAuthenticated is false. In the response from identity server token exists. 

import { HttpClient } from '@angular/common/http';
import { NgModule } from '@angular/core';
import { AuthModule, LogLevel, StsConfigHttpLoader, StsConfigLoader } from 'angular-auth-oidc-client';
import { map } from 'rxjs/operators';

export const httpLoaderFactory = (_httpClient: HttpClient) => {
  const config$ = _httpClient
    .get<any>('/_configuration/eFile')
    .pipe(
      map((customConfig: any) => {
        return {
          authority: 'https://localhost:5001',
          authWellknownEndpointUrl: 'https://localhost:5001/.well-known/openid-configuration',// customConfig.authWellknownEndpointUrl,
          redirectUrl: window.location.origin,
          postLogoutRedirectUri: window.location.origin,
          clientId: 'sYy5BdJE4g_ihsud_vC4TL92VN9sbgNiAkgsMb4e_Mg',
          scope: 'openid profile custom.user',
          responseType: 'id_token token',
          logLevel: LogLevel.Debug,
          silentRenew: customConfig.silentRenew,
          useRefreshToken: true,
          ignoreNonceAfterRefresh: true, // this is required if the id_token is not returned
          allowUnsafeReuseRefreshToken: true, // this is required if the refresh token is not rotated
          triggerRefreshWhenIdTokenExpired: false, // required to refresh the browser if id_token is not updated after the first authentication
          autoUserInfo: false, // if the user endpoint is not supported
          secureRoutes: [window.location.origin],
        };
      })
  );

  return new StsConfigHttpLoader(config$);
};

@NgModule({
  imports: [
    AuthModule.forRoot({
      loader: {
        provide: StsConfigLoader,
        useFactory: httpLoaderFactory,
        deps: [HttpClient],
      },
    }),
  ],
  exports: [AuthModule],
})
export class AuthConfigModule { }

When I change configuration to static it's work correctly. 

import { HttpClient } from '@angular/common/http';
import { NgModule } from '@angular/core';
import { AuthModule, LogLevel, StsConfigHttpLoader, StsConfigLoader } from 'angular-auth-oidc-client';
import { map } from 'rxjs/operators';

@NgModule({
  imports: [
    AuthModule.forRoot({
      config: {
         authority: 'https://localhost:5001',
          authWellknownEndpointUrl: 'https://localhost:5001/.well-known/openid-configuration',// customConfig.authWellknownEndpointUrl,
          redirectUrl: window.location.origin,
          postLogoutRedirectUri: window.location.origin,
          clientId: 'sYy5BdJE4g_ihsud_vC4TL92VN9sbgNiAkgsMb4e_Mg',
          scope: 'openid profile custom.user',
          responseType: 'id_token token',
          logLevel: LogLevel.Debug,
          silentRenew: customConfig.silentRenew,
          useRefreshToken: true,
          ignoreNonceAfterRefresh: true, // this is required if the id_token is not returned
          allowUnsafeReuseRefreshToken: true, // this is required if the refresh token is not rotated
          triggerRefreshWhenIdTokenExpired: false, // required to refresh the browser if id_token is not updated after the first authentication
          autoUserInfo: false, // if the user endpoint is not supported
          secureRoutes: [window.location.origin],
      },
    }),
  ],
  exports: [AuthModule],
})
export class AuthConfigModule { }
FabianGosebrink commented 1 year ago

Did you debug the custom config in your http example to hold the correct values?

jayachristina commented 1 year ago

@Meteoeoeo did you get around fixing this please?

Meteoeoeo commented 1 year ago

Hi, I changed a few things, I don't remember what exactly helped, because it was some time ago. It seems to me that the first point solved the above problem, but I will describe you what else I changed.

  1. I added window.location.href to the checkAuth method, the earlier version didn't need it and it wasn't described in the migration steps.

this._oidcSecurityService.checkAuth(window.location.href)

  1. I removed routing { path: '**', redirectTo: '/home' }
  2. I changed obsolete implementation of CanActivate to implementation CanActivateFn 
    export const AuthGuard: CanActivateFn = (
_route: ActivatedRouteSnapshot,
_state: RouterStateSnapshot) => {
const _authService = inject(AuthenticationService);
[...]
}
Meteoeoeo commented 1 year ago

Did you debug the custom config in your http example to hold the correct values?

while debugging, I had the correct values in the configuration, but the checkAuth method was not returning the token

jayachristina commented 1 year ago

Thank you @Meteoeoeo

damienbod commented 1 year ago

Could you solve this?

Greetings Damien

knoxx093 commented 5 months ago

Having this same issue using code flow. When we moved from using hard coded config to loading the config via http, login would no longer work (checkAuth showed isAuthenticated: false, after redirecting from SSO back to app) solution 1. added window.location.href to the checkAuth method fixed this for us but no idea why.