look another option for loading the min version inside the iframe.

[jmurphzyo]

Take a look at using serviceWorker / MessageChannel to abstract user data and notify the oidc client running inside the angular app to load the user. This would allow for a very small iframe foot print and its only requirement would be parsing urls and decoding jwts. The url history would still remain clean.

[crh225]

can you start a gitter page? I have some things to ask you about. The only way I got it working on my app was when it redirected, in the ngoninit I had to call the signinredirectcallback function to get it to work.

[crh225]

Could you also add a small enhancement? There is a logger, and in javascript you can set Oidc.Log.logger = console; I haven't figured out how to do it in your project yet.

[jmurphzyo]

Sure thing. I will look at it tomorrow mid day.

[jmurphzyo]

@crh225 I am probably not 100% familiar with what Oidc.Log.logger does. Are you trying to use that in the AuthService or the redirect?

[crh225]

I figured how to use the logger, but it has lead me to my bug when trying to implement the session refresh using the iframe. To get the logger to work, just put Log.logger = <any>console; in the auth.service constructor. It is not a bug in your code, but a bug trying to implement the silent_redirect_uri: and the automaticSilentRenew: (pic of chrome console debugger with the logger)

[crh225]

@jmurphzyo, have you been able to get the silent renew to work? It is more of an enhancement than an issue.

[jmurphzyo]

I have it working but I am still having an issue with the timer resetting. I haven't had time to look into why the timer isn't resetting. I should be able to tomorrow.

[crh225]

@jmurphzyo do you plan on using a route for the silent renew or just a plain html file? I got it working with html file, but not using angular route.

[jmurphzyo]

You will want to use an html file. If you're not familiar with what the library does. I will explain from what I understand briefly. when a request occurs that needs the defined html file the library creates an iframe and redirects the request from the identity provider to that iframe to handle the response. Once the response is handled the iframe sends a msg to the primary window/document and stores the data. This will prevent someone from being able to snoop the response data by pressing the back button in the current browsing window/document. I am not an expert on security but I am guessing its a best practice but I might be completely wrong in my assumption. My explanation might have been clear as mud but that's my best attempt from what I understand.

What I am trying to do is find a way to reduce the size of the html files. i.e only import the needed parts of the library inside the iframes needed to handle the response. I will probably need webpack to create a separate entry with the compiled modules that are needed but the angular-cli tool is limiting how you can customize the webpack config right now, so I won't be able to test different implementations until they open that portion up with this project.

[crh225]

My boss suggested the same thing as far as getting webpack creating a second entry point and only implement the functions needed. I just wanted to see if I could use routes to do this.

Are you deadset on using angular-cli tool?

[jmurphzyo]

I don't know their scaffolding isn't as convenient as it was during angular RC1 - RC4ish because the structure of angular 2 apps has changed so much. If HMR(hot module reload) isn't supported and the scaffolding doesn't improve next release. I will finish a cli tool I made myself in .net core and use it.

[crh225]

Me and a few other people are working on a .NET core angular 2 SPA Seed app, that implements:

It has pretty much everything, and you can script components using http://yeoman.io/ Our github is https://github.com/asadsahi/AspNetCoreSpa

[crh225]

@jmurphzyo, I understand how to make multiple entry points for webpack, but I am not sure how to bundle just the code needed for the iframe.

[Axel3232]

Hi, I am having trouble implementing the silent renew, exactly as crh225. Could you share your solution (as far as I know I didnt find anything in the sources)

Thx

[jmurphzyo]

@Axel3232 first thing I would do is make sure you have your client setup to handle silent renews on your identity server. When I first started messing around with OIDC I couldn't get silent renew to work because I didn't have my identity server setup properly.