search

manfredsteyer / angular-oauth2-oidc

Support for OAuth 2 and OpenId Connect (OIDC) in Angular.
MIT License
1.9k stars 686 forks source link

Feature Request: need generic setupAutomaticTokenRefresh for Password Flow and Implicit flow #254

Closed xmlking closed 6 years ago

xmlking commented 6 years ago

similar to setupAutomaticSilentRefresh for Implicit flow, we need setupAutomaticTokenRefresh for Password Flow. it would be better if we can provide generic AutomaticTokenRefresh setup method for both.

It will help subscribing to oauthService.events at one place within the lib, and avoid potential leaking references and memory issues.

currently we have to implement: 

export function initializeAuth(oauthService: OAuthService, ngxs: Ngxs) {
  oauthService.configure(environment.isPasswordFlow ? authConfigPassword : authConfigImplicit);

  oauthService.tokenValidationHandler = new JwksValidationHandler();
  oauthService.setStorage(sessionStorage);

  // Auto Refresh Token
  if (oauthService.oidc === false) {
    oauthService.events
      .filter(e => e.type === 'token_expires')
      .subscribe(e => {
        oauthService.refreshToken().then();
      })
  } else {
    // setupAutomaticSilentRefresh only for Implicit flow
    oauthService.setupAutomaticSilentRefresh();
  }

  return async () => {
    await oauthService.loadDiscoveryDocumentAndTryLogin();

    if (oauthService.hasValidAccessToken()) {
      // This is called when using ImplicitFlow or page reload, no effect for ROPC Flow
      console.log("hasValidAccessToken");
      const profile: any = oauthService.getIdentityClaims();
      const isLoggedIn = true;
      ngxs.dispatch(new LoginSuccess({isLoggedIn, profile}));
    }
  };
}
kradcliffe commented 6 years ago

Thanks! Your example really helped me out. I kept assuming the silent refresh was OK for Password Flow.

xmlking commented 6 years ago

Hoping @manfredsteyer can make it part of the lib

m-a-l-p commented 6 years ago

Hi @xmlking ,

I'm also trying to implement the auto token refresh and I'm using password flow. May I know where should I put this function and where should I call it so that the token that gets automatically attached to all my request is valid?

Hope to hear from you.

Many thanks, Toni

manfredsteyer commented 6 years ago

see also #285

xmlking commented 6 years ago

@m-a-l-p may be this is what your are looking for https://github.com/xmlking/nx-starter-kit/blob/master/libs/auth/src/auth.service.ts#L92

mikelhamer commented 5 years ago

Why is this closed? Was this implemented?