Open ghost opened 4 years ago
Could you elaborate which part of the OIDC spec you're referring to? This library supports (the now deprecated) Implicit Flow as well as Code Flow with PKCE. I suppose you could reconfigure the lib to at some point re-login with a broader set of scopes if that's what you mean?
Other than that, I'm not sure what you're exactly after - but maybe some other community member might?
I am referring to https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest request parameter prompt and max_age
We are using the code flow with PKCE.
This is not about logging in again. This is about proofing your identity before very specific actions. Like in a banking application despite being logged in already, needing to re-authenticate before being able to execute a money transfer. You typically need to do this each time ...
The important thing is,
It would be nice, if angular-oauth2-oidc would support this somehow - i.e. just to get new tokens via all supported flows without touching the tokens already stored. The login dialog should probably happen in a iframe or so, since the application state should not be destroyed ...
I guess, everything you need is already in you library, just not exposed ...
On a high level I kinda see what you mean. I'll tag the issue appropriately. I'm not sure about follow up or concrete stuff to get this rolling though, and it might be out of scope for the lib, not sure.
Is there any update for this ?
I found a way to add custom parameter (such as prompt=login) in auth url:
I am looking into using angular-oauth2-oidc for our angular web application.
In our application we need to re-authenticate the user for certain critical actions (electronic signature) despite the fact that the application has still a valid session (i.e. token) for this user. This re-authentication should not have any impact on the ongoing session of the application, but should just ensure that the user must proof its identity again, and report back some user information identifying the user.
To my understanding OIDC would support this by using the authentication endpoint with query parameter promt=login or max_time=0 or so...
I could not find a method in your library supporting this, like e.g.
authenticate({promt: 'login'}): promise;
although, your library must all have in place to provide this easily.
Is there a way to do this with your library? If no, would you consider adding something like this?