Angular API does not support Angular apps registered as sub application on IIS

[ranjeethmd]

The API does not consider the base url path and always expect the apps to be at the origin/domain of the URL, this does not work well with underlying principles of Angular. This will cause issues for our infrastructure since we deal with multiple applications and our app uri are https://domain/app/. Angular supports this capability via base href which can be used during angular build

In the GIT location https://github.com/okta/okta-oidc-js/blob/master/packages/okta-angular/src/okta/services/okta.service.ts for the API you will see the use of window.location.origin, this should be replaced with baseUrl so that the system can pick up path relative to Angular base URL. if required for security purpose thid can even be concatenated with window.location.origin . This can be achieved by

document.getElementsByTagName('base')[0].href;

[robertjd]

HI @ranjeethmd , thanks for the report. Can you give us more detail on your use case, with example URLs, to explain what you're tying to achieve? Note that the callback redirect from okta does need to be a fully qualified domain name.

[shuowu]

@ranjeethmd Can you try to add the app part to the relative fromUri when calling setFromUri

[ranjeethmd]

@shuowu In our enterprise and in particular to our group we deploy multiple application on port 443. The way we achieve this is using a feature of IIS call sub app.

Let us say I have two apps on the server App1 and App2 that share the same port 443. My base url for App1 would be https://origin/App1 and my base url for App2 would be https://origin/App2.

And this would would show up in Angular index.html page (Standard Angular implementation) as <base href = "/app1/" /> and <base href ="/app2/" /> When we build our app for deployment we use standard angular build instruction

ng build --prod --deploy-url /app1/ --base-href /app1/

ng build --prod --deploy-url /app2/ --base-href /app2/

Hope this helps

[ranjeethmd]

@shuowu Can you try to add the app part to the relative fromUri when calling setFromUri, this will cause issue in AuthGaurd functionality which will still route to origin and this is an issue all through. logout login callback and we donot want to be altering code on every server deployment # #

[cpell]

The solution I came up with was to create a duplicate OktaAuthGuard in my project. You can then inject PlatformLocation and use getBaseHrefFromDOM(). Prepend this to state.url. State.url is relative to the root router URL so it really shouldn’t be used as the URL that gets passed to an external service.

In OktaAuthGuard, this.oktaAuth.setFromUri(state.url); becomes (use whatever pathJoin function suits you) this.oktaAuth.setFromUri(this.pathJoin([this.baseHref, state.url], '/'));

Angular docs: https://angular.io/api/common/PlatformLocation#getBaseHrefFromDOM

Hopefully the Okta team will come up with an official solution.

[swiftone]

Internal ref: OKTA-295172

[ranjeethmd]

@swiftone Do we have any updates on this ?