search

robisim74 / AngularSPAWebAPI

Angular Single Page Application with an ASP.NET Core Web API that uses token authentication
MIT License
231 stars 59 forks source link

Question: How to Redirect to IdentityServer instead of using password flow? #13

Closed nigel-dewar closed 7 years ago

nigel-dewar commented 7 years ago

Hi There,

Thanks for your great sample. It has super useful info regarding Angular2-jwt usage with IDSvr.

All the samples I have seen thus far, including work from Damien Bod, ( https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow ) has the angular client use implicit flow and redirects to the IdentityServer where the user chooses thier auth type, so they can choose 'local account' or google or whatever is setup on IdSvr.

Is it easy to switch your code from a ROPC flow to Implicit?

I have spent a bit looking at your sample code and that of Damien Bods, however I cannot see what I need to change properly.

In Damiens code the authorize function does a redirect to the IDSvr

public Authorize() {
        this.ResetAuthorizationData();

        console.log('BEGIN Authorize, no auth data');

        let authorizationUrl = this._configuration.server + '/connect/authorize';
        let client_id = this._configuration.client_id;
        let redirect_uri = this._configuration.redirect_url;
        let response_type = this._configuration.response_type;
        let scope = this._configuration.scope;
        let nonce = 'N' + Math.random() + '' + Date.now();
        let state = Date.now() + '' + Math.random();

        this.store('authStateControl', state);
        this.store('authNonce', nonce);
        console.log('AuthorizedController created. adding myautostate: ' + this.retrieve('authStateControl'));

        let url =
            authorizationUrl + '?' +
            'response_type=' + encodeURI(response_type) + '&' +
            'client_id=' + encodeURI(client_id) + '&' +
            'redirect_uri=' + encodeURI(redirect_uri) + '&' +
            'scope=' + encodeURI(scope) + '&' +
            'nonce=' + encodeURI(nonce) + '&' +
            'state=' + encodeURI(state);

        window.location.href = url;
    }

So I'd say I'd need to implement the same redirect with your sample as well.

But.... Im just not sure how to handle the redirect using Auth0.

Anyways, you probably have the answer so I'll leave my question at that. Any assistance or answer on this would be greatly appreciated.

Cheers

robisim74 commented 7 years ago

If I understand correctly, you would like to use the client code of this project with the server-side code that uses an implicit flow like Damien's.

Major differences: this project does not decode the access token on the client and obviously does not use a reference token. Of course, you have to set different parameters such as _redirecturi.

I never used Auth0. Try to see this guide: https://auth0.com/docs/api-auth/tutorials/implicit-grant

Greetings

nigel-dewar commented 7 years ago

Cheers Roberto,

I reckon I have it figured out, I just need to combine a bit of code from Damiens with what you have and should be good.

Cheers