Angular-auth-oidc-client: Cannot authenticate version 6.0.10

Created on 20 Sep 2018  路  3Comments  路  Source: damienbod/angular-auth-oidc-client

Hi Damien,

After upgrading the angular-auth-oidc-client from 6.0.6 to 6.0.10 the authentication is not working anymore. My configuration is as follows:

export class AppModule {
    constructor(
        private oidcSecurityService: OidcSecurityService,
        private oidcConfigService: OidcConfigService,
    ) {
        this.oidcConfigService.onConfigurationLoaded.subscribe(() => {

            const openIDImplicitFlowConfiguration = new OpenIDImplicitFlowConfiguration();
            openIDImplicitFlowConfiguration.stsServer = environment.securityTokenServer;
            openIDImplicitFlowConfiguration.redirect_url = `${window.location.origin}`;
            // The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer
            // identified by the iss (issuer) Claim as an audience.
            // The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience,
            // or if it contains additional audiences not trusted by the Client.
            openIDImplicitFlowConfiguration.client_id = 'Appid';
            openIDImplicitFlowConfiguration.response_type = 'id_token token';
            openIDImplicitFlowConfiguration.scope = 'openid profile email';
            openIDImplicitFlowConfiguration.post_logout_redirect_uri = `${window.location.origin}`;
            openIDImplicitFlowConfiguration.start_checksession = true;
            openIDImplicitFlowConfiguration.silent_renew = true;
            openIDImplicitFlowConfiguration.silent_renew_url = `${window.location.origin}/silent.html`;
            openIDImplicitFlowConfiguration.post_login_route = '/monitor';
            // HTTP 403
            openIDImplicitFlowConfiguration.forbidden_route = '/forbidden';
            // HTTP 401
            openIDImplicitFlowConfiguration.unauthorized_route = '/home';
            openIDImplicitFlowConfiguration.trigger_authorization_result_event = true;
            openIDImplicitFlowConfiguration.log_console_warning_active = true;
            openIDImplicitFlowConfiguration.log_console_debug_active = false;
            // id_token C8: The iat Claim can be used to reject tokens that were issued too far away from the current time,
            // limiting the amount of time that nonces need to be stored to prevent attacks.The acceptable range is Client specific.
            openIDImplicitFlowConfiguration.max_id_token_iat_offset_allowed_in_seconds = 20;

            const authWellKnownEndpoints = new AuthWellKnownEndpoints();
            authWellKnownEndpoints.setWellKnownEndpoints(this.oidcConfigService.wellKnownEndpoints);

            this.oidcSecurityService.setupModule(openIDImplicitFlowConfiguration, authWellKnownEndpoints);

        },
        error => {
            console.log("Auth Module: Error Occured in Auth Module Registration", error);
        });

        console.log('APP STARTING');
    }
}


export class AppComponent implements OnInit {
    IsLoggedIn: boolean;
    private isAuthorizedSubscription: Subscription;

    constructor(
        public oidcSecurityService: OidcSecurityService,
        private router: Router
    ) {
        if (this.oidcSecurityService.moduleSetup) {
            this.onOidcModuleSetup();
        } else {
            this.oidcSecurityService.onModuleSetup.subscribe(() => {
                this.onOidcModuleSetup();
            });
        }

        this.oidcSecurityService.onAuthorizationResult.subscribe(
            (authorizationResult: AuthorizationResult) => {
                this.onAuthorizationResultComplete(authorizationResult);
            });
    }

    private onOidcModuleSetup() {
        if (window.location.hash) {
            this.oidcSecurityService.authorizedCallback();
        } else {
            if ('/user/autologin' !== window.location.pathname) {
                this.write('redirect', window.location.pathname);
            }
            console.log('AppComponent:onModuleSetup');
        }
    }

    ngOnInit() {
        this.ApplicationViewService.Setup();
        this.isAuthorizedSubscription = this.oidcSecurityService.getIsAuthorized().subscribe((isAuthorized: boolean) => {
            this.IsLoggedIn = isAuthorized;
        });
    }

    login() {
        console.log('start login');
        this.oidcSecurityService.authorize();
    }

    refreshSession() {
        console.log('start refreshSession');
        this.oidcSecurityService.authorize();
    }

    logout() {
        console.log('start logoff');
        this.oidcSecurityService.logoff();
    }

    private onAuthorizationResultComplete(authorizationResult: AuthorizationResult) {
        console.log('AppComponent:onAuthorizationResultComplete ' + authorizationResult);
        const path = this.read('redirect');
        if (authorizationResult === AuthorizationResult.authorized) {
            this.router.navigate([path]);
        } else if (authorizationResult == AuthorizationResult.unauthorized) {
            this.write('redirect', window.location.pathname);
            this.router.navigate([['user', 'autologin']]);
        }
        else if (authorizationResult == AuthorizationResult.forbidden) {
            this.router.navigate(['/forbidden']);
        }
    }

    private read(key: string): any {
        const data = sessionStorage.getItem(key);
        if (data != null) {
            return JSON.parse(data);
        }

        return;
    }

    private write(key: string, value: any): void {
        sessionStorage.setItem(key, JSON.stringify(value));
    }

}

I dont see any errors, besides a warning that says "VM3325 vendor.js:74324 Set-Cookie header is ignored in response from url ... Cookie length should be less than or equal to 4096 characters" when using Chrome.

Thanks

picture xaviergxf
👍2

Most helpful comment

This seems to be very similar... if not a dupe of #299.

Please see my answer here: #299 (comment) for an example of how to delay execution until after setup is completed.

also here: #257 (comment)

Indeed, fixed my issue by checking if the OidcSecurityService.ModuleSetup = true before trying to .authenticate().

picture bvanbleyenbergh on 4 Oct 2018
👍2

All 3 comments

Me too am having a problem after upgrading to 6.0.7 (same problem in 6.0.10)
The this.oidcSecurityService.authorize(); looks te be called before the openid-configuration is loaded.
If I use setTimeout(() => this.oidcSecurityService.authorize(), 2000); it works.

Is there any way I can delay my authorize() call till the configuration is loaded?

bvanbleyenbergh picture bvanbleyenbergh on 2 Oct 2018

This seems to be very similar... if not a dupe of #299.

Please see my answer here: https://github.com/damienbod/angular-auth-oidc-client/issues/299#issuecomment-426665252 for an example of how to delay execution until after setup is completed.

also here: https://github.com/damienbod/angular-auth-oidc-client/issues/257#issuecomment-426875534

profet23 picture profet23 on 4 Oct 2018
👍1

This seems to be very similar... if not a dupe of #299.

Please see my answer here: #299 (comment) for an example of how to delay execution until after setup is completed.

also here: #257 (comment)

Indeed, fixed my issue by checking if the OidcSecurityService.ModuleSetup = true before trying to .authenticate().

bvanbleyenbergh picture bvanbleyenbergh on 4 Oct 2018
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

profet23 picture profet23  路  3Comments
toddtsic picture toddtsic  路  4Comments
vicver82 picture vicver82  路  4Comments
brentos99 picture brentos99  路  4Comments
JohnGalt1717 picture JohnGalt1717  路  3Comments