Angular-auth-oidc-client: OidcSecurityService.getIsAuthorized() return false after Hot Module Reload

Created on 3 Oct 2018 · 12Comments · Source: damienbod/angular-auth-oidc-client

Since version 6.0.9, when webpack updates modified modules, the value returned by OidcSecurityService.getIsAuthorized() is false while the token is valid.

_Before 6.0.9 everything worked well._

The problem is located during AuthGuard.canActivate() method :

public canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | boolean {
        return this.oidcSecurityService.getIsAuthorized()
            .pipe(
                switchMap((isAuthorized: boolean) => {
                    console.log('From [AuthGuard.canActivate] (getIsAuthorized)', isAuthorized);
                    if (isAuthorized) {
                        ...
                    }
                    ...
                    this.router.navigate(['/auth/signin']);
                    ...
                })
            );
    }

Because isAuthorized is always false the user is redirected to /auth/signin page.
Here are the debug logs :

From [AuthGuard.canActivate] (getIsAuthorized) false
Information: Connection disconnected.
onUserDataChanged: last = undefined, new = 
onUserDataChanged: last = , new = [object Object]
IsAuthorized setup module
eyJhbGciOiJSUzI1NiIsImtpZCI6IkQwRUI5MzkzNDUwN0JGRTVENzcyNEUyQTY4ODFGREYxMzNGQzdDMDAiLCJ0eXAiOiJKV1QiLCJ4NXQiOiIwT3VUazBVSHYtWFhjazRxYUlIOThUUDhmQUEifQ.eyJuYmYiOjE1Mzg1NTAxMDgsImV4cCI6MTUzODYzNjUwOCwiaXNzIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaWRlbnRpdHkiLCJhdWQiOiJwYXRjaHdvcmsiLCJub25jZSI6Ik4wLjY0ODE2NjQ0NjAzMjE3NTcxNTM4NTUwMTA4NDY4IiwiaWF0IjoxNTM4NTUwMTA4LCJhdF9oYXNoIjoiajh6elhGTlJhVnZqdGVOaTA5SkxWdyIsInNpZCI6ImU2YzRkMTY0NThjMTEzYzE1NWQ3NjY2Mzc2MmUzNWRmIiwic3ViIjoiNWI3NGU2YzRlZGQwYmYwMzY4Njg2NTJmIiwiYXV0aF90aW1lIjoxNTM4NTQzNjIyLCJpZHAiOiJsb2NhbCIsImFtciI6WyJwd2QiXX0.mWWX-0nuWBjG_2RI5_APcH1p-TdL1Dn3hK7dwvfuOlOnbdEy4bTcvJzwHENTC8DPJUzQyCyKmvRXqpgZdu2AsLumRwxR83zLucFbOKnIvygMqCYC3_DhUmDZheytN8DcYoUBgXYzDFnozPeVyAcokLH5pVpAi9wKKGe5Ta7yt-pbYjMndWMRbFstQcrQ6PF0DtHt-EH9BLtIMza6TIe8m51sS2syYy1lRjpvZ77t3kA-FZ_PSz64V_c6cmq_oD4cxMhyUTNYszU2SwZLFmZCcYYPaSXkaO4HHxCLnhoZniwkf_PzHl6Z9v6uPWuaCCslYviLjyqzCFz3Zfnzh5t_nA
IsAuthorized setup module; id_token is valid
STS server: https://localhost/identity
onUserDataChanged: last = [object Object], new = 
onUserDataChanged: Logout detected.
BEGIN Authorize, no auth data
AuthorizedController created. local state: 15385501344780.47234499238051386

Once again, until the version 6.0.9 everything worked well.
I looked at the code here but I didn't find something relevant.

enhancement enhancement documentation investigate

Source

cverons

Most helpful comment

Thank you @profet23, this was the problem indeed.

Do you think this can be part of getIsAuthorized() method to wait after setup is complete ?
Or at least update the doc https://github.com/damienbod/angular-auth-oidc-client#using-guards ?

Anyway thanks again, great job guys :)

cverons on 3 Oct 2018

👍3

All 12 comments

Would this help?
https://github.com/damienbod/angular-auth-oidc-client#using-guards

damienbod on 3 Oct 2018

Hi @damienbod,

I used this piece of code instead of mine :

canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot): Observable<boolean> | boolean {
    return this.oidcSecurityService.getIsAuthorized().pipe(
        map((isAuthorized: boolean) => {
            console.log('AuthorizationGuard, canActivate isAuthorized: ' + isAuthorized);
            if (isAuthorized) {
                return true;
            }
            this.router.navigate(['/unauthorized']);
            return false;
        }),
        take(1)
    );
}

And I'm sorry to say that, but the value of isAuthorized is still false during module reloading :'(

AuthorizationGuard, canActivate isAuthorized: false

cverons on 3 Oct 2018

You may want to wait to check getIsAuthorized() until after setup is complete. It defaults to false.

So something like:

        return new Observable<boolean>((subscriber) => {
            if (this.oidcSecurityService.moduleSetup) {
                subscriber.next(true);
                subscriber.complete();
            }
            else {
                this.oidcSecurityService.onModuleSetup.pipe(take(1)).subscribe(() => {
                    subscriber.next(true);
                    subscriber.complete();
                });
            }
        })
        .pipe(
            switchMapTo(this.oidcSecurityService.getIsAuthorized()),
            map((isAuthorized: boolean) => {
                console.log('AuthorizationGuard, canActivate isAuthorized: ' + isAuthorized);
                if (isAuthorized) {
                    return true;
                }
                this.router.navigate(['/unauthorized']);
                return false;
            }),
            take(1)
        )

profet23 on 3 Oct 2018

👍2 🎉1

Thank you @profet23, this was the problem indeed.

Do you think this can be part of getIsAuthorized() method to wait after setup is complete ?
Or at least update the doc https://github.com/damienbod/angular-auth-oidc-client#using-guards ?

Anyway thanks again, great job guys :)

cverons on 3 Oct 2018

👍3

I agree that it probably should be part of the getIsAuthorized() observable. What do you think @damienbod ?

profet23 on 3 Oct 2018

@profet23 yes this would be great, and would solve a lot of these issues. Would you like to do a PR?

Greetings Damien

damienbod on 4 Oct 2018

👍1

added to 6.0.12

damienbod on 7 Oct 2018

🎉1

Again in latest same issue

inpicksys on 20 Oct 2018

The same issue in the lastest version

yeimmycl on 15 May 2019

👍1

@yeimmycl We aim to improve this in version 10 which will be a breaking change. We will improve the configuration and startup and refactor the is authorized events

damienbod on 16 May 2019

closing this, please open if you still have an issue

damienbod on 14 Sep 2019

The same issue in '10.0.11' release