angular-auth-oidc-client version 6.0.1 is not working at present.

Created on 27 Mar 2019 · 13Comments · Source: damienbod/angular-auth-oidc-client

In our project we were using version 6.0.1 of angular-auth-oidc-client component for long time. But suddenly it stopped working. As a temporarary work out now I am modifying (basically blocking some piece of code) of angular-auth-oidc-client.es5.js file to avoid authentication. This is not a solution. Blocked code is:
OidcSecurityValidation.prototype.validate_id_token_nonce = function (dataIdToken, local_nonce) {
/* if (dataIdToken.nonce !== local_nonce) {
this.loggerService.logDebug('Validate_id_token_nonce failed, dataIdToken.nonce: ' +
dataIdToken.nonce +
' local_nonce:' +
local_nonce);
return false;
} */
return true;
};

Now Big question is why same version of one component will stop working suddenly. That means code management is not at all proper for this component.

Also immediately I need a full proof angular-auth-oidc-client component which will work perfectly with Angular 6 application which access WebApi and identityserver4 (both are http i.e. not ssl certified.) . Can you give any link where I can see proper sample application.

Waiting for your earliest reply.

question

Source

manojsati

All 13 comments

Hi @manojsati

Here's an example:

https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow

damienbod on 29 Mar 2019

Hi damien,
I also saw that example but do you recommend Implicit flow?

is there any security concern with this approach?
Also my confusion is do we need to use angular routerguard with this component?

Thanks for your reply. Please reply to my query.

Best Regards,
Manoj

From: damienbod notifications@github.com
Sent: 29 March 2019 18:13
To: damienbod/angular-auth-oidc-client
Cc: Manoj Sati; Mention
Subject: Re: [damienbod/angular-auth-oidc-client] angular-auth-oidc-client version 6.0.1 is not working at present. (#408)

Hi @manojsatihttps://github.com/manojsati

Here's an example:

https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHubhttps://github.com/damienbod/angular-auth-oidc-client/issues/408#issuecomment-477984078, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AtZoGWs1sOh3vjJnpy48gnk6HtoGYdR6ks5vbgpkgaJpZM4cOWWb.

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this mail in error) please notify the sender immediately and destroy this mail. Any unauthorized copying, disclosure or distribution of the material in this mail is strictly prohibited.

manojsati on 29 Mar 2019

Hi damien,
can I use this sample code?

https://github.com/damienbod/angular-auth-oidc-client/tree/master/projects/sample-code-flow/src

regards

From: Manoj Sati
Sent: 29 March 2019 18:44
To: damienbod/angular-auth-oidc-client
Subject: Re: [damienbod/angular-auth-oidc-client] angular-auth-oidc-client version 6.0.1 is not working at present. (#408)

Hi damien,
I also saw that example but do you recommend Implicit flow?

is there any security concern with this approach?
Also my confusion is do we need to use angular routerguard with this component?

Thanks for your reply. Please reply to my query.

Best Regards,
Manoj

Hi @manojsatihttps://github.com/manojsati

Here's an example:

https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow

manojsati on 29 Mar 2019

@manojsati clone the repo, install the nodejs tools, and the .NET Core tools, and run

damienbod on 29 Mar 2019

@damien, I have a serious doubt. you have recommended to use from sample https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow but this sample is purely a implicitflow. And it is very clearly told that we should not use implicit flow. I also feel we should use a component of particular version. That is why I have big doubt. Please tell me which version of your componet works perfectly with angular 6.0.1 version? Also please give me full proof Angular project code that works with your component's particular version. Please help as it is very urgent.

manojsati on 31 Mar 2019

@damienbod are you not sure about the latest version of this component? My doubt is if you are sure about stability of version 9.0.3 then why will you recommend implicit flow? How can we depend on angular-auth-oidc-client for a very professional level of project?

manojsati on 1 Apr 2019

@manojsati I don't recommend the implicit flow any more. An example of the code flow is also in this repo.

Here's another example

https://github.com/damienbod/AspNetCoreAngularSignalRSecurity

And another example in in this repo.

9.0.4 is stable and I don't see what your problem is. The repo also has an Angular-CLI example using the code flow.

damienbod on 1 Apr 2019

@damienbod Hi Damien,

I have recently implemented Implicit flow after lot of efforts but now i see this comment.
I have grant types to code in both Id server and angular application , but now after successful login it is redirecting me with parameters such as code,scope,state etc. but i don't want it to be in url . and also when i am calling getToken() , it is returning me blank.
Please help me and let me know if any further information required from my end.
Thanks