Angular-auth-oidc-client: audience parameter in ImplicitFlowConfiguration

Created on 12 Apr 2019  路  4Comments  路  Source: damienbod/angular-auth-oidc-client

sts server: auth0.com
By default this server will return non JWT access token if audience is not set in request:

If the Access Token you got from Auth0 is not a JWT but an opaque string (like kPoPMRYrCEoYO6s5), this means that the access token was not issued for your custom API as the audience. When requesting a token for your API, make sure to use the audience parameter in the authorization or token request with the API identifier as the value of the parameter.
See: https://auth0.com/docs/api-auth/tutorials/verify-access-token.

I configure service like this:
https://stackblitz.com/edit/angular-auth-oidc-client?file=src%2Fapp%2Fauth%2Fauthentication.service.ts

How to add audience parameter if access_point is retrieved from well-know Url?

picture vit100

Most helpful comment

acknowledged. It works.
May be it make sense to set this param before invoking _oidcSecurityService.setupModule(), not before login()?

So closing issue.

Rhetorical question - when i have time to create PR for README document update....

picture vit100 on 12 Apr 2019
🎉1 👍1

All 4 comments

@vit100 The aud parameter is set, this is part of the specification and the server is responsible for setting this claim. If you're using JWT access token, you can check this, if it's set correct by the server. The client app does not open or do anything with the access token, just sends it to access the APIs.

Greetings Damien

damienbod picture damienbod on 12 Apr 2019

Hi Damien,
Point is that for auth0.com they want audience parameter in request in order to get JWT access token, not opaque token.
Otherwise they return opaque string, which is useless for backend server call, as backend expect JWT bearer to validate, etc..
So basically should be a way to do request like this: https://authorization_endpoint?audience=XX&etc_standard_query

vit100 picture vit100 on 12 Apr 2019

OK, you can add custom parameters to the request with this in it

Here's an example

https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow/blob/master/src/AngularClient/angularApp/app/app.component.ts#L82

Greetings Damien

damienbod picture damienbod on 12 Apr 2019
👍1

acknowledged. It works.
May be it make sense to set this param before invoking _oidcSecurityService.setupModule(), not before login()?

So closing issue.

Rhetorical question - when i have time to create PR for README document update....

vit100 picture vit100 on 12 Apr 2019
🎉1 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

revok picture revok  路  4Comments
haidelber picture haidelber  路  3Comments
Jonesie picture Jonesie  路  4Comments
hannesrohde picture hannesrohde  路  3Comments
vicver82 picture vicver82  路  4Comments