Angular-auth-oidc-client: logoff does not logoff on sts server

Created on 26 Jul 2019 · 7Comments · Source: damienbod/angular-auth-oidc-client

I am using identityserver4 in a project with an angular client which is using PKCE everything is working fine except for logoff. Even that is working in the way when I logoff the client "not authorized" any more so is logged out, but when I click login again and on the authorize it just proceeds without asking for a login credential again on the STS so my understanding is that the user is still logged in there? I also notice that the endsession calls to the STS get cancelled

Is this something on identity server side to configure/fix or am I doing it wrong in the angular client side?

I would expect that a logoff would also signout on the sts, no?

Source

suddenelfilio

Most helpful comment

nevermind I turned into a regular anchor tag with href binding to the end session url instead of trying to do in a click handler. This works for now although if I see most sample it should work as advertised via the .logoff() method.

suddenelfilio on 27 Jul 2019

👍4

All 7 comments

suddenelfilio on 27 Jul 2019

👍4

@suddenelfilio thanks for the feedback

damienbod on 30 Jul 2019

Any news on this? Is it a bug? I have the same problem.

alecrt on 4 Dec 2019

Hi,

I have the same problem when I set network to Slow 3G.
Normally, the request endsession responds with 302 and redirects to logout page.
When I use throttling, the request is cancelled and never redirects to logout page

darge98 on 13 Jan 2020

I am seeing the same thing as @darge98. Any word on this would be great.

slomangino123 on 7 May 2020

Are you using version 11? We had a timing issue here in 10 which might have caused this. The logout only redirects to the STS using the endsession URL. So if the network is broken or slow, the redirect will not work. But I don't fully understand what is happening in your case. Could you provide more info about what is happening and your version? Then I will try to reproduce.

Greetings Damien

damienbod on 8 May 2020

Hey Damien, we are currently on 10.0.7 my config is as follows:

const config: OpenIdConfiguration = {
        stsServer: configResult.stsServer,
        redirect_url: environment.selfUrl,
        client_id: environment.clientId,
        response_type: 'id_token token',
        scope: 'openid profile',
        post_logout_redirect_uri: environment.selfUrl,
        start_checksession: true,
        silent_renew: true,
        silent_renew_url: environment.selfUrl + '/silent-renew.html',
        post_login_route: '/',
        forbidden_route: '/forbidden',
        unauthorized_route: '/unauthorized',
        log_console_warning_active: true,
        log_console_debug_active: true,
        max_id_token_iat_offset_allowed_in_seconds: 60,
        trigger_authorization_result_event: true,
      };

I believe I've hit that race condition. I am receiving these messages in the debug log

getIsAuthorized: false
auto-login.component.ts:19 in subscription of autologin component, Authorized: false
angular-auth-oidc-client.js:398 getIsAuthorized: false
auto-login.component.ts:19 in subscription of autologin component, Authorized: false
angular-auth-oidc-client.js:398 getIsAuthorized: false
auto-login.component.ts:19 in subscription of autologin component, Authorized: false
angular-auth-oidc-client.js:398 getIsAuthorized: false
auto-login.component.ts:19 in subscription of autologin component, Authorized: false
angular-auth-oidc-client.js:398 getIsAuthorized: false
angular-auth-oidc-client.js:398 BEGIN Authorize Code Flow, no auth data
.
.
.
angular-auth-oidc-client.js:398 AuthorizedController created. local state: 15889477697370.91800681663792270.8868022045979893
angular-auth-oidc-client.js:398 BEGIN Authorize Code Flow, no auth data
angular-auth-oidc-client.js:398 AuthorizedController created. local state: 15889477697370.91800681663792270.8868022045979893
angular-auth-oidc-client.js:398 BEGIN Authorize Code Flow, no auth data
angular-auth-oidc-client.js:398 AuthorizedController created. local state: 15889477697370.91800681663792270.8868022045979893
angular-auth-oidc-client.js:398 BEGIN Authorize Code Flow, no auth data
angular-auth-oidc-client.js:398 AuthorizedController created. local state: 15889477697370.91800681663792270.8868022045979893
client:52 [WDS] Live Reloading enabled.
core.js:3866 ERROR RangeError: Maximum call stack size exceeded

AutoLoginComponent:

@Component({
  selector: 'app-auto-login',
  template: '',
  styleUrls: ['./auto-login.component.scss'],
})
export class AutoLoginComponent implements OnInit {
  private IsAuthorized: boolean = false;
  constructor(
    public oidcSecurityService: OidcSecurityService
  ) { }

  public ngOnInit() {
    this.oidcSecurityService.getIsAuthorized().pipe(takeWhile(() => !this.IsAuthorized)).subscribe((isAuthorized) => 
    {
      console.log(`in subscription of autologin component, Authorized: ${isAuthorized}`)
      this.IsAuthorized = isAuthorized;
      if (!this.IsAuthorized) {
        this.oidcSecurityService.authorize();
      }
    })
  }
}

AppComponent:

@Component({
  selector: 'app-root',
  templateUrl: './app.component.html',
  styleUrls: ['./app.component.scss']
})
export class AppComponent implements OnInit, OnDestroy {
  public isAuthorized = false;

  private getIsAuthorized$: Subscription;

  constructor(
    private readonly _oidcSecurityService: OidcSecurityService,
  ) {
    this.getIsAuthorized$ = this._oidcSecurityService.getIsAuthorized().subscribe((authorized: boolean) => {
      this.isAuthorized = authorized;
    });
  }

slomangino123 on 8 May 2020

Was this page helpful?

0 / 5 - 0 ratings