Angular-oauth2-oidc: Access token not being set when reponse type does not have id_token

Created on 8 Mar 2019  路  4Comments  路  Source: manfredsteyer/angular-oauth2-oidc

Hello Guys!!

Im facing a strange issue when upgrading from 4.0.3 to 5.02.

Using the previous version I had the response type like this
authConfig.responseType = 'code token';

After upgrading the library to 5.0.3 the app stopped to get the access token. I can see the Acccess token in the URL though.
image

Then I changed my response type to be like this and it started to work
authConfig.responseType = 'code token id_token';

This is the correct behavior?? Am I missing something?

Maybe this is only related to my company indentity server.

Small repro steps.

ng new appname
npm -i angular-oauth2-oidc

private configureWithNewConfigApi() {
    this.oauthService.configure(this.getConfig());
    this.oauthService.oidc = true;
    this.oauthService.setStorage(localStorage);
    this.oauthService.tokenValidationHandler = new NullValidationHandler();
    this.oauthService.loadDiscoveryDocument().then(() => {
      this.oauthService.tryLogin().then(() => {
        console.log(this.oauthService.getAccessToken());
      });
    });
  }

  private Login() {
    this.oauthService.initImplicitFlow();
  }

  private getConfig(): AuthConfig {
    const authConfig = new AuthConfig();

    authConfig.issuer = 'myurl';
    authConfig.oidc = true;

    authConfig.responseType = 'code token';
    authConfig.redirectUri = window.location.origin;

    authConfig.clientId = 'myclientid';

    authConfig.scope = 'openid email profile';
    authConfig.showDebugInformation = true;

    return authConfig;
  }

<button (click)="Login()">Login</button>

I Tried to create a stackblitz but I couldnt use my test server there, sorry!

Thanks
_

investigation-needed
Source
picture prmces

Most helpful comment

I'm seeing something similar. local storage is not being written with the access token (and other details)

picture shutupandshave on 21 Mar 2019
👍4

All 4 comments

I'm seeing something similar. local storage is not being written with the access token (and other details)

shutupandshave picture shutupandshave on 21 Mar 2019
👍4

As far as i can tell this is not an expected behavior or have i missed something in the oidc specs? It seems like the access token won't be processed when the id_token wasn't requested as well.

Edit: Bug is still present in version 8.0.4

chrsi picture chrsi on 17 Mar 2020

code token and code token id_token is hybrid flow which is not supported by this lib.

manfredsteyer picture manfredsteyer on 23 Mar 2020

I had the same issue with requesting solely the token scope.
I configured the oauthService using the responseType: "token" which should only request the access token. The response i get from the Authorization Server is a redirect containing the access token. But I can't find the access token in the browser storage. Since it's still present in the redirected url I guess it doesn't get processed at all.
But once i change the responseType to token id_token the access token gets processed, stored in the browser storage and removed from the redirected url. This is not the expected behavior. It requires me to request the id_token in order to get the access token processed by the library. But i have no use for the id_token.

chrsi picture chrsi on 23 Mar 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

zulander1 picture zulander1  路  4Comments
uzzafar picture uzzafar  路  4Comments
ghost picture ghost  路  4Comments
kneefer picture kneefer  路  3Comments
jeroenheijmans picture jeroenheijmans  路  4Comments