Oidc-client-js: Issue when using oidc-client with angular UI router

Created on 24 Aug 2016  路  5Comments  路  Source: IdentityModel/oidc-client-js

I have a JS application, and when testing I'm using a 'main.html' (index will be generated by gulp when deploying) so my urls will look like http://mysite/main.html#/mystate when testing.

When logging in, I'm accessing #/login which resolves createSignInRequest and redirects to the login uri, which then redirects to #/loggedin on success which resolves processSigninResponse.

If I pass over the full url I get it redirecting to http://mysite/main.html#/loggedinaccesstoken=...

Now if I add a '?' to the redirect url, http://mysite/main.html#/loggedin?accesstoken=... this still won't work as in SignInResponse.js the url is split by the '#' (var values = UrlUtility.parseUrlFragment(url, "#");) thus making one property of the values object 'loggedin?accesstoken' rather than 'accesstoken' and so processSigninResponse triggers the reject function of the promise.

I can current;y do a workaround by updating the oidc-client script so that 'var values = UrlUtility.parseUrlFragment(url, "?");'

It may be worthwhile looking into some way of having the '#' as a default setting that can be overridden?

question
Source
picture eckersalld

Most helpful comment

can you use the silent login with iframe?

          this.mgr.signinSilent({ scope: 'openid profile email api1', response_type: 'id_token token' }).then((user) => {
                this.loggedIn = true;
                this._user = user;
                this.userLoadededEvent.emit(user);
            }).catch(function (err) {
                this.loggedIn = false;
                console.log(err);
            });
picture crh225 on 26 Aug 2016
👍2

All 5 comments

Relevant? https://github.com/IdentityModel/oidc-client-js/issues/57

brockallen picture brockallen on 24 Aug 2016
👍1

Ah, so it's part of the spec to not use an octothorpe in the uri, yet SPA's requires it for backwards compatibility... I'll figure out a way to square the circle! :D

eckersalld picture eckersalld on 24 Aug 2016

Yea, we realize the spec says to not use # in the callback URIs. But yes, many clients really want it.

Anyway, all set on this issue? Can we close?

brockallen picture brockallen on 26 Aug 2016

can you use the silent login with iframe?

          this.mgr.signinSilent({ scope: 'openid profile email api1', response_type: 'id_token token' }).then((user) => {
                this.loggedIn = true;
                this._user = user;
                this.userLoadededEvent.emit(user);
            }).catch(function (err) {
                this.loggedIn = false;
                console.log(err);
            });
crh225 picture crh225 on 26 Aug 2016
👍2

@crh225 - haven't looked into the silent login yet, currently I've just created a couple of new pages to act as intermediaries when logging in and out for a proof of concept. May very well see if the iframe will be a better fit if/when the project moves forward from POC stage.

@brockallen - feel free to close, I've something that works now. Cheers both.

eckersalld picture eckersalld on 30 Aug 2016
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pawepaw picture pawepaw  路  3Comments
tamias picture tamias  路  3Comments
rmja picture rmja  路  3Comments
bialabs picture bialabs  路  3Comments
baoduy picture baoduy  路  4Comments