oidc-client-js | OpenID Connect and OAuth2 protocol support | Authentication library
kandi X-RAY | oidc-client-js Summary
kandi X-RAY | oidc-client-js Summary
OpenID Connect (OIDC) and OAuth2 protocol support for browser-based JavaScript applications
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- X509 X509 certificate .
- Get JWT from JWT .
- Create a new signRequest object .
- Initialize OIDClient settings .
- WritableStream state of a stream .
- Creates an async iterator .
- Invoke generator .
- Evaluate the return iterator .
- Asynchronously read a stream .
- Create a user manager
oidc-client-js Key Features
oidc-client-js Examples and Code Snippets
Community Discussions
Trending Discussions on oidc-client-js
QUESTION
For a particular case in a Vue.js and JavaScript project a NPM package dependency have to be merge with the current JavaScript code base.
In that specific case, the NPM package should not be part of the nodes_modules folder anymore but rather be part of the JavaScript code itself.
In that case as both codebases will grow together in the future. (Independently from the original NPM package and not as a Fork)
How can I merge or fusion a NPM package to a Javascript project?
Additional Details:
- The library that need to be merge is OIDC client. It's an open source project "Archived" by it's author (So no possibility to create Pull Request for a new release).
- It is use to create a SSO for an internal project. This library has been retain by architect the for specific need of the project and there is no other option than this one.
- There is no "internal package manager" available in this company
- I don't want to host the fork on my personal Github and manage the package on NPM website
ANSWER
Answered 2022-Feb-11 at 19:40After many attempt to solve this problem, it turn out that Patch-Package do the best job to merge a dependency by simply patching over instead of forking.
Syntax is pretty simple and it integrate very well with NPM:
Installation:
npm i patch-package
Modify the code of your dependency directly in
node_modules
folderRun
npx patch-package some-package
where some-package is the name of your package to patch
https://github.com/ds300/patch-package
Documentation: https://github.com/ds300/patch-package
QUESTION
I have an Identity Server 4 instance running at https://localhost:5443/ and a client React.js application running at http://localhost:3000/ and making a reference to the oidc-client library in order to establish the communication. I've been following more or less this article.
The way I've configured the client (in-memory) on the Identity Server is as follows:
...ANSWER
Answered 2021-Dec-28 at 12:44You do not provide an idTokenHint (id token) with your logout request like the following:
QUESTION
I am working on a project to set up OIDC authentication on a react SPA (authorization code with PKCE). I am working with the oidc-client-js library. My code works fine but after being authenticated I am again redirected to the login pattern. I looked at the react router side but that doesn't seem to be it. I am thinking of an asynchronous problem but I can't seem to get out of it. Can you help me please ?
Thanks in advance
My configuration
...ANSWER
Answered 2021-Nov-19 at 14:15You need to put tighter control over when signInRedirect is called, based on whether userManager.getUser returns anything. I would start with this approach:
- When the page loads, render the logged in state to a label on screen: true or false
- Use a temporary login button to trigger sign in redirects rather than doing it automatically in useEffect
Once that is reliable you can put back the onLoad automatic redirect. If it helps, here is some code of mine to compare against - you can run this code sample very easily also.
QUESTION
I check options to migrate my service authentication system to identityserver4\5. I have two websites:
...ANSWER
Answered 2021-Sep-26 at 11:20If you run SPA you, your best bet is oidc-client.
But the tutorials you have read are non-sense that suggest client_id/secret auth. No it is not save to have client secret in an SPA app.
For that reason you have the Auth Code + PKCE Flow. AuthCode + PKCE (Proof of Key Code Exchange) works like Auth Code flow (client_id + secret + a code to obtain the token), but the secret is generated per request (see here). This solves the issue of having a static secret and prevents replay attacks.
In the past Hybrid Flow, which would return the token in the redirect request from the Identity Server (after logging in and when being redirected back to your website) but this is the recommended approach anymore as Auth Code + PKCE is the more secure approach.
You can't use a code flow based in the backend in an SPA, because the backend doesn't know the credentials and asking user to directly type in the credentials instead of redirecting them to the identity server is less secure (and less trustworthy since your app has to actually see the credentials) than interactive flows (that redirect you to the Identity Server login page)
QUESTION
With ASP.NET Core 5, Angular 10 and Identity Server 4 I created 4 applications:
- Auth using Identity Server 4;
- Asp.Net Core 5 API
- Asp.Net Core 5 MVC
- Angular 10 SPA
On the Angular application (4) I am using OIDC Client JS and Code Grant Type.
The Asp.Net Core 5 MVC application (3) also needs to access the API ...
I am using Identity Model but what Grant Type should I use in MVC application?
Code as in the Angular application (Is this possible?)? Client Credentials?
...ANSWER
Answered 2020-Nov-10 at 04:11If you login the user on MVC application and you want to call the API on behalf of the user use the
Code
flow. In this case only difference between MVC and angular apps is thatAsp.Net Core 5 MVC
is a confidential client and you can useCode
flow. ButAngular 10 SPA
client is a public client and you should you Code + PKCE. It is although recommended to use PKCE in both cases.If you just call an API through MVC and as the app itself and not behalf of the user, you can use Client Credentials flow. This flow is for server to server scenarios and it is secure. In this case you should do authorization for MVC app as well.
QUESTION
I am using authcodeflow with PKCE.
Using OIDC js library in the frontend, making calls to adfs getting an auth code and then calling my backend api. The backend api which calls adfs server get the access token and the backend api returns the token as a cookie to the frontend. I can see the cookie in response headers. but That cookie is not stored in browser and not getting added for subsequent requests. I have tried with samesite with all modes -> Lax, None,Strict and not setting. Is this an issue with OIDC js library or is it blocking the cookies to store in browser?
Update: Below are the observation with my analysis Since the OIdc-client-js does not have an option to set flag "withCredentials" to true for the requests. There are no cookies send in the request and response cookies are ignored for the cross origin requests.This changes are marked as enhancement and still not completed in thier github repo. https://github.com/IdentityModel/oidc-client-js/issues/1062
Is there any way to achieve with this library? or any other libraries for OIDC js
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials
...ANSWER
Answered 2020-Oct-27 at 23:14So you are issuing a cookie from an API domain that is a sibling of the WEB domain:
- web.mycompany.com
- api.mycompany.com
- Cookie domain = .mycompany.com
POSSIBLE CAUSES FOR COOKIE BEING DROPPED
Maybe it is the withCredentials flag or maybe due to a lack of user gesture, since the user has not done anything explicit to navigate to api.mycompany.com, such as a browser navigation or clicking a link?
FORCING WITHCREDENTIALS
You can override the prototype like this in order to add the withCredentials property. This is a little hacky but you could limit usage based on the URL and it should let you know whether setting withCredentials resolves your problem:
QUESTION
I have an application that is using identityServer4 for authentication and Angular10(with oidc-client-js) for front-end and an ASP.NET Core API as the resource API. everything was working fine until I added the following line to the API startup configuration , then after log in all my requests were returning 401.
...ANSWER
Answered 2020-Oct-06 at 12:28The best practice is to keep your IdentityServer on a separate service, just so that you can reason about how it all works. When its is one place, its really hard to understand what is going on. I would start with a separate IdentityServer, and then merge when it works and when you fully understand what is going on.
If you get the "You must either set Authority or IntrospectionEndpoint" exception in your API, then the Authority is not properly set. You have the source code for the exception here.
In your Api startup, I would also set the default authentication scheme to:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
See this page:
QUESTION
I am using IdentityServer 4 with an Angular 10 client that uses OIDC Client JS:
To redirect a user for signin I am calling signinRedirect on the Angular's client:
...ANSWER
Answered 2020-Sep-17 at 16:53It is possible to send a message to the identity provider using oidc-client by using the args
parameter of signinRedirect
method.
If you take a look at oidc-client-js/src/SigninRequest.js from their github repository, you can see that you can supply the following optional parameters to the aforementioned method:
data
,prompt
,display
,max_age
,ui_locales
,id_token_hint
,login_hint
,acr_values
,resource
,response_mode
,request
,request_uri
,extraQueryParams
,request_type
,client_secret
,extraTokenParams
,skipUserInfo
Later in the code, on line 75 of this file version, they have this:
QUESTION
I'm working with an angular 8 SPA, and I'm trying to use the oidc-client-js library to handle the user authentication. The identity provider is implemented by using identity server 4.
Our desired user experience is the following: when the SPA is loaded in the browser, without requiring any kind of user interaction, the login flow is started. Put in other words, we would like to trigger the login flow automatically and to avoid the need for an explicit login button in the first view of the application.
The AppComponent
is the first component loaded in our application and it has the following init method:
ANSWER
Answered 2020-Sep-10 at 17:47REQUIREMENTS
There are 2 main aspects to making this work. It is a design pattern really, and can be implemented in any language:
- Trigger login redirects based on whether you can get data from APIs
- Handle the login response as part of your page load, which then makes tokens available for calling APIs, avoiding further redirects
You'll have to figure out the Angular specifics, since I don't know that framework. I hope this gives you a few useful pointers though.
RESOURCES OF MINE
The code below uses plain Typescript, and you'd need to translate that to your preferred Angular syntax.
Code to get an access token. Note that the getAccessToken function triggers the login redirect.
Code to load the page. Note the call to handleLoginResponse as part of page load
Code to deal with access token expiry. Note that on expiry a new login redirect is triggered.
Blog Post with more details on initial OIDC client integration
My blog also has some more advanced samples if useful, on stuff like silent token renewal - and a Quick Start Page where you can run an online React sample with the above behaviour.
QUESTION
With IdentityServer 4 v4.0 and Asp.Net Core Identity 3.1 I get the claims after login:
...ANSWER
Answered 2020-Jun-23 at 22:11- For the first Question try replacing
ClaimTypes.Role
byJwtClaimTypes.Role
. - Regarding the second question isn't your username the same as your Email?
Edit:
In your ProfileService
constructor inject IUserClaimsPrincipalFactory
and apply the following changes to your GetProfileDataAsync()
function:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install oidc-client-js
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page