angular-auth-oidc-client | npm package for OpenID Connect | Authentication library
kandi X-RAY | angular-auth-oidc-client Summary
kandi X-RAY | angular-auth-oidc-client Summary
npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of angular-auth-oidc-client
angular-auth-oidc-client Key Features
angular-auth-oidc-client Examples and Code Snippets
Community Discussions
Trending Discussions on angular-auth-oidc-client
QUESTION
I am using
...ANSWER
Answered 2022-Mar-21 at 15:56I'll try to provide an answer to the sequence of questions/challenges you're facing.
Based on comments and updates to the question, it looks like you have a few incorrect configurations to address. From our first round of comments:
- It looks like you've configured a confidential client (with a client secret, client authentication method,
requireProofKey(true)not set
Note: Also, make sure you're browsing your application from http://127.0.0.1:4200, not http://localhost:4200.
From the update you provided in the question:
- You don't want to comment out
config.setAllowCredentials(true);in your cors config as the browser needs to be able to send theJSESSIONIDcookie with the silent renew process. - Spring Authorization Server doesn't currently support refresh tokens for public clients, so my sample doesn't include that option
useRefreshToken: true. - Your
.authorizeRequests()DSL usage is not correct. You don't want to have multiple invocations of that method, as the 2nd one overwrites the first one. You are also targeting the wrong endpoints in the default filter chain. It should look like the sample:
QUESTION
Is there a way to easily handle authorization based on roles with the lib angular-auth-oidc-client?
As soon as a user is on the site, I want to identify them, so I use the auto-login-all-routes guards, and this far everything is ok for me. But I'd like to allow access only if the userData contains a specific role, otherwise redirect to the unauthorized page.
At first I though I could just create a custom version of auto-login-all-routes.guard.ts but as most of the services used are not exported by the module, it doesn't seem to be a good idea.
Do you have any suggestions?
...ANSWER
Answered 2021-Nov-22 at 13:07Use 2 guards.
First one to authenticate:
QUESTION
I check options to migrate my service authentication system to identityserver4\5. I have two websites:
...ANSWER
Answered 2021-Sep-26 at 11:20If you run SPA you, your best bet is oidc-client.
But the tutorials you have read are non-sense that suggest client_id/secret auth. No it is not save to have client secret in an SPA app.
For that reason you have the Auth Code + PKCE Flow. AuthCode + PKCE (Proof of Key Code Exchange) works like Auth Code flow (client_id + secret + a code to obtain the token), but the secret is generated per request (see here). This solves the issue of having a static secret and prevents replay attacks.
In the past Hybrid Flow, which would return the token in the redirect request from the Identity Server (after logging in and when being redirected back to your website) but this is the recommended approach anymore as Auth Code + PKCE is the more secure approach.
You can't use a code flow based in the backend in an SPA, because the backend doesn't know the credentials and asking user to directly type in the credentials instead of redirecting them to the identity server is less secure (and less trustworthy since your app has to actually see the credentials) than interactive flows (that redirect you to the Identity Server login page)
QUESTION
I've got this somewhat old Angular web application which was updated from Angular 6 to Angular 12, however, Angular CLI is not being used for building it, instead it relies on Webpack 5, its loaders and AngularWebpackPlugin from @ngtools/webpack.
Recently, I needed to upgrade to a latest version of a library I was using and I got greeted with the following warning after my production build:
...ANSWER
Answered 2021-Sep-23 at 22:16Is there a certain plugin i need to use to "link" the partially compiled libraries so I avoid this issue?
Yes! You need to add the Angular Linker to process the problematic plugin. It's currently only available as a Babel plugin: @angular/compiler-cli/linker/babel
In short, add this to your Webpack config and replace ng-click-outside with your plugin(s):
QUESTION
Following the guide we upgraded angular 11 to 12. Before the upgrade karma is running the unit tests without any issues. However, after the upgrade this is what we end up with. Any idea how to check whats wrong.
I also compared the source with a refresh angular 12 project (karma works here), but changes did not make any difference.
...ANSWER
Answered 2021-Aug-17 at 12:36Did you ensure that the versions of karma, karma-chrome-launcher, karma-cli, karma-firefox-launcher, (all other karma packages) and jasmine packages were the same between the fresh Angular 12 version and your project? And then did you run a fresh npm install after making sure the versions are the same?
After that, try comparing test.ts, angular.json and tsconfig.spec.json between the fresh project and your project to ensure they are the same.
QUESTION
I need some inputs/suggestions on how to login into VSC extension. I have already done similar stuff for web application in angular using https://www.npmjs.com/package/angular-auth-oidc-client library.
I am developing VSC extension(typescript language) in which I have to authenticate users before they use it. For that, I have cloudIDP auth URL to which I have to forward the request for users to get logged in first. Once user is logged in, Users should come back to VSC extension and then start using in-built extension commands.
I am using https://www.npmjs.com/package/openid-client library with code flow. I am able to open login url, getting users loggedin, coming back to vscode extension but without token.
...ANSWER
Answered 2021-Jun-25 at 14:06I got it working.
After redirection, I have to handle logic in UriHandler class and then hitting the api for getting token there with the code params as received in after redirection.
Let me know if you want to understand (or in future), I would love to guide there.
Regards, Alpesh
QUESTION
I am testing this code which has dependency on OidcSecurityService:
ANSWER
Answered 2021-May-01 at 16:41userData$ is not a function, so it shouldn't be jest.fn() This isn't documented because non-function properties don't need special treatment from Jest, unless they are existing getters or setters (can be addressed with jest.spyOn third argument).
It is:
QUESTION
I've been using Identity Server 4.0 as my OpenId Connect provider. I can setup clients in Identity Server with Redirect Uris and Post Logout Redirect Uris. I've also been using the angular-auth-oidc-client to login/logout via the Identity server.
When logging in, my client library (angular-auth-oidc-client) does pass in the correct Uri specified in the config when calling the authorize endpoint. When I try to login with an incorrect Redirect Uri, Identity Server checks and validates that the Uri provided by the client is one of the accepted one for that client, and shows an error if it isnt (as expected).
When it comes to logout, none of it seems to be built in. My client library does not send the PostLogoutRedirectUri when calling the logout endpoint. Identity Server's sample code for logout does not except any URIs to be passed in. It's sample code simply gets the Post Logout Redirect Uri value from the database and creates a link on the logged out page. Not only does the sample code not allow the user to specify the Redirect Uri for logout, but it doesn't do any checks or even do a redirect (granted its only sample code and I can change it). I would expect my client library to pass the Uri along and Identity Server to redirect to the Uri after successful logout as long as its one of the "approved" Uris for the client.
My question is: What even is the point of PostLogoutRedirectUri? Neither Identity Server nor the OIDC client library I'm using do anything useful with it. There doesn't even seem to be an agreed upon convention for the name of the query string parameters to use to pass this Uri to Identity Server. And yet, both the Identity Server and the angular client library seem to have some support for it. So what's the point of this thing? Is it something that will be added or fleshed out later? Did I miss some documentation describing what its for and how to use it?
...ANSWER
Answered 2021-Apr-29 at 18:19It's a draft standard and support differs between libraries and vendors, but here is a summary:
A client uses the post logout redirect URI to log out in a controlled way, typically redirecting to an application page that gives the user a link to sign in again
A client could potentially have more than one post_logout_redirect_uri and decide which to use based on runtime conditions
The post_logout_redirect_uri sent is meant to only be honoured if it is accompanied by an id_token_hint - and if it matches a configured value against the OAuth client. I believe OIDC will send the current id token but it is worth checking that this is happening in your browser tools.
If a post_logout_redirect_uri is not sent then the Authorization Server may use the default one configured
See the official IETF docs on how this is meant to work.
QUESTION
I have an Ionic Angular app which I'm deploying to an Android device. I am using OpenID + KeyCloak for authentication, on the clientside I am taking care of this by using the angular-auth-oidc-client. The configuration I have set up is:
...ANSWER
Answered 2021-Apr-08 at 10:19Answer: Since an app's origin is http://localhost, and a local server is not running on the phone, the solution is to change the redirect_url parameter of the auth configuration to the package id of the application. Example: com.package.id://home
This will redirect you back to the app after finishing the authentication in the OAuth page
QUESTION
Hi I created an Angular app which is connected to the Identity Server 4 for authentication. I registered the angular client with AllowedCorsOrigins, and Scopes are accessing API. I also have other clients ".net core MVC" which also have the same scope (accessing API).I dont have any issue with MVC client but angular I am getting CORS error.
Identity Server Client
...ANSWER
Answered 2021-Mar-03 at 08:44I'm not 100% sure that I fully understood the context, but I suspect, that the .NET Core backend service, which serves the Angular app does not use the proxy configuration to the Angular development server on port 4200.
Therefore in the Startup.cs of the .NET based Angular backend service in ConfigureServices(IServiceCollection services) following configuration is needed:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install angular-auth-oidc-client
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
