CODEWITHSUNDEEP
oauth-2.0angular7angular-oauth2-oidc
pixie
pixie

Reputation: 517

angular-oidc library code flow without discovery document

we have to implement the oauth2 code flow in our Angular application. We have used until now the implicit flow with no problems, we are using this library https://github.com/manfredsteyer/angular-oauth2-oidc. Now, for the code flow we don't have any discovery document available, so the library cannot move on with the flow. Is there any possibility to configure the URLs for the code flow manually? We are using version 8.0.4 of the library and our Angular version is 7.

Thanks!

Upvotes: 4

Views: 846

Answers (1)

user18503941
user18503941

Reputation: 11

Authorization code Legacy flow (without pkce) configure mannually without discovery document - manfredsteyer / angular-oauth2-oidc.

They posted a solution at: https://github.com/manfredsteyer/angular-oauth2-oidc/issues/1051.

Some details from jeroenheijmans

*It's possible, but you need to configure everything manually then. Skip the loadDiscoveryDocument... parts and instead configure everything in that place, then continue otherwise as you normally would.

In #1051 I think the same question was asked - https://github.com/manfredsteyer/angular-oauth2-oidc/issues/1051*

Based off my sample you could roughly do something like this:

private configureWithoutDisovery(): Promise<void> {
    // configure the library here, by hand, per your IDS settings
}

public runInitialLoginSequence(): Promise<void> {
    return this.configureWithoutDisovery()
      .then(() => this.oauthService.tryLogin())
      .then(() => {
        if (this.oauthService.hasValidAccessToken()) {
          return Promise.resolve();
        }
        return this.oauthService.silentRefresh()
          .then(() => Promise.resolve())
          .catch(result => {
            const errorResponsesRequiringUserInteraction = [ 'interaction_required', 'login_required', 'account_selection_required', 'consent_required' ];

            if (result && result.reason && errorResponsesRequiringUserInteraction.indexOf(result.reason.error) >= 0) {
              console.warn('User interaction is needed to log in, we will wait for the user to manually log in.');
              return Promise.resolve();
            }
            return Promise.reject(result);
          });
      })

      .then(() => {
        this.isDoneLoadingSubject$.next(true);
        // optionally use this.oauthService.state to route to original location
      })
      .catch(() => this.isDoneLoadingSubject$.next(true));
  }

Upvotes: 1

Related Questions