Comments (4)
I'm supposing you run the example on origin localhost:4200
?
For the silent refresh, a hidden iframe is loaded with that URL you've shown. Its origin is cds-identity.rdeadmin.waters.com:50333
. It seems (from the error you post) that it sets:
X-Frame-Options: sameorigin
By this the Identity Server indicates that the identity/connect/authorize?...
location can only be loaded in an iframe by a website loaded from the same origin. See also these docs.
So your hunch is correct, you need to reconfigure your Identity Server to allow at least that specific route to be loaded from other domains (so with no X-Frame-Options
set).
Typically, it would make sense if an Identity Server does set that option for connect/authorize
normally, but not when ?...&prompt=none
is included. You haven't mentioned what you use for your IDS, but I'd check there first.
from sample-angular-oauth2-oidc-with-auth-guards.
Please let me know if that clears things up, and whether we can close the issue for now? (Or you could close it yourself if you like.)
from sample-angular-oauth2-oidc-with-auth-guards.
Thanks for responding. Actually it confuses me a bit more. I guess let me explain how I got here. I downloaded and am using the angular-oauth2-oidc package to start using an identity server (it was written by someone in my company I believe) and was able to successfully login using the IDS. However, when changing code on the fly in Visual Studio Code and/or hitting refresh on my SPA my app gets hung and the UI is not responsive and doesn't redraw. I thought it might be a silent refresh problem so I tried to put those options in to no avail. Then I found your test app and am trying that and that is when I ran into the error above. So to make things easier to debug, I created a test app which did similar things that my normal app does and that is where I am seeing the problem. I can run the test app 2 ways, the way I configured it in my SPA and your way (only changing the way oauth2 is initialized and the auth guards. Is there any way I can zip that up send it to you so you can try it and help me debug the problem? Thanks!
from sample-angular-oauth2-oidc-with-auth-guards.
Hmmm, now I am slightly confused. In your last comment you wrote:
when changing code on the fly in Visual Studio Code and/or hitting refresh on my SPA my app gets hung and the UI is not responsive and doesn't redraw
But in your original post you only mention "sameorigin" problems, which is something else entirely?
Regarding sending a zip for debugging assistance, I'm afraid you'll have to turn towards colleagues, friends, consultants, or debugging some more yourself. Alternatively, you could try to make a minimal repro of the entire thing, and post a question on Stack Overflow.
I myself unfortunately have limited time, and want to keep this repo really to itself. So unless there's a bug/issue left over with this repo, I'm going to close the issue.
Good luck with getting your setup to work!
from sample-angular-oauth2-oidc-with-auth-guards.
Related Issues (20)
- Add more unit test coverage for "copy-pastable" code
- Add observable to indicate if User Profile was loaded HOT 2
- Difference between this sample repository and the samples in the library's repository HOT 1
- Switch from demo.identityserver.io instance
- Microsoft Azure AD takes longer time on initial load with same setup HOT 6
- Getting silent_refresh_timeout right after "Content Security Policy" violation for "frame-ancestors 'none'" HOT 5
- Kicks me out a second after logging in HOT 5
- isAuthenticated observable is false when localStorage is used HOT 3
- Steps for Azure AD HOT 2
- (Cross-post) Announcement about moderation of the library's community
- Question - Howto redirect to login page directly HOT 1
- Application logs out too quickly in Firefox HOT 1
- I stay authenticated even after i logout HOT 5
- Keep sending id_token as auth bearer HOT 1
- Update to Angular 16 HOT 1
- Replace Protractor with other end-to-end testing utilities HOT 3
- Consider dropping silent-refresh/iframe by using refresh endpoint HOT 3
- The attempt at silent refresh during the runInitialLoginSequence method can cause extremely long page loads if no token is present depending on the server used HOT 2
- Upgrade to Angular 17
- Auth service unit test is incorrect HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sample-angular-oauth2-oidc-with-auth-guards.