Comments (3)
Hey! The sample uses the iframe based silent refresh currently. In #40 you can read up about caveats with this approach: basically if you serve your IDS on a different domain than your app, then you'll be in trouble.
Refresh tokens are one way to deal with that. As you said it requires offline_access
in the scope. It should be quite possible to use that with my sample. Things to keep in mind:
- Add
offline_access
to the scope, and you should get a refresh token - Change your
client_id
too if needed, and make sure your ID Server is allowed to give out refresh tokens - Add any additional mitigations in your architecture to prevent abuse of refresh tokens
- (MAYBE - not sure if this is needed) => you might need to change the way my sample does refreshes, but maybe not
For that last point: just give it a go, and get back to us what you found! That might help others.
from sample-angular-oauth2-oidc-with-auth-guards.
Hi !
Thanks for your quick answer. Just read your comment and the issue you are mentioning.
Yesterday, I managed to get refresh token working but I receive the refresh token even without adding offline_access
to the scope. I even get an error from my IDS when I add offline_access
to the scope. This situation may be specific to my IDS which is Keycloak.
Also, as the IDS server (id.myapp.com) is on a similar subdomain as the application (app.myapp.com) it may make things easier.
Here is what changes in my code so it may help people dealing with refresh token in Code Flow with Keycloak :
- In initial login sequence, after loading the discovery document, trying loging and having an invalid access token (I am using an
async/await
format, but it is the same):
if (this.oauthService.getRefreshToken()) {
try {
await this.oauthService.refreshToken();
} catch(err) {
// Refresh token has failed
this.isDoneLoading$.next(true);
this.user$.next(null);
}
// Refresh token has succeeded
// Handle successful login
}
// Login failed and refresh token is missing
this.isDoneLoading$.next(true);
this.user$.next(null);
return Promise.resolve();
- In the authentication config, I have turn
useSilentRefresh
option to true.
I am open to any comment, tell me what you think about this solution and what is missing 😉
from sample-angular-oauth2-oidc-with-auth-guards.
Thx for sharing! I think we can close this issue for now, right? Feel free to post if you have more to share with others landing here, or link to any fork you might have with such a setup.
from sample-angular-oauth2-oidc-with-auth-guards.
Related Issues (20)
- Add more unit test coverage for "copy-pastable" code
- Add observable to indicate if User Profile was loaded HOT 2
- Difference between this sample repository and the samples in the library's repository HOT 1
- Switch from demo.identityserver.io instance
- Microsoft Azure AD takes longer time on initial load with same setup HOT 6
- Getting silent_refresh_timeout right after "Content Security Policy" violation for "frame-ancestors 'none'" HOT 5
- Kicks me out a second after logging in HOT 5
- isAuthenticated observable is false when localStorage is used HOT 3
- Steps for Azure AD HOT 2
- (Cross-post) Announcement about moderation of the library's community
- Question - Howto redirect to login page directly HOT 1
- Application logs out too quickly in Firefox HOT 1
- I stay authenticated even after i logout HOT 5
- Keep sending id_token as auth bearer HOT 1
- Update to Angular 16 HOT 1
- Replace Protractor with other end-to-end testing utilities HOT 3
- Consider dropping silent-refresh/iframe by using refresh endpoint HOT 3
- The attempt at silent refresh during the runInitialLoginSequence method can cause extremely long page loads if no token is present depending on the server used HOT 2
- Upgrade to Angular 17
- Auth service unit test is incorrect HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sample-angular-oauth2-oidc-with-auth-guards.