使用B2C在Javascript / Angular 6 SPA应用程序中通过MSAL.JS注销的错误

时间:2018-09-25 16:40:31

标签: javascript angular azure azure-ad-b2c msal.js

我有一个使用MSAL.JS针对Azure AD B2C进行身份验证的Javascript SPA应用程序,还有一个使用MSAL针对Angular针对Azure AD B2C进行身份验证的Angular 6 SPA应用程序。

在两个应用程序中,注销均抛出错误以下消息。

关联ID:6de6e068-7b07-4d24-bac4-c1af3131815b 时间戳记:2018-09-25 16:16:20Z AADB2C90272:在请求中未指定id_token_hint参数。请提供令牌,然后重试。

对于注销,MSAL具有非常简单的注销api,该api不带任何参数,那么如何提供id_token_hint?我想念什么吗?在Angular Application中注入MsalModule时是否需要提供任何配置参数。或Msal.UserAgentApplication的Javascript应用中类似的内容。

1 个答案:

答案 0 :(得分:0)

我基本上使用的是当前最新的“ msal”:“ ^ 0.2.3”,这是我的身份验证服务,在app.module中不需要配置,并且注销可以正常工作:

import { Injectable } from '@angular/core';
import { environment } from '../../environments/environment';
import * as Msal from 'msal';
import { User } from "msal/lib-commonjs/User";
import { ApiService } from './api.service';
import { BackendRoutes } from './backend.routes';

@Injectable()
export class AuthenticationService {
    private _clientApplication: Msal.UserAgentApplication;
    private _authority: string;

constructor(private apiService: ApiService, private backendRoutes: BackendRoutes) {
    this._authority = `https://login.microsoftonline.com/tfp/${environment.tenant}/${environment.signUpSignInPolicy}`;

    this._clientApplication =
        new Msal.UserAgentApplication(
            environment.clientID,
            this._authority,
            this.msalHandler,
            {
                cacheLocation: 'localStorage',
                redirectUri: window.location.origin
            });
}

msalHandler(errorDesc: any, token: any, error: any, tokenType: any) {
    let userAgent: Msal.UserAgentApplication = <any>(this);
    if (errorDesc.indexOf("AADB2C90118") > -1) {
        //Forgotten password
        userAgent.authority = `https://login.microsoftonline.com/tfp/${environment.tenant}/${environment.passResetPolicy}`;
        userAgent.loginRedirect(environment.b2cScopes);

    } else if (errorDesc.indexOf("AADB2C90077") > -1) {
        //Expired Token, function call from interceptor with proper context
        this.logout();
    }
}

addUser(): void {
    if (this.isOnline()) {
        this.apiService.post(this.backendRoutes.addUser).subscribe();
    }
}

login(): void {
    this._clientApplication.loginRedirect(environment.b2cScopes);
}

logout(): void {
    this._clientApplication.logout();
}

getAuthenticationToken(): Promise<string> {
    return this._clientApplication.acquireTokenSilent(environment.b2cScopes)
        .then(token => token)
        .catch(error => {
            return Promise.reject(error);
        });
}

拦截器链接到它:

export class AuthenticationHttpInterceptor implements HttpInterceptor {

    constructor(private authenticationService: AuthenticationService) {
    }

    intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
        return from(this.authenticationService.getAuthenticationToken()
            .then(token => {
                return req.clone({
                    setHeaders: {
                        Authorization: `Bearer ${token}`
                    }
                });
            })
            .catch(err => {
                this.authenticationService.msalHandler(err,null,null,null);
                return req;
            }))
            .switchMap(req => {
                return next.handle(req);
            });
    }
}
相关问题
最新问题