我已经使用angular-oauth2-oidc API实现了基本的Oauth2 / OIDC静默刷新,并且在获取指向应用程序内特定区域的链接时遇到了一些问题。
例如,该应用程序生成电子邮件以供用户访问特定页面。单击该链接后,页面将呈现一会儿,然后出现重新加载,该重新加载似乎来自OAuth请求,应用程序返回到初始页面。
export class AppComponent implements OnInit {
private authConfig: AuthConfig;
constructor(
private oauthService: OAuthService,
private location: Location,
) {
console.log("AppComponent:constructor");
this.configureOAuth();
}
ngOnInit() {
}
private configureOAuth() {
this.authConfig = {
issuer: this.getIssuer(),
clientId: environment.clientId,
scope: 'openid profile email preferred_username',
responseType: 'code',
redirectUri: `${window.location.origin}/`,
silentRefreshRedirectUri: `${window.location.origin}/silent-renew.html`,
useSilentRefresh: true,
showDebugInformation: true,
};
this.oauthService.configure(this.authConfig);
this.oauthService.setStorage(sessionStorage);
this.oauthService.setupAutomaticSilentRefresh();
this.oauthService.loadDiscoveryDocumentAndLogin();
}
我的AppComponent在控制台日志中似乎已加载两次:
Navigated to: https://localhost:44306/action/1234
AppComponent:constructor
HttpRequestInterceptor: hasValidAccessToken: https://auth.myhost.com/.well-known/openid-configuration
HttpRequestInterceptor: hasValidAccessToken: https://auth.myhost.com/pf/JWKS
oauth/oidc event discovery_document_loaded
oauth/oidc event discovery_document_loaded
Navigated to https://localhost:44306/?code=b5dcWoxpFnc2Z9lfaCJaVWoj-l0oEpo1AG8AAAAG&state=VGplenktRWZ3N21aNDh5UHdlSVMyMGJOVEJheDBMa0lTeU1kaGR1OTRoSy5Y
AppComponent:constructor
oauth/oidc event discovery_document_loaded
oauth/oidc event discovery_document_loaded
http-request-interceptor.service.ts:25 HttpRequestInterceptor: hasValidAccessToken: https://auth.myhost.com/as/token.oauth2
refresh tokenResponse {access_token: "eyJhbGciOiJSUzI1NiIsImtpZCI6Ikx4cmdXck1EVV9nN3ROSV…Hq720zdSrR4UkPwBRTmfZIE0ZbLNHYl0v-DhNHChEBrSE0-OA", id_token: "eyJhbGciOiJSUzI1NiIsImtpZCI6Ikx4cmdXck1EVV9nN3ROSV…hynONaOjaeBKv63jKRm-m4VPC3JRysIRj0-zK4Y0C7VGdnjUA", token_type: "Bearer", expires_in: 7199}
oauth/oidc event token_received
oauth/oidc event token_refreshed
我想我在这里错过了一些非常简单的事情,但是在花了过去8个小时阅读了angular-oauth2-oidc文档,样本和搜索创意之后,我变得空虚。
谢谢
答案 0 :(得分:1)
经过一夜的睡眠并重新阅读了一些帖子,我发现正确的组合可以使事情正常进行。
首先,在我的RouterModule中,我重新配置为停止初始导航:
@NgModule({
imports: [RouterModule.forRoot(routes, { initialNavigation: false })],
在RouteGuard中,我仅在获取令牌后才激活:
canActivate(
route: ActivatedRouteSnapshot, state: RouterStateSnapshot
) {
let hasIdToken = this.oauthService.hasValidIdToken();
let hasAccessToken = this.oauthService.hasValidAccessToken();
return (hasIdToken && hasAccessToken);
}
最重要的是,在我的AppComponent中,我将初始URL传递给initCodeFlow并在返回时使用它:
constructor(
private oauthService: OAuthService,
private router: Router,
private location: Location,
) {
this.url = this.location.path(true);
this.configureOAuth();
}
private configureOAuth() {
this.authConfig = {
issuer: this.getIssuer(),
clientId: environment.clientId,
scope: 'openid profile email preferred_username',
responseType: 'code',
redirectUri: `${window.location.origin}/`,
silentRefreshRedirectUri: `${window.location.origin}/silent-renew.html`,
useSilentRefresh: true,
};
this.oauthService.configure(this.authConfig);
this.oauthService.setupAutomaticSilentRefresh();
return this.oauthService.loadDiscoveryDocumentAndTryLogin().then(() => {
if (this.oauthService.hasValidIdToken()) {
if (this.oauthService.state) {
this.router.navigateByUrl(decodeURIComponent(this.oauthService.state));
}
else {
this.router.navigateByUrl('/');
}
this.isLoaded = true;
} else {
// init with requested URL so it can be retrieved on response from state
this.oauthService.initCodeFlow(this.url);
}
});
}