使用 angular-oauth2-oidc 登录后未生成令牌

时间:2021-03-25 13:23:29

标签: angular oauth-2.0 amazon-cognito angular-oauth2-oidc

我正在尝试使用 OAuth2 库 (angular-oauth2-oidc) 通过 aws cognito 进行身份验证。 当我启动我的应用程序时,我很好地获得了 AwsCognito 的默认登录页面,但是当我输入登录名/密码时,我得到了一个循环页面(未生成令牌)。 hasValidAccesToken 的值已经是 false 这是我登录后得到的循环 URL:

http://localhost:4200/?code=cfb39cc7-936d-4a0d-a176-d796c080dda2&state=Y01hS0dyeXpWY35-Yk9sfmVvZjRiRFhoNWF4cGN4TUlZU2JCOUdLS1VMeUE5

在我的代码下面:

Guards.ts

canActivate() {
   if (!this.oauthService.hasValidAccessToken()) {
      this.router.navigate(['login']);
      return false;
    }
    return true;
  }

登录.ts

constructor(private oauthService: OAuthService, private configService: ConfigService, private router: Router) {  
    this.oauthService.configure(this.loadConfig());
    this.oauthService.tokenValidationHandler = new JwksValidationHandler();

    this.oauthService.loadDiscoveryDocumentAndTryLogin().then(() => {
     if (!this.oauthService.hasValidIdToken()) {
       this.oauthService.initCodeFlow();
     }
   });
     this.oauthService.setupAutomaticSilentRefresh();
  }

private loadConfig() {
    let authConfiguration: AuthConfig = {};
    authConfiguration.clientId = this.configService.config['clientId'];
    authConfiguration.issuer = this.configService.config['issuer'];
    authConfiguration.clientId = this.configService.config['clientId']; // The "Auth Code + PKCE" client
    authConfiguration.responseType = this.configService.config['responseType'];
    authConfiguration.redirectUri = window.location.origin +'/home';
    authConfiguration.scope = this.configService.config['scope']; // Ask offline_access to support refresh token refreshes
    authConfiguration.useSilentRefresh = this.configService.config['useSilentRefresh']; // Needed for Code Flow to suggest using iframe-based refreshes
    authConfiguration.silentRefreshTimeout = this.configService.config['silentRefreshTimeout']; // For faster testing
    authConfiguration.sessionChecksEnabled = this.configService.config['sessionChecksEnabled'];
    authConfiguration.showDebugInformation = this.configService.config['showDebugInformation']; // Also requires enabling "Verbose" level in devtools
    authConfiguration.clearHashAfterLogin = this.configService.config['clearHashAfterLogin']; // https://github.com/manfredsteyer/angular-oauth2-oidc/issues/457#issuecomment-431807040;
    authConfiguration.nonceStateSeparator = this.configService.config['nonceStateSeparator']; // Real semicolon gets mangled by IdentityServer's URI encoding;
    authConfiguration.strictDiscoveryDocumentValidation = this.configService.config['strictDiscoveryDocumentValidation'];

    return authConfiguration;
  }

config.json

{
    "issuer": "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_XXXXXXX",
    "clientId": "3XXXXXXXXXXXXXXX2uc",
    "responseType": "code",
    "scope": "openid profile",
    "useSilentRefresh": true,
    "silentRefreshTimeout": 5000,
    "sessionChecksEnabled": true,
    "showDebugInformation": true,
    "clearHashAfterLogin": false,
    "nonceStateSeparator": "semicolon",
    "strictDiscoveryDocumentValidation": false,
    "AlwaysIncludeuserClaimsInIdToken": true
}

有人对这个问题有想法吗?

1 个答案:

答案 0 :(得分:0)

您尝试使用哪个流程?您的配置定义了 "responseType": "code",,它建议代码流。

然后,在您的代码中执行 this.oauthService.initImplicitFlow() 使应用尝试使用隐式流程登录。

根据您的 IdP 的配置方式以及您要使用的流,将 responseType 更改为令牌,或使用 this.oauthService.initCodeFlow()

相关问题
最新问题