- Added renew process denotation to AuthorizationResu
- bug fix logging, code flow callback
- generic OidcSecurityService.getUserData
- OidcSecurityService with some observables
- Do not check idToken nonce when using refreshToken
- strictNullChecks
- safer-silent-renew
- reduce size of the package
- Ability to change the amount of seconds for the IsAuthorizedRace to do a Timeout
- fixing url parse wo format
- documentation fixes
- use_refresh_token configuration added.
- Added support for refresh tokens in code flow
- expose logger service
- Added a try catch to handle the CORS error that is thrown if the parent has a different origin htne the iframe. Issue #466
- bug fix: onConfigurationLoaded does not fired
- bug fix: [SSR] Session storage is not defined
- revert angular build to angular 7, fix npm dist
- remove silent_redirect_url only use silent_renew_url
- refactored configuration for module, angular style
- rename OpenIDImplicitFlowConfiguration to OpenIDConfiguration
Before
this.oidcConfigService.onConfigurationLoaded.subscribe(() => {
const openIDImplicitFlowConfiguration = new OpenIDImplicitFlowConfiguration();
openIDImplicitFlowConfiguration.stsServer = this.oidcConfigService.clientConfiguration.stsServer;
openIDImplicitFlowConfiguration.redirect_url = this.oidcConfigService.clientConfiguration.redirect_url;
openIDImplicitFlowConfiguration.client_id = this.oidcConfigService.clientConfiguration.client_id;
openIDImplicitFlowConfiguration.response_type = this.oidcConfigService.clientConfiguration.response_type;
...
configuration.FileServer = this.oidcConfigService.clientConfiguration.apiFileServer;
configuration.Server = this.oidcConfigService.clientConfiguration.apiServer;
const authWellKnownEndpoints = new AuthWellKnownEndpoints();
authWellKnownEndpoints.setWellKnownEndpoints(this.oidcConfigService.wellKnownEndpoints);
this.oidcSecurityService.setupModule(openIDImplicitFlowConfiguration, authWellKnownEndpoints);
After
import {
AuthModule,
OidcSecurityService,
ConfigResult,
OidcConfigService,
OpenIdConfiguration
} from 'angular-auth-oidc-client';
export function loadConfig(oidcConfigService: OidcConfigService) {
console.log('APP_INITIALIZER STARTING');
return () => oidcConfigService.load(`${window.location.origin}/api/ClientAppSettings`);
}
@NgModule({
imports: [
...
HttpClientModule,
AuthModule.forRoot(),
],
providers: [
OidcConfigService,
OidcSecurityService,
{
provide: APP_INITIALIZER,
useFactory: loadConfig,
deps: [OidcConfigService],
multi: true
}
],
bootstrap: [AppComponent],
})
export class AppModule {
constructor(
private oidcSecurityService: OidcSecurityService,
private oidcConfigService: OidcConfigService,
) {
this.oidcConfigService.onConfigurationLoaded.subscribe((configResult: ConfigResult) => {
const config: OpenIdConfiguration = {
stsServer: configResult.customConfig.stsServer,
redirect_url: configResult.customConfig.redirect_url,
client_id: configResult.customConfig.client_id,
response_type: configResult.customConfig.response_type,
scope: configResult.customConfig.scope,
post_logout_redirect_uri: configResult.customConfig.post_logout_redirect_uri,
start_checksession: configResult.customConfig.start_checksession,
silent_renew: configResult.customConfig.silent_renew,
silent_renew_url: configResult.customConfig.redirect_url + '/silent-renew.html',
post_login_route: configResult.customConfig.startup_route,
forbidden_route: configResult.customConfig.forbidden_route,
unauthorized_route: configResult.customConfig.unauthorized_route,
log_console_warning_active: configResult.customConfig.log_console_warning_active,
log_console_debug_active: configResult.customConfig.log_console_debug_active,
max_id_token_iat_offset_allowed_in_seconds: configResult.customConfig.max_id_token_iat_offset_allowed_in_seconds,
history_cleanup_off: true
// iss_validation_off: false
// disable_iat_offset_validation: true
};
this.oidcSecurityService.setupModule(config, configResult.authWellknownEndpoints);
});
}
}
- authNonce not cleared in storage after unsuccessful login and logout
- Should 5 seconds timeout on silent_renew be configurable? => fails fast now if server responds
- increased length of state value for OIDC authorize request
- session_state is optional for code flow
- Added disable_iat_offset_validation configuration for clients with clock problems
- Updated the Docs
- Updated the Docs
- Adding sample usage to repo
- Updated the Docs
- Changed to Angular-CLI builder
- Added a sample in this repo
- Add TokenHelperService to public API
- logs: use !! to display getIdToken() and _userData.value in silentRenewHeartBeatCheck()
- bug fix at_hash is optional for code flow
- removing session_state check from code flow response
- Validation state in code callback redirect
- Make it possible to turn off history clean up, so that the angular state is preserved.
- Support for OpenID Connect Code Flow with PKCE
Implicit flow callback renamed from authorizedCallback() to authorizedImplicitFlowCallback()
- Changed iframe to avoid changing history state for repeated silent token renewals
- make it possible to turn the iss validation off per configuration
- reset history after OIDC callback with tokens
- When
logOff()is called storage should be cleared before emitting an authorization event. - AuthConfiguration object will now always return false for
start_checksession and silent_renewproperties when not running on a browser platform.
- Adding an
onConfigurationChangeObservable to `OidcSecurityService
- replaced eventemitters with Subjects/Observables and updated and docs
- Optional url handler for logoff function
- silent_renew is now off by default (false).
- Fix for when token contains multiple dashes or underscores
- Unicode special characters (accents and such) in JWT are now properly…
- authorizedCallback should wait until the module is setup before running.
- Check session will now be stopped when the user is logged out
- Adding validation state result info to authorization event result
- bug fixes in check session
- Refactoring getIsAuthorized()
- A blank
session_statein the check session heartbeat should emit a … - Fixing inability to turn off silent_renew and adding safety timeout
- check for valid tokens on start up
- silent_renew inconsistent with execution
- Handle callback params that contain equals char
- Removing the fetch package, using the httpClient now instead
- Add unique ending to key to prevent storage crossover
- Public resetAuthorizationData method and getEndSessionUrl function
- wso2 Identity Server audience validation failed support
- Throw error when userinfo_endpoint is not defined (Azure AD)
- Removing resource propety from the config, not used.
- fixing silent renew bug
- Updating src to support rxjs 6.1.0, Angular 6.0.0
- Updating src to support typescript 2.7.2
- Lightweight silent renew
- added optional url handler parameter in the authorize function.
- returning bool event from config service
- silent renew fixes
- check session renew fixes
- adding error handling to config service, used for the APP_INITIALIZER
- fixing init process, using APP_INITIALIZER, and proper support for angular guards
- removed override_well_known_configuration, well_known_configuration now loaded from the APP_INITIALIZER
- removed override_well_known_configuration_url, well_known_configuration now loaded from the APP_INITIALIZER
If you want to configure the well known endpoints locally, you need to set this to true.
- fixing rollup build
- adding a check session event
- adding onAuthorizationResult for the silent renew event
- onAuthorizationResult is always sent now
- no redirects are triggered for silent renews
- bug fix incorrect user data type
- bug fix silent renew error handling
- bug fix aud string arrays not supported
- bug fix user data set from id_token, when oidc user api is not supported
- code clean up, package size
- bug fix, rxjs imports
- bug fix, rxjs imports
- using lettable operators rxjs
- bug fix, check session
- refreshSession is now public
- isAuthorized does not working on refresh
- Add prompt= none to silent renew, according to the spec: in fact some op do not refresh the token in the absence of it. Related to: #14
- Fix the starting of silent renew and check session after the authWellKnownEndpoint has been loaded, to avoid an undefined router (they use its info)
- Fix(building): public api exports
- fix: adding additional URL parameters to the authorize request in IE, Edge
- documentation HTTPClient intercept
- fixing peer dependency bug
- Update to HttpClient
- Removing forChild function, not used
- Renaming startup_route to post_login_route
- setting better default values for the configuration
- Documentation fixes
- Fix rxjs imports
- Add optional hd parameter for Google Auth with particular G Suite domain, see https://developers.google.com/identity/protocols/OpenIDConnect#hd-param
- fix: local_state is always null because is not being set
- fix: change for emtpy header in id_token, improved logging
- fix: Local Storage session_state undefined parse error
- fix: silent renew fix after refresh
- fix: OidcSecurityService emits onModuleSetup before authWellKnownEndpoints are loaded
- fix: if auto_userinfo is false, we still need to execute runTokenValidation
- Add silent_renew_offset_in_seconds option
- Add option to trigger event on authorization resolution instead of automatic redirect
- Throws Exception when the library is used in an application inside a iframe (cross domain)
- updating jsrasign
- endsession support for custom parameters
- auto_clean_state_after_authentication which can be used for custom state logic handling
- support for hash routes
- support for custom authorization strings like Azure Active Directory B2C
- Fix authorization url construction
- adding moduleSetup boolean so that the authorization callback can wait until the module is ready
- API new function for get id_token
- API new function for get user info
- user info configuration for auto get user info after login
- API custom request params can be added to the authorization request URL using the setCustomRequestParameters function
- bugfix error handling
- bugfix configuration default values
- bugfix refresh isAuthorized
- bugfix refresh user data
- support reading json file configurations
- Fix types in storage class
- support for SSR
- support for custom storage
- bugfix server side rendering, null check for storage
- clean up session management
- bugfix Silent token renew fails on state validation
- API documentation
- refactor init of module
- setStorage method added
- bug fix well known endpoints loaded logout.
- Event for well known endpoints loaded
- storage is can be set per function
- Adding support for server rendering in Angular
- storage can be set now
- updating validation messages
- Bug fix no kid validation withe single, multiple jwks headers
- Bug fix validation
- Version for OpenID Certification
- support for decoded tokens
- Adding a resource configuration
- Validating kid in id_token header
- remove manual dependency to jsrasign
- build clean up
- new configuration override for well known endpoints.
- validate user data sub value
- id_token flow
- fixed rollup build
- Adding some docs to the project
- init