Security News
JSR Working Group Kicks Off with Ambitious Roadmap and Plans for Open Governance
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
angular-auth-oidc-client
Advanced tools
OpenID Connect Implicit Flow
Documentation : Quickstart | API Documentation | Changelog
Navigate to the level of your package.json and type
npm install angular-auth-oidc-client --save
or with yarn
yarn add angular-auth-oidc-client
or you can add the npm package to your package.json
"angular-auth-oidc-client": "1.0.8"
and type
npm install
Import the module and services in your module. Set the AuthConfiguration properties to match the server configuration. At present only the id_token token flow is supported.
import { NgModule } from '@angular/core';
import { AuthModule, AuthConfiguration } from 'angular-auth-oidc-client';
@NgModule({
imports: [
...
AuthModule.forRoot()
],
...
})
export class AppModule {
constructor(public authConfiguration: AuthConfiguration) {
this.authConfiguration.stsServer = 'https://localhost:44318';
this.authConfiguration.redirect_url = 'https://localhost:44311';
// The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience.
// The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.
this.authConfiguration.client_id = 'angularclient';
this.authConfiguration.response_type = 'id_token token';
this.authConfiguration.scope = 'dataEventRecords securedFiles openid';
this.authConfiguration.post_logout_redirect_uri = 'https://localhost:44311/Unauthorized';
this.authConfiguration.start_checksession = false;
this.authConfiguration.silent_renew = true;
this.authConfiguration.startup_route = '/dataeventrecords/list';
// *OPTIONAL* - some implementations require you to provide resource (e.g. client id or resource name) along with the request. provide it here.
this.authConfiguration.resource ='';
// HTTP 403
this.authConfiguration.forbidden_route = '/Forbidden';
// HTTP 401
this.authConfiguration.unauthorized_route = '/Unauthorized';
this.authConfiguration.log_console_warning_active = true;
this.authConfiguration.log_console_debug_active = false;
// id_token C8: The iat Claim can be used to reject tokens that were issued too far away from the current time,
// limiting the amount of time that nonces need to be stored to prevent attacks.The acceptable range is Client specific.
this.authConfiguration.max_id_token_iat_offset_allowed_in_seconds = 3;
}
}
Create the login, logout component and use the oidcSecurityService
constructor(public oidcSecurityService: OidcSecurityService) {
}
ngOnInit() {
if (window.location.hash) {
this.oidcSecurityService.authorizedCallback();
}
}
login() {
console.log('start login');
this.oidcSecurityService.authorize();
}
refreshSession() {
console.log('start refreshSession');
this.oidcSecurityService.authorize();
}
logout() {
console.log('start logoff');
this.oidcSecurityService.logoff();
}
In the http services, add the token to the header using the oidcSecurityService
private setHeaders() {
this.headers = new Headers();
this.headers.append('Content-Type', 'application/json');
this.headers.append('Accept', 'application/json');
let token = this.oidcSecurityService.getToken();
if (token !== '') {
let tokenValue = 'Bearer ' + token;
this.headers.append('Authorization', tokenValue);
}
}
In the app module of the Angular app you can set the storage of your choice. Tested with localStorage and sessionStorage
constructor(public oidcSecurityService: OidcSecurityService) {
this.oidcSecurityService.setStorage(localStorage);
}
https://github.com/damienbod/angular-auth-oidc-sample-google-openid
This npm package was created using the https://github.com/robisim74/angular-library-starter from Roberto Simonetti.
MIT
2017-06-28 version 1.0.8
<a name="2017-06-28"></a>
FAQs
Angular Lib for OpenID Connect & OAuth2
The npm package angular-auth-oidc-client receives a total of 58,526 weekly downloads. As such, angular-auth-oidc-client popularity was classified as popular.
We found that angular-auth-oidc-client demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At its inaugural meeting, the JSR Working Group outlined plans for an open governance model and a roadmap to enhance JavaScript package management.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.