angular-auth-oidc-client

Angular Lib for OpenID Connect Code Flow with PKCE and Implicit Flow

OpenID Code Flow with PKCE, Code Flow with refresh tokens, OpenID Connect Implicit Flow

OpenID Certification

This library is certified by OpenID Foundation. (RP Implicit and Config RP)

Features

• Supports OpenID Connect Code Flow with PKCE
• Supports Code Flow PKCE with Refresh tokens
• Revocation Enpoint
• Supports OpenID Connect Implicit Flow
• Complete client side validation for REQUIRED features
• OpenID Connect Session Management 1.0

Installation

Navigate to the level of your package.json and type

 npm install angular-auth-oidc-client

or with yarn

 yarn add angular-auth-oidc-client

Documentation

• Quickstart
• Samples
• Silent renew
• Guards
• Features
• Logout
• Using and revoking the access token
• CSP & CORS
• Public API
• Configuration
• Migration
• Changelog

Quickstart

For the example of the Code Flow. For further examples please check the Samples Section

Import the module and services in your module.

import { HttpClientModule } from '@angular/common/http';
import { APP_INITIALIZER, NgModule } from '@angular/core';
import { AuthModule, LogLevel, OidcConfigService } from 'angular-auth-oidc-client';
// ...

export function configureAuth(oidcConfigService: OidcConfigService) {
    return () =>
        oidcConfigService.withConfig({
            stsServer: 'https://offeringsolutions-sts.azurewebsites.net',
            redirectUrl: window.location.origin,
            postLogoutRedirectUri: window.location.origin,
            clientId: 'angularClient',
            scope: 'openid profile email',
            responseType: 'code',
            silentRenew: true,
            silentRenewUrl: `${window.location.origin}/silent-renew.html`,
            logLevel: LogLevel.Debug,
        });
}

@NgModule({
    // ...
    imports: [
        // ...
        AuthModule.forRoot(),
    ],
    providers: [
        OidcConfigService,
        {
            provide: APP_INITIALIZER,
            useFactory: configureAuth,
            deps: [OidcConfigService],
            multi: true,
        },
    ],
    // ...
})
export class AppModule {}

And call the method checkAuth() from your app.component.ts

import { Component, OnDestroy, OnInit } from '@angular/core';
import { OidcClientNotification, OidcSecurityService, PublicConfiguration } from 'angular-auth-oidc-client';
import { Observable } from 'rxjs';

@Component({
    /**/
})
export class AppComponent implements OnInit {
    constructor(public oidcSecurityService: OidcSecurityService) {}

    ngOnInit() {
        this.oidcSecurityService.checkAuth().subscribe((isAuthenticated) => console.log('app authenticated', isAuthenticated));
    }

    login() {
        this.oidcSecurityService.authorize();
    }

    logout() {
        this.oidcSecurityService.logoff();
    }
}

Using the access token

You can get the access token by calling the method getToken() on the OidcSecurityService

const token = this.oidcSecurityService.getToken();

And then you can use it in the HttpHeaders

import { HttpHeaders } from '@angular/common/http';

const token = this.oidcSecurityServices.getToken();

const httpOptions = {
    headers: new HttpHeaders({
        Authorization: 'Bearer ' + token,
    }),
};

License

MIT

Version 10

if you need information about version 10 please search here

https://github.com/damienbod/angular-auth-oidc-client/tree/version-10

Changelog

2020-05-02 Version 11.0.0

• Refactor lib config to make it easier to use
• Update project to Angular 9 #610
• added examples #625
• support refresh tokens with example, and docs (coming safari change)
• refactor configuration property names
• eslint conform #627
• Remove avoidable classes and add interfaces instead #626
• Create Loglevel enum instead of boolean "isxyzactive" #628
• Add prefix configuration for storage to allow multiple angular run in parallel #634
• Add an event service with an enum to throw events out #635
• Make folders for features not services, etc. #636
• SilentRenew breaks when using refresh_token and refresh_token is expired/invalid #667
• Pack the tests beside the files which are being tested when feature folders are available #637
• support multiple instances in browser
• Do not provide default config when config should have been set before #644
• Code Verifier not cryptographically random #642
• After successful login, getIsAuthorized still returns false for a bit. #549
• Expose silent renew running observable #447
• Issue with silent renew when js execution has been suspended #605
• Add support for OAuth 2.0 Token Revocation #673
• Silent renew dies if startRenew fails #617
• support for Angular 8 , Angular 9
• redesign login init
• Remove avoidable anys #624
• Use returned expired value of access token for expired validation
• Id_Token is rejected because of timing issue when server hour is different then client hour
• fix validate, fix max time offset #175
• Support azp and multiple audiences #582
• Add extra Refresh token validation #687
• Notification that checking session is initialized #686
• Refactor rxjs events, user profile events, silent renew, check session
• Add support for EC certificates #645
• id_token : alg : HS256 support #597
• redesign docs