angular-auth-oidc-client

Angular Lib for OpenID Connect & OAuth2

OpenID Code Flow with PKCE, Code Flow with refresh tokens, OpenID Connect Implicit Flow

OpenID Certification

This library is certified by OpenID Foundation. (RP Implicit and Config RP)

Features

• Samples for most of the common use cases
• ng add support
• Supports all modern OIDC identity providers
• Supports OpenID Connect Code Flow with PKCE
• Supports Code Flow PKCE with Refresh tokens
• Supports OpenID Connect Implicit Flow
• Supports OpenID Connect Session Management 1.0
• Supports RFC7009 - OAuth 2.0 Token Revocation
• Supports RFC7636 - Proof Key for Code Exchange (PKCE)
• Supports OAuth 2.0 Pushed authorisation requests (PAR) draft
• Support for current best practice
• Semantic releases
• Github actions
• Modern coding guidelines with prettier, husky
• Up to date documentation
• Implements OIDC validation as specified, complete client side validation for REQUIRED features
• Supports authenticiation using redirect or popup

Installation

Ng Add

You can use the schematics and ng add the library.

ng add angular-auth-oidc-client

And answer the questions. A module will be created which encapsulates your configuration.

Npm / Yarn

Navigate to the level of your package.json and type

 npm install angular-auth-oidc-client

or with yarn

 yarn add angular-auth-oidc-client

Documentation

• Quickstart

• Samples

  • Code Flow with PKCE Using a configuration from an http source and silent renew
  • Code Flow PKCE with Refresh tokens
  • Code Flow PKCE Auto login
  • Code Flow with PKCE basic with silent renew
  • Code flow with popup
  • Code flow with pushed authorization request
  • Azure B2C Code Flow PKCE with silent renew
  • Azure AD Code Flow PKCE with silent renew
  • Implicit Flow with silent renew (Not recommended)
  • Implicit Flow google (Not recommended)
  • Code flow with a lazy loaded module

• Silent renew

  • Silent Renew Code Flow with PKCE
  • Silent Renew Code Flow with PKCE with refresh tokens
  • Silent Renew Implicit Flow
  • Secure Token Server CSP and CORS

• Guards

• Features

  • Public Events
  • Auth with a popup
  • Custom Storage
  • Custom parameters
  • Auto Login
  • Using the OIDC package in a module or a Angular lib
  • Delay the loading or pass an existing AuthWellKnownEndpoints config

• Logout

• Using and revoking the access token

• CSP & CORS

• Public API

• Configuration

• Migration

• Changelog

Quickstart

For the example of the Code Flow. For further examples please check the Samples Section

NOTE If you have done the installation with the schematics, these modules and files should be available already!!!

If the schematics did not do this already: Import the module and services in your module.

import { HttpClientModule } from '@angular/common/http';
import { APP_INITIALIZER, NgModule } from '@angular/core';
import { AuthModule, LogLevel, OidcConfigService } from 'angular-auth-oidc-client';
// ...

export function configureAuth(oidcConfigService: OidcConfigService) {
  return () =>
    oidcConfigService.withConfig({
      stsServer: '<your sts address here>',
      redirectUrl: window.location.origin,
      postLogoutRedirectUri: window.location.origin,
      clientId: 'angularClient',
      scope: 'openid profile email',
      responseType: 'code',
      silentRenew: true,
      silentRenewUrl: `${window.location.origin}/silent-renew.html`,
      logLevel: LogLevel.Debug,
    });
}

@NgModule({
  // ...
  imports: [
    // ...
    AuthModule.forRoot(),
  ],
  providers: [
    OidcConfigService,
    {
      provide: APP_INITIALIZER,
      useFactory: configureAuth,
      deps: [OidcConfigService],
      multi: true,
    },
  ],
  // ...
})
export class AppModule {}

And call the method checkAuth() from your app.component.ts. The method checkAuth() is needed to process the redirect from your sts and set the correct states. This method must be used to ensure the correct functioning of the library.

import { Component, OnDestroy, OnInit } from '@angular/core';
import { OidcClientNotification, OidcSecurityService, PublicConfiguration } from 'angular-auth-oidc-client';
import { Observable } from 'rxjs';

@Component({
  /**/
})
export class AppComponent implements OnInit {
  constructor(public oidcSecurityService: OidcSecurityService) {}

  ngOnInit() {
    this.oidcSecurityService.checkAuth().subscribe((auth) => console.log('is authenticated', auth));
  }

  login() {
    this.oidcSecurityService.authorize();
  }

  logout() {
    this.oidcSecurityService.logoff();
  }
}

Using the access token

You can get the access token by calling the method getToken() on the OidcSecurityService

const token = this.oidcSecurityService.getToken();

And then you can use it in the HttpHeaders

import { HttpHeaders } from '@angular/common/http';

const token = this.oidcSecurityServices.getToken();

const httpOptions = {
  headers: new HttpHeaders({
    Authorization: 'Bearer ' + token,
  }),
};

License

MIT

Version 10

if you need information about version 10 please search here

https://github.com/damienbod/angular-auth-oidc-client/tree/version-10

Changelog

2021-04-11 Version 11.6.5

• Silent renew with refresh tokens - handle no connection use case
  • PR
• Added Guard CanLoad interface
  • PR