angular-auth-oidc-client
OpenID Connect Implicit Flow
OpenID Certification
This library is certified by OpenID Foundation. (RP Implicit and Config RP)
Features
Documentation : Quickstart | API Documentation | Changelog
Using the package
Navigate to the level of your package.json and type
npm install angular-auth-oidc-client --save
or with yarn
yarn add angular-auth-oidc-client
or you can add the npm package to your package.json
"angular-auth-oidc-client": "3.0.10"
and type
npm install
Using in the angular application
Import the module and services in your module.
The OidcSecurityService has a dependency on the HttpClientModule which needs to be imported. The angular-auth-oidc-client module supports all versions of Angular 4.3 onwards.
import { NgModule } from '@angular/core';
import { HttpClientModule } from '@angular/common/http';
import { AuthModule, OidcSecurityService, OpenIDImplicitFlowConfiguration } from 'angular-auth-oidc-client';
@NgModule({
imports: [
...
HttpClientModule,
AuthModule.forRoot()
],
declarations: [
...
],
providers: [
...
],
bootstrap: [AppComponent],
})
Set the AuthConfiguration properties to match the server configuration. At present only the id_token token flow is supported.
export class AppModule {
constructor(public oidcSecurityService: OidcSecurityService) {
let openIDImplicitFlowConfiguration = new OpenIDImplicitFlowConfiguration();
openIDImplicitFlowConfiguration.stsServer = 'https://localhost:44318';
openIDImplicitFlowConfiguration.redirect_url = 'https://localhost:44311';
openIDImplicitFlowConfiguration.client_id = 'angularclient';
openIDImplicitFlowConfiguration.response_type = 'id_token token';
openIDImplicitFlowConfiguration.scope = 'openid email profile';
openIDImplicitFlowConfiguration.post_logout_redirect_uri = 'https://localhost:44311/Unauthorized';
openIDImplicitFlowConfiguration.start_checksession = false;
openIDImplicitFlowConfiguration.silent_renew = true;
openIDImplicitFlowConfiguration.silent_renew_offset_in_seconds = 0;
openIDImplicitFlowConfiguration.post_login_route = '/home';
openIDImplicitFlowConfiguration.forbidden_route = '/Forbidden';
openIDImplicitFlowConfiguration.unauthorized_route = '/Unauthorized';
openIDImplicitFlowConfiguration.auto_userinfo = true;
openIDImplicitFlowConfiguration.log_console_warning_active = true;
openIDImplicitFlowConfiguration.log_console_debug_active = false;
openIDImplicitFlowConfiguration.max_id_token_iat_offset_allowed_in_seconds = 10;
openIDImplicitFlowConfiguration.override_well_known_configuration = false;
openIDImplicitFlowConfiguration.override_well_known_configuration_url = 'https://localhost:44386/wellknownconfiguration.json';
this.oidcSecurityService.setupModule(openIDImplicitFlowConfiguration);
}
}
Create the login, logout component and use the oidcSecurityService
import { Component, OnInit, OnDestroy } from '@angular/core';
import { Subscription } from 'rxjs/Subscription';
import { OidcSecurityService } from 'angular-auth-oidc-client';
@Component({
selector: 'my-app',
templateUrl: 'app.component.html'
})
export class AppComponent implements OnInit, OnDestroy {
constructor(public oidcSecurityService: OidcSecurityService) {
if (this.oidcSecurityService.moduleSetup) {
this.doCallbackLogicIfRequired();
} else {
this.oidcSecurityService.onModuleSetup.subscribe(() => {
this.doCallbackLogicIfRequired();
});
}
}
ngOnInit() {
}
ngOnDestroy(): void {
this.oidcSecurityService.onModuleSetup.unsubscribe();
}
login() {
this.oidcSecurityService.authorize();
}
logout() {
this.oidcSecurityService.logoff();
}
private doCallbackLogicIfRequired() {
if (window.location.hash) {
this.oidcSecurityService.authorizedCallback();
}
}
}
In the http services, add the token to the header using the oidcSecurityService
private setHeaders() {
this.headers = new HttpHeaders();
this.headers = this.headers.set('Content-Type', 'application/json');
this.headers = this.headers.set('Accept', 'application/json');
const token = this._securityService.getToken();
if (token !== '') {
const tokenValue = 'Bearer ' + token;
this.headers = this.headers.set('Authorization', tokenValue);
}
}
Custom Storage
If you need, you can create a custom storage (for example to use cookies).
Implement OidcSecurityStorage
class-interface and the read
and write
methods:
@Injectable()
export class CustomStorage implements OidcSecurityStorage {
public read(key: string): any {
...
return ...
}
public write(key: string, value: any): void {
...
}
}
Then provide the class in the module:
@NgModule({
imports: [
...
AuthModule.forRoot({ storage: CustomStorage })
],
...
})
See also oidc.security.storage.ts
for an example.
Http Interceptor
The HttpClient allows you to write interceptors. A common usecase would be to intercept any outgoing HTTP request and add an authorization header. Keep in mind that injecting OidcSecurityService into the interceptor via the constructor results in a cyclic dependency. To avoid this use the injector instead.
@Injectable()
export class AuthInterceptor implements HttpInterceptor {
private oidcSecurityService: OidcSecurityService;
constructor(private injector: Injector) {
}
intercept(req: HttpRequest<any>, next: HttpHandler): Observable<HttpEvent<any>> {
let requestToForward = req;
if (this.oidcSecurityService === undefined) {
this.oidcSecurityService = this.injector.get(OidcSecurityService);
}
if (this.oidcSecurityService !== undefined) {
let token = this.oidcSecurityService.getToken();
if (token !== "") {
let tokenValue = "Bearer " + token;
requestToForward = req.clone({ setHeaders: { "Authorization": tokenValue } });
}
} else {
console.debug("OidcSecurityService undefined: NO auth header!");
}
return next.handle(requestToForward);
}
}
Examples using:
https://github.com/damienbod/AspNetCoreAngularSignalRSecurity
https://github.com/damienbod/angular-auth-oidc-sample-google-openid
https://github.com/HWouters/ad-b2c-oidc-angular
https://github.com/robisim74/angular-openid-connect-php/tree/angular-auth-oidc-client
Using src code directly:
https://github.com/damienbod/AspNet5IdentityServerAngularImplicitFlow
Notes:
This npm package was created using the https://github.com/robisim74/angular-library-starter from Roberto Simonetti.
License
MIT