Skip to content

Commit 1fd4617

Browse files
Update flows to use refreshToken for now
1 parent 36b1ea2 commit 1fd4617

File tree

2 files changed

+26
-6
lines changed

2 files changed

+26
-6
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ This demonstrates:
1313
- Asynchronous loading of login information (and thus async auth guards)
1414
- Using `localStorage` for storing tokens (use at your own risk!)
1515
- Loading IDS details from its discovery document
16-
- Trying silent refresh on app startup before potientially starting a login flow
16+
- Trying refresh on app startup before potientially starting a login flow
1717
- OpenID's external logout features
1818

1919
Most interesting features can be found in [the core module](./src/app/core).

src/app/core/auth.service.ts

Lines changed: 25 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -76,6 +76,10 @@ export class AuthService {
7676
.pipe(filter(e => ['session_terminated', 'session_error'].includes(e.type)))
7777
.subscribe(e => this.navigateToLoginPage());
7878

79+
// This *does* work with v9.0.0 as it detects code+pkce flow and sets up
80+
// refreshToken() calls that require offline_access, instead of actually
81+
// calling silentRefresh, which would fail because of this issue:
82+
// https://github.com/manfredsteyer/angular-oauth2-oidc/issues/600
7983
this.oauthService.setupAutomaticSilentRefresh();
8084
}
8185

@@ -104,10 +108,9 @@ export class AuthService {
104108
}
105109

106110
// 2. SILENT LOGIN:
107-
// Try to log in via silent refresh because the IdServer
108-
// might have a cookie to remember the user, so we can
109-
// prevent doing a redirect:
110-
return this.oauthService.silentRefresh()
111+
// Try to log in via a refresh because then we can prevent
112+
// needing to redirect the user:
113+
return this.startWithRefresh()
111114
.then(() => Promise.resolve())
112115
.catch(result => {
113116
// Subset of situations from https://openid.net/specs/openid-connect-core-1_0.html#AuthError
@@ -161,14 +164,31 @@ export class AuthService {
161164
.catch(() => this.isDoneLoadingSubject$.next(true));
162165
}
163166

167+
private startWithRefresh() {
168+
if (this.oauthService.getRefreshToken()) {
169+
console.log('Found a refresh token, trying to use it.');
170+
return this.oauthService.refreshToken();
171+
}
172+
173+
// No silent refresh via iframe is supported for code flow yet.
174+
// See also: https://github.com/manfredsteyer/angular-oauth2-oidc/issues/600
175+
return Promise.reject();
176+
}
177+
164178
public login(targetUrl?: string) {
165179
// Note: before version 9.1.0 of the library you needed to
166180
// call encodeURIComponent on the argument to the method.
167181
this.oauthService.initImplicitFlow(targetUrl || this.router.url);
168182
}
169183

170184
public logout() { this.oauthService.logOut(); }
171-
public refresh() { this.oauthService.silentRefresh(); }
185+
public refresh() {
186+
// Silent refresh via iframe is not supported (yet?) for the code+pkce flow.
187+
// See also: https://github.com/manfredsteyer/angular-oauth2-oidc/issues/600
188+
// this.oauthService.silentRefresh();
189+
// So for now we do this instead:
190+
this.oauthService.refreshToken();
191+
}
172192
public hasValidToken() { return this.oauthService.hasValidAccessToken(); }
173193

174194
// These normally won't be exposed from a service like this, but

0 commit comments

Comments
 (0)