Read userprofile info without HTTP call

[salem84]

Hi,
I have a question... whenever loadUserProfile method is used, UserProfile endpoint is called with an HTTP request.
The result of HTTP call is stored in AuthStorage (loadUserProfile() - row 593)
this._storage.setItem('id_token_claims_obj', JSON.stringify(info));

Is it possible use id_token_claims_obj directly in own code without invoking loadUserProfile and obviously without HTTP call?
Or do you suggest to save using event handler in a custom sessionStorage variable?
Thanks

Giorgio

[jeroenheijmans]

Not to invalidate your question, but out of curiosity and to get some context: why are you asking the question? What is your use case?

Either way, if I do this:

console.log(this.oauthService.getIdentityClaims());

At the very start of my wrapper auth-service (so before any call to load login and whatnot) I will see:

• null if you haven't logged in yet
• {...} i.e. an entire object of identity claims, as loaded from storage

so as far as I can tell, the library already does this for you. You can start using any claims saved in storage without doing loadUserProfile() i.e. without any HTTP call.

Of course that information might be outdated or even expired, but I think you could use .getIdTokenExpiration() to get more info on that.

All this assumes you're using implicit flow with OpenID, of course.

[salem84]

Hi Jeroen,
thanks for your response!
I try to explain my scenario... maybe I do something wrong, so you could suggest any solution.

I have an Angular 6 application with implicit flow with OpenID and Thinktecture IdentityServer4.
I would like to evaluate some custom claims in an angular AuthGuard, in order to deny/grant access; these additional claims are acquired from UserInfo endpoint (UserProfile).
If I insert loadUserProfile() in AuthGuard, sometimes I receive the error described in issue #260 (I suppose it can be solved with the latest suggestion in issue thread... tomorrow I investigate it), however I would like to avoid the HTTP call each time, that I have using loadUserProfile()... or is it wrong my idea?

Do you have any suggestion? Maybe a solution enrich identity token with custom claims that I have to use in AuthGuard?

Thank you for your support!

[jeroenheijmans]

You could try to embrace the async nature of the OAuthService and make your auth guard async as well. I outlined in my sample repository how you could make the auth guard wait for the initial load (including loadUserProfile, if you want) of things before returning.

Another option, although I'm not familiar with Thinktecture, might be to append specific claims to the access token. Given that some of your claims restrict/give access, this doesn't seem so weird. And then you would have the claims available immediately if storage already had them.

At the moment we ourselves use the first option. Your question prompted the second option, and I might even consider moving to that if I find the time.

[salem84]

Thank you Jeroen for sharing repository.
I take a look at your authService implementation and meanwhile I evaluate to insert additional claims in access token