Announcement: Version 8 is coming #549
Comments
manfredsteyer
added
the
announcement
|
Feel free to send ping or DM me when you'd need a beta tester 👍 |
|
Any plans for offline support ? #545 |
|
Good question. I think it will be easier, as with code flow we will support refresht tokens. Btw: You can already trigger a token refresh by hand. There is a method, sth. like silentRefresh. |
|
I'm using Silent Refresh already (may be I'm using it wrong).
I appreciate any guidance here |
|
I think there's some confusion. There's two uses of the word "offline":
The latter is already supported, if you use this library with the Password flow you can ask for "offline" scope and get a refresh token. In the Implicit flow this scope isn't used, I think. With (variants of) the Code flow it is used (I think?) so that might get support in v8? But for the first item, in #545, I think that's something else entirely? |
|
@jeroenheijmans totally agree on the confusion. Yes, the problem is with "offline" connection (which is 2 ways: the client might lose connection or the server is down or unreachable). |
|
@manfredsteyer @jeroenheijmans is this coming only post angular 8 release?? I presume there would be no challenge in using the same version on angular 6 and rx 6! We're looking forward for PKCE flow and we may not upgrade to ng 8 yet. |
|
Note that I have no say in this, I just try to help out by (and enjoy) supporting users of this library. I presume though that the readme part about release cycle still holds, and that (presumably because of personal time constraints) new major versions typically align with and require new versions of Angular and possibly RxJs. So most likely you'd need to backport changes or create a custom fork/branch yourself to have v8 features in <v8-angular. |
|
@jeroenheijmans thanks for letting me know what has to be done :) really helpful... Let me see if i can fork a branch and backport as you suggested.. I could try angular 5 with v5.0.2 (of this library) with just an rxjs compat and things were smooth... Just being greedy here if the same can be assumed with this release as well :) |
|
Yes, it's as @jeroenheijmans says. We test the current lib version only with the current Angular version. It may work with an older Angular version, but no guarantees. |
|
Any details on the release? |
|
Would be lovely to see this release soon |
|
any updates? |
|
waiting! :) |
|
Behold. I updated to Angular 8 and cleaned up the code a bit, but I'm not sure what to do about:
Using browser internal crypto api's isn't something I'm really comfortable with, I'm in no way specialized in security. As far as I can see the If anyone has an idea on how to approach this, please tell me so I can build it. |
|
Just for info. I upgraded my project to Angular 8, and oauth is still working fine. |
|
@manfredsteyer Any info when we can expect a version with support of Authorization Code + PKCE? |
|
Is there an ETA for this yet? |
|
any updates? Angular 8 is released for a while now.. |
|
I had to postpone it, but I've reserved some time for it in July. The good message is, everything works with the current version (even though there are peer dependency warnings which will go away when version 8 lands). |
|
@manfredsteyer I've tried implementing the crypto api, but I'm having a hard time with encoding, decoding and verifying. Having issues with arraybuffers. I messed around in a branch that I branched from my upgrade-angular-8 branch in my own fork (https://github.com/lwensveen/angular-oauth2-oidc/tree/feature/implement-browser-crypto). Dunno if this might be handy for you or someone else. |
|
This is great! Thanks for the info. Does it work? I guess, we need something like this in this library. I'm thinking about another tokenValidationHandler which uses the browser's native crypto api. What do you think? |
|
@manfredsteyer No it doesn't. Like I said, the crypto api uses arraybuffers for everything and I can't get those to decode properly. Might be doing it wrong though. First I tried the functions described here: https://developers.google.com/web/updates/2012/06/How-to-convert-ArrayBuffer-to-and-from-String Later I used https://developer.mozilla.org/en-US/docs/Web/API/TextEncoder Seems like a fine idea to put it into a separate handler for now. |
|
Ad using subtle crypto, see also: damienbod/angular-auth-oidc-client#26 |
We're looking forward to the update. Is there anything that you need help with @manfredsteyer ? |
|
@jeroenheijmans This code is no longer in there, but I can see if I can get it to work. EDIT: It seems he just introduced new dependencies, where I tried to directly use cryptosubtle. Or am I missing something? |
|
-Support for Code Flow + PKCE to align with the current Best Practice document |
|
Me too. @volkanokcu If you can't wait at all you can use this fork https://github.com/bechhansen/angular-oauth2-oidc but it is still at version 4.0.1 I also need Support for Authorization Code Flow for a current project and unsure if to wait for the next release of this library or if I'll have to use the one linked above. @manfredsteyer Can you make an estimation on when the relase could posibly come out? |
|
Version 8 is out: We have Code + PKCE + Token Refresh now. Looking forward to your feedback. Getting rid of the big crypto api when not supporting IE is still an open task. @lwensveen is working on it (see above). Can anyone help him with the current show stoppers. |
|
Welcome! |
|
Info now seems to be out there in the relevant places:
Some bug fix minor releases have already come after. Going to clean up and close this issue, if anyone has problems with v8 (or in general) feel free to open a fresh issue! |
As the Release Candidate for Angular 8 is out since some days, we will now start with preparing the next version of this library. It will land soon and contain the following features:
If anyone wants to participate by providing a PR, you are welcome and this is the right time window now. In this case, please reach out.
The text was updated successfully, but these errors were encountered: