Skip to content

Preserving state (url) with codeFlow #592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bschnabel opened this issue Aug 1, 2019 · 8 comments · Fixed by #1124
Closed

Preserving state (url) with codeFlow #592

bschnabel opened this issue Aug 1, 2019 · 8 comments · Fixed by #1124
Labels
feature-request Improvements and additions to the library. future-version Will be considered, but for a future version. pr-welcome We'd welcome a PR to solve the issue.

Comments

@bschnabel
Copy link

Hello,

I just updated to version 8.0.4 of the app and changed from implicitFlow to CodeFlow. Super cool that this feature made it to this library!

Now I would like to implement this: https://manfredsteyer.github.io/angular-oauth2-oidc/docs/additional-documentation/preserving-state-(like-the-requested-url).html however I'm not sure if this actually works with the current version of the app when using CodeFlow.

Can you tell me if it's already possible and if so how it's possible?

I found that the loginOptions passed to tryLogin are only used when using implicit flow: https://github.com/manfredsteyer/angular-oauth2-oidc/blob/master/projects/lib/src/oauth-service.ts#L1374

So I'm not quite sure if this is a feature request or just a support question.

Help is very much appreciated.

Thanks in advance
@jeroenheijmans
Copy link
Collaborator

That does sound like something that should be supported, so if it's missing we'd probably need to add it...

(I have no thoughts yet whether this is a bug, or if it requires additional config or setup from user's side.)

@bschnabel
Copy link
Author

My impression is that either it has been forgotten to implement together with CodeFlow in Version 8, or the docu from my first link above needs a little update. Correct my if I'm wrong! Probably @manfredsteyer could give a hint on that?

@jeroenheijmans jeroenheijmans mentioned this issue Aug 2, 2019
Closed
@manfredsteyer
Copy link
Owner

Yes, this options object is currently not supported for code flow, as most of it's properties are deprecated meanwhile. The alternative is to use events [1] and this.oauthService.state.

Can you check this please?

Next version: In order to prevent confusion, we should throw an exception or write a warning to the console, if code flow is used together with this options object. Perhaps someone cares for a PR.

[1] https://manfredsteyer.github.io/angular-oauth2-oidc/docs/additional-documentation/events.html

@manfredsteyer manfredsteyer added future-version Will be considered, but for a future version. pr-welcome We'd welcome a PR to solve the issue. labels Aug 3, 2019
@jeroenheijmans jeroenheijmans added the feature-request Improvements and additions to the library. label Aug 5, 2019
@jeroenheijmans
Copy link
Collaborator

In #600 I suggest introducing LoginOptions parameter for the tryLoginCodeFlow method, at first glance that would also be the way to handle the state stuff, and a PR could possibly fix both this and #600 in one go?

@Boomwav
Copy link

Boomwav commented May 13, 2021

I stumbled into this problem as well. I guess this issue was forgotten somehow. I'm still unsure how we should keep state when using codeFlow.

@pirminrehm
Copy link
Contributor

I'm not sure if the lib is the right place to put such logic in. Nevertheless, I provided a sample repo where I solved the problem using a service and a guard along with the localStorage:
https://github.com/pirminrehm/ng12-oauth2-pkce-url-retain

@pirminrehm pirminrehm mentioned this issue Aug 25, 2021
Merged
@pirminrehm
Copy link
Contributor

@manfredsteyer @jeroenheijmans
I found a lightweight way to add this feature to the lib, see my PR #1124.
Exited for your feedback!

@bschnabel
Copy link
Author

bschnabel commented Oct 5, 2021
edited
Loading

meanwhile the pull request from above is waiting for approval i implented this using events like @manfredsteyer suggested:

in Angular AuthGuard:

public redirectToLogin(): void {
      // save url before redirect
      const request_uri = window.location.pathname + window.location.search;
      const additionalState = (request_uri !== '/' ? request_uri : undefined);
      if (additionalState) {
        console.log('saving requested url: ', additionalState);
      }
      this.oauthService.initLoginFlow(additionalState);
  }

in app.component.ts (somewhere in the constructor or a function called from within the constructor):

this.oauthService.configure(...);
this.oauthService
    .loadDiscoveryDocumentAndTryLogin()
    .then(_ => {
      if (this.oauthService.hasValidAccessToken()) {
           // user is logged in.
          // do something like fetching userdata from BE
          });
    });

  // Redirect to initially requested page
  this.oauthService.events.subscribe(event => {
    if (event.type === 'token_received' && this.oauthService.state) {
      const redirect_uri = decodeURIComponent(this.oauthService.state);
      if (redirect_uri && redirect_uri !== '/') {
        console.log('redirecting to initially requested page', redirect_uri);
        this.router.navigateByUrl(redirect_uri);
      }
    }
  });

maybe it's useful for someone.

By the way: It would have been extremely useful to mention somewhere in the docs that this.oauthService.state is urlencoded!

From my point of view this ticket can be closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature-request Improvements and additions to the library. future-version Will be considered, but for a future version. pr-welcome We'd welcome a PR to solve the issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Preserve requested route for code flow
5 participants
@Boomwav @manfredsteyer @jeroenheijmans @pirminrehm @bschnabel