Adds a new configuration option to allow external control over how the login page is opened

[nhance]

In my implementation I was having trouble getting this to work on device due to the need to use an inappbrowser to open and catch the redirect_uri. This method allows implementations to configure a function for opening the tryLogin url.

New AuthConfig option:

• openUri: (uri: string) => void) This method will be called when attempting to login via implicit flow.

[GFoley83]

Currently have the same problem in an application I'm working on: We're using Ionic 3 with inAppBrowser to log people in. Would obviously prefer not to use inAppBrowser but given there's no known work-around, there's not much choice.

I think returning the createLoginUrl promise and having an optional noRedirectToLoginUrl, which the logout function also has, is good enough to solve this problem, without needing to extend the API.

    /**
    * Starts the implicit flow and redirects to user to
    * the auth servers login url.
    *
    * @param additionalState Optinal state that is passes around.
    *  You find this state in the property ``state`` after ``tryLogin`` logged in the user.
    * @param params Hash with additional parameter. If it is a string, it is used for the 
    *               parameter loginHint (for the sake of compatibility with former versions)
    * @param noRedirectToLoginUrl If a login url is configured, the user is redirected to it.
    */
    initImplicitFlowInternal(additionalState = '', params: string | object = '', noRedirectToLoginUrl = false): Promise<string> {

        if (this.inImplicitFlow) {
            return;
        }

        this.inImplicitFlow = true;

        if (!this.validateUrlForHttps(this.loginUrl)) {
            throw new Error('loginUrl must use Http. Also check property requireHttps.');
        }

        let addParams: object = {};
        let loginHint: string = null;

        if (typeof params === 'string') {
            loginHint = params;
        }
        else if (typeof params === 'object') {
            addParams = params;
        }

        return this.createLoginUrl(additionalState, loginHint, null, false, addParams).then((url) => {
            if (noRedirectToLoginUrl) {
                return url;
            }

            location.href = url;
        })
            .catch(error => {
                console.error('Error in initImplicitFlow');
                console.error(error);
                this.inImplicitFlow = false;
                return null;
            });
    };

[neilsb]

@GFoley83 Just a note on the parameter name. I'd be more inclined to have the parameter the other way round. i.e. redirectToLoginUrl and default it to true.

I was looking at implementing this as an ImplicitFlowMethod config option, to allow options redirect, none, iframe and newWindow, and baking the code the iframe and new window into the library, but it probably makes more sense to just allow returning the url and letting the user handle it as desired.

[manfredsteyer]

thx

[mraible]

@nhance Can you please provide an example of how you're using this with inappbrowser? I have a similar use case.

[manfredsteyer]

If I understand it right, he is calling initImplicitFlow with this new flag. This causes the method to just return a promise with an url. This url can be set manually in the inappbrowser.

[mraible]

Documentation would be awesome. 😉

…

On May 15, 2018, at 19:55, Manfred Steyer ***@***.***> wrote: If I understand it right, he is calling initImplicitFlow with this new flag. This causes the method to just return a promise with an url. This url can be set manually in the inappbrowser. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.

[nhance]

@mraible You can now provide openUri as a configuration option on AuthConfig.

It is expected to be a function with a single parameter uri. The openUri function is called anytime a uri is needed to be opened, so for example on a mobile device you can open it in an inappbrowser.

Here's an example:

        authConfig.openUri = (uri) => {
          let browser = this.iab.create(uri, '_blank', 'location=no');

          browser.on('close').subscribe((event) => {
            if (window['oAuthService']) {
              window['oAuthService'].inImplicitFlow = false;
            }
          });

          browser.on('loadstart').subscribe((event) => {
            let url = event.url;

            if (url.startsWith(ENV.oauth.redirect_uri)) {
              const hashFragment = url.substr(ENV.oauth.redirect_uri.length);

              console.log("login from url scheme with token " + hashFragment);

              this.oauthService.tryLogin({
                customHashFragment: hashFragment,
                onTokenReceived: () => {
                  console.log("Login complete, should go to list page");
                  browser.close();
                  this.initializeLoggedIn();
                },
                onLoginError: () => {
                  console.log("Login error");
                  browser.close();
                  this.initializeUnauthenticated();
                }
              });

              return false;
            } else {
              console.log(url, ' did not start with ', ENV.oauth.redirect_uri);
            }
          });

[nhance]

It appears this is not actually merged in. We will create a new pull request to actually implement this

[naftalivanderloon]

Calling openUri here seems to work, @manfredsteyer could you change this?