Documentation : Quickstart | API Documentation | Changelog
default value : 'https://localhost:44318';
This is the URL where the security token service (STS) server is located.
default value : 'https://localhost:44311'
This is the redirect_url which was configured on the security token service (STS) server.
default value : 'angularclient'
The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the Issuer identified by the iss (issuer) Claim as an audience. The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience, or if it contains additional audiences not trusted by the Client.
default value : 'id_token token'
'id_token token' or i'd_token' Name of the flow which can be configured. You must use the 'id_token token' flow, if you want to access an API or get user data from the server. The access_token is required for this, and only returned with tis flow.
default value : 'openid email profile'
This is this scopes which are requested from the server from this client. This must match the STS server configuration.
default value : 'https://localhost:44311/Unauthorized'
Url after a server logout if using the end session API.
default value : false
Starts the OpenID session management for this client.
default value : true
Renews the client tokens, once the token_id expires.
default value : '/dataeventrecords/list'
The Angular route which is used after a successful login.
default value : '/Forbidden'
Route, if the server returns a 403. This is an Angular route. HTTP 403
default value : '/Unauthorized'
Route, if the server returns a 401. This is an Angular route. HTTP 401
default value : 'true'
Automatically get user info after authentication.
default value : true
Logs all warnings from the module to the console. This can be viewed using F12 in Chrome of Firefox.
default value : false
Logs all debug messages from the module to the console. This can be viewed using F12 in Chrome of Firefox.
default value : 3
id_token C8: The iat Claim can be used to reject tokens that were issued too far away from the current time, limiting the amount of time that nonces need to be stored to prevent attacks.The acceptable range is Client specific.
default value : false
If you want to configure the well known endpoints locally, you need to set this to true.
default value : 'https://localhost:44386/wellknownconfiguration.json'
URL used to get the configuration if it is being read locally.
default value : ''
For some oidc, we require resource identifier to be provided along with the request.
default value : sessionStorage
You can set the storage to localStorage, or implement a custom storage (see README).
can be used for custom state logic handling, the state is not automatically reset, when set to false
This can be set to true which emits an event instead of an angular route change.
Instead of forcing the application consuming this library to automatically redirect to one of the 3 hard-configured routes (start, unauthorized, forbidden), this modification will add an extra configuration option to override such behavior and trigger an event that will allow to subscribe to it and let the application perform other actions. This would be useful to allow the application to save an initial return url so that the user is redirected to it after a successful login on the STS (ie: saving the return url previously on sessionStorage and then retrieving it during the triggering of the event).
default value : false;
Can be used to check if the setup logic is already completed, before your component loads.
constructor(public oidcSecurityService: OidcSecurityService) {
if (this.oidcSecurityService.moduleSetup) {
this.doCallbackLogicIfRequired();
} else {
this.oidcSecurityService.onModuleSetup.subscribe(() => {
this.doCallbackLogicIfRequired();
});
}
}
Example using:
App.module: get your json settings:
configClient() {
return this.http.get('/api/ClientAppSettings').map(res => {
this.clientConfiguration = res.json();
});
}
App.module: Config the module, subscribe to the json get:
this.configClient().subscribe(config => {
console.log(this.clientConfiguration);
const openIDImplicitFlowConfiguration = new OpenIDImplicitFlowConfiguration();
openIDImplicitFlowConfiguration.stsServer = this.clientConfiguration.urlStsServer;
openIDImplicitFlowConfiguration.redirect_url = this.clientConfiguration.urlRedirect;
// The Client MUST validate that the aud (audience) Claim contains its client_id value registered at the
// Issuer identified by the iss (issuer) Claim as an audience.
// The ID Token MUST be rejected if the ID Token does not list the Client as a valid audience,
// or if it contains additional audiences not trusted by the Client.
openIDImplicitFlowConfiguration.client_id = 'clientId';
openIDImplicitFlowConfiguration.response_type = 'id_token token';
openIDImplicitFlowConfiguration.scope = ' openid vmsscope profile email';
openIDImplicitFlowConfiguration.post_logout_redirect_uri = this.clientConfiguration.urlRedirectPostLogout;
openIDImplicitFlowConfiguration.start_checksession = false;
openIDImplicitFlowConfiguration.silent_renew = true;
openIDImplicitFlowConfiguration.startup_route = '/vms';
// HTTP 403
openIDImplicitFlowConfiguration.forbidden_route = '/forbidden';
// HTTP 401
openIDImplicitFlowConfiguration.unauthorized_route = '/unauthorized';
openIDImplicitFlowConfiguration.log_console_warning_active = true;
openIDImplicitFlowConfiguration.log_console_debug_active = true;
// id_token C8: The iat Claim can be used to reject tokens that were issued too far away from the current time,
// limiting the amount of time that nonces need to be stored to prevent attacks.The acceptable range is Client specific.
openIDImplicitFlowConfiguration.max_id_token_iat_offset_allowed_in_seconds = 10;
this.oidcSecurityService.setupModule(openIDImplicitFlowConfiguration);
});
AppComponent, subscribe to the onModuleSetup event:
constructor(public oidcSecurityService: OidcSecurityService) {
if (this.oidcSecurityService.moduleSetup) {
this.doCallbackLogicIfRequired();
} else {
this.oidcSecurityService.onModuleSetup.subscribe(() => {
this.doCallbackLogicIfRequired();
});
}
}
Handle the authorize callback using the event:
private onModuleSetup() {
if (window.location.hash) {
this.oidcSecurityService.authorizedCallback();
}
}
This is required if you need to wait for a json configuration file to load.
This event returns the result of the authorization callback. It is only used if the trigger_authorization_result_event configuration property is set to true.
This boolean is set to throurg when the OpenID session management recieves a message that the server session has changed.
Set to true if the client and user are authenicated.
Example using:
import { Component, OnInit, OnDestroy } from '@angular/core';
import { Subscription } from 'rxjs/Subscription';
import { OidcSecurityService } from 'angular-auth-oidc-client';
@Component({
selector: 'example',
templateUrl: 'example.component.html'
})
export class ExampleComponent implements OnInit, OnDestroy {
isAuthorizedSubscription: Subscription;
isAuthorized: boolean;
constructor(
public oidcSecurityService: OidcSecurityService,
) {
}
ngOnInit() {
this.isAuthorizedSubscription = this.oidcSecurityService.getIsAuthorized().subscribe(
(isAuthorized: boolean) => {
this.isAuthorized = isAuthorized;
});
}
ngOnDestroy() {
this.isAuthorizedSubscription.unsubscribe();
}
}
public function to get the id_token
public function to get the access_token which can be used to access APIs on the server.
Example using:
import { Component, OnInit, OnDestroy } from '@angular/core';
import { Subscription } from 'rxjs/Subscription';
import { OidcSecurityService } from 'angular-auth-oidc-client';
@Component({
selector: 'example',
templateUrl: 'example.component.html'
})
export class ExampleComponent implements OnInit, OnDestroy {
userDataSubscription: Subscription;
userData: boolean;
constructor(
public oidcSecurityService: OidcSecurityService,
) {
}
ngOnInit() {
this.userDataSubscription = this.oidcSecurityService.getUserData().subscribe(
(userData: any) => {
this.userData = userData
});
}
ngOnDestroy() {
this.userDataSubscription.unsubscribe();
}
}
Gets the user data from the auth module of the logged in user.
Gets the user data direct from the STS API
public function so extra parameters can be added to the authorization URL request.
Starts the OpenID Implicit Flow authenication and authorization.
Redirect after a STS server login. This method validates the id_token and the access_token if used.
Logs off from the client application and also from the server if the endsession API is implemented on the STS server.
handle errors from the auth module.