From 44fb313c4efbf4303372093f9a98c6475b324050 Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Thu, 14 May 2020 07:41:06 +0200 Subject: [PATCH 01/18] first validation steps --- .../src/lib/config-validation/config-validation.service.ts | 0 .../angular-auth-oidc-client/src/lib/config-validation/rule.ts | 3 +++ 2 files changed, 3 insertions(+) create mode 100644 projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts create mode 100644 projects/angular-auth-oidc-client/src/lib/config-validation/rule.ts diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts new file mode 100644 index 000000000..e69de29bb diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rule.ts new file mode 100644 index 000000000..a6ec8e869 --- /dev/null +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rule.ts @@ -0,0 +1,3 @@ +export interface Rule { + validate(): boolean; +} From 00a0945895aabf264ee5bb9f3a1625ce51bbba3b Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Thu, 14 May 2020 08:32:04 +0200 Subject: [PATCH 02/18] first shot of validation rules --- .../config-validation.service.ts | 22 +++++++++++++++++++ .../src/lib/config-validation/rule.ts | 18 ++++++++++++++- .../rules/ensure-clientId.rule.ts | 14 ++++++++++++ .../rules/ensure-redirect-url.rule.ts | 14 ++++++++++++ ...lentRenewUrl-with-no-refreshtokens.rule.ts | 18 +++++++++++++++ .../rules/ensure-sts-server.rule.ts | 14 ++++++++++++ .../src/lib/config-validation/rules/index.ts | 13 +++++++++++ ...se-offline-scope-with-silent-renew.rule.ts | 18 +++++++++++++++ .../src/lib/config/config.service.ts | 9 ++++---- 9 files changed, 134 insertions(+), 6 deletions(-) create mode 100644 projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-clientId.rule.ts create mode 100644 projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts create mode 100644 projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts create mode 100644 projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-sts-server.rule.ts create mode 100644 projects/angular-auth-oidc-client/src/lib/config-validation/rules/index.ts create mode 100644 projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts index e69de29bb..e6763d2fd 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts @@ -0,0 +1,22 @@ +import { Injectable } from '@angular/core'; +import { OpenIdConfiguration } from '../angular-auth-oidc-client'; +import { LoggerService } from '../logging/logger.service'; +import { allRules } from './rules'; + +@Injectable({ providedIn: 'root' }) +export class ConfigValidationService { + constructor(private loggerService: LoggerService) {} + + validateConfig(passedConfig: OpenIdConfiguration): boolean { + const allValidationResults = allRules.map((rule) => rule(passedConfig)); + + const allMessages = allValidationResults.filter((x) => x.messages.length > 0); + + const allErrors = allMessages.filter((x) => x.level === 'error'); + allErrors.map((message) => this.loggerService.logError(message)); + + allMessages.filter((x) => x.level === 'warning').map((message) => this.loggerService.logWarning(message)); + + return allErrors.length > 0; + } +} diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rule.ts index a6ec8e869..c452c9a7f 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/rule.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rule.ts @@ -1,3 +1,19 @@ +import { OpenIdConfiguration } from '../config/openid-configuration'; + export interface Rule { - validate(): boolean; + validate(passedConfig: OpenIdConfiguration): RuleValidationResult; } + +export interface RuleValidationResult { + result: boolean; + messages: string[]; + level: Level; +} + +export const POSITIVE_VALIDATION_RESULT = { + result: true, + messages: [], + level: null, +}; + +export type Level = 'warning' | 'error'; diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-clientId.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-clientId.rule.ts new file mode 100644 index 000000000..f2b67638f --- /dev/null +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-clientId.rule.ts @@ -0,0 +1,14 @@ +import { OpenIdConfiguration } from '../../config/openid-configuration'; +import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; + +export function ensureClientId(passedConfig: OpenIdConfiguration): RuleValidationResult { + if (!passedConfig.clientId) { + return { + result: false, + messages: ['Please provide a clientId'], + level: 'error', + }; + } + + return POSITIVE_VALIDATION_RESULT; +} diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts new file mode 100644 index 000000000..5b65d7878 --- /dev/null +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts @@ -0,0 +1,14 @@ +import { OpenIdConfiguration } from '../../config/openid-configuration'; +import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; + +export function ensureRedirectRule(passedConfig: OpenIdConfiguration): RuleValidationResult { + if (!passedConfig.redirectUrl) { + return { + result: false, + messages: ['Please provide a redirect rule'], + level: 'error', + }; + } + + return POSITIVE_VALIDATION_RESULT; +} diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts new file mode 100644 index 000000000..7c32e6e24 --- /dev/null +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts @@ -0,0 +1,18 @@ +import { OpenIdConfiguration } from '../../config/openid-configuration'; +import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; + +export function ensureSilentRenewUrlWhenNoRefreshTokenUsed(passedConfig: OpenIdConfiguration): RuleValidationResult { + const usesSilentRenew = passedConfig.silentRenew; + const usesRefreshToken = passedConfig.useRefreshToken; + const hasSilentRenewUrl = passedConfig.silentRenewUrl; + + if (usesSilentRenew && !usesRefreshToken && !hasSilentRenewUrl) { + return { + result: false, + messages: ['Please provide a silent renew URL'], + level: 'error', + }; + } + + return POSITIVE_VALIDATION_RESULT; +} diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-sts-server.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-sts-server.rule.ts new file mode 100644 index 000000000..891afcf50 --- /dev/null +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-sts-server.rule.ts @@ -0,0 +1,14 @@ +import { OpenIdConfiguration } from '../../config/openid-configuration'; +import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; + +export function ensureStsServer(passedConfig: OpenIdConfiguration): RuleValidationResult { + if (!passedConfig.stsServer) { + return { + result: false, + messages: ['Please provide at least an sts server'], + level: 'error', + }; + } + + return POSITIVE_VALIDATION_RESULT; +} diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/index.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/index.ts new file mode 100644 index 000000000..eb8a5deb5 --- /dev/null +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/index.ts @@ -0,0 +1,13 @@ +import { ensureClientId } from './ensure-clientId.rule'; +import { ensureRedirectRule } from './ensure-redirect-url.rule'; +import { ensureSilentRenewUrlWhenNoRefreshTokenUsed } from './ensure-silentRenewUrl-with-no-refreshtokens.rule'; +import { ensureStsServer } from './ensure-sts-server.rule'; +import { useOfflineScopeWithSilentRenew } from './use-offline-scope-with-silent-renew.rule'; + +export const allRules = [ + ensureStsServer, + useOfflineScopeWithSilentRenew, + ensureRedirectRule, + ensureClientId, + ensureSilentRenewUrlWhenNoRefreshTokenUsed, +]; diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts new file mode 100644 index 000000000..a16b0211f --- /dev/null +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts @@ -0,0 +1,18 @@ +import { OpenIdConfiguration } from '../../config/openid-configuration'; +import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; + +export function useOfflineScopeWithSilentRenew(passedConfig: OpenIdConfiguration): RuleValidationResult { + const hasRefreshToken = passedConfig.useRefreshToken; + const hasSilentRenew = passedConfig.silentRenew; + const hasOfflineScope = passedConfig.scope.split(' ').includes('offline_access'); + + if (hasRefreshToken && hasSilentRenew && !hasOfflineScope) { + return { + result: false, + messages: ['When using silentRenew and refresh tokens please set the `offline_access` scope'], + level: 'warning', + }; + } + + return POSITIVE_VALIDATION_RESULT; +} diff --git a/projects/angular-auth-oidc-client/src/lib/config/config.service.ts b/projects/angular-auth-oidc-client/src/lib/config/config.service.ts index 01b94c86b..025904a7e 100644 --- a/projects/angular-auth-oidc-client/src/lib/config/config.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/config/config.service.ts @@ -1,7 +1,7 @@ import { Injectable } from '@angular/core'; import { tap } from 'rxjs/operators'; +import { ConfigValidationService } from '../config-validation/config-validation.service'; import { ConfigurationProvider } from '../config/config.provider'; -import { LoggerService } from '../logging/logger.service'; import { EventTypes } from '../public-events/event-types'; import { PublicEventsService } from '../public-events/public-events.service'; import { StoragePersistanceService } from '../storage/storage-persistance.service'; @@ -13,17 +13,16 @@ import { PublicConfiguration } from './public-configuration'; @Injectable() export class OidcConfigService { constructor( - private readonly loggerService: LoggerService, private readonly publicEventsService: PublicEventsService, private readonly configurationProvider: ConfigurationProvider, private readonly authWellKnownService: AuthWellKnownService, - private storagePersistanceService: StoragePersistanceService + private storagePersistanceService: StoragePersistanceService, + private configValidationService: ConfigValidationService ) {} withConfig(passedConfig: OpenIdConfiguration, passedAuthWellKnownEndpoints?: AuthWellKnownEndpoints): Promise { return new Promise((resolve, reject) => { - if (!passedConfig.stsServer) { - this.loggerService.logError('please provide at least an stsServer'); + if (!this.configValidationService.validateConfig(passedConfig)) { return reject(); } From 41d3c1cae11cdb5d8ef4b79dd3630ce45a346284 Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Thu, 14 May 2020 09:06:15 +0200 Subject: [PATCH 03/18] fixed tests --- .../src/lib/config/config.service.spec.ts | 12 +++++++++++- .../src/lib/config/config.service.ts | 3 +++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/projects/angular-auth-oidc-client/src/lib/config/config.service.spec.ts b/projects/angular-auth-oidc-client/src/lib/config/config.service.spec.ts index 7f475e4a3..14f12d2fc 100644 --- a/projects/angular-auth-oidc-client/src/lib/config/config.service.spec.ts +++ b/projects/angular-auth-oidc-client/src/lib/config/config.service.spec.ts @@ -2,6 +2,7 @@ import { async, TestBed } from '@angular/core/testing'; import { of } from 'rxjs'; import { DataService } from '../api/data.service'; import { DataServiceMock } from '../api/data.service-mock'; +import { ConfigValidationService } from '../config-validation/config-validation.service'; import { LoggerService } from '../logging/logger.service'; import { LoggerServiceMock } from '../logging/logger.service-mock'; import { EventTypes } from '../public-events/event-types'; @@ -22,6 +23,7 @@ describe('Configuration Service', () => { let dataService: DataService; let authWellKnownService: AuthWellKnownService; let storagePersistanceService: StoragePersistanceService; + let configValidationService: ConfigValidationService; beforeEach(() => { TestBed.configureTestingModule({ @@ -48,6 +50,7 @@ describe('Configuration Service', () => { useClass: StoragePersistanceServiceMock, }, PublicEventsService, + ConfigValidationService, ], }); }); @@ -60,6 +63,7 @@ describe('Configuration Service', () => { dataService = TestBed.inject(DataService); authWellKnownService = TestBed.inject(AuthWellKnownService); storagePersistanceService = TestBed.inject(StoragePersistanceService); + configValidationService = TestBed.inject(ConfigValidationService); }); it('should create', () => { @@ -71,9 +75,10 @@ describe('Configuration Service', () => { }); describe('withConfig', () => { - it('no given sts server does nothing and logs error', async(() => { + it('not valid config does nothing and logs error', async(() => { const config = {}; spyOn(loggerService, 'logError'); + spyOn(configValidationService, 'validateConfig').and.returnValue(false); const promise = oidcConfigService.withConfig(config); @@ -86,6 +91,7 @@ describe('Configuration Service', () => { const config = { stsServer: 'stsServerForTesting', authWellknownEndpoint: null }; spyOnProperty(storagePersistanceService, 'authWellKnownEndPoints', 'get').and.returnValue({ any: 'thing' }); const eventServiceSpy = spyOn(eventsService, 'fireEvent'); + spyOn(configValidationService, 'validateConfig').and.returnValue(true); const promise = oidcConfigService.withConfig(config); @@ -104,6 +110,7 @@ describe('Configuration Service', () => { const config = { stsServer: 'stsServerForTesting', authWellknownEndpoint: null }; const authWellKnown = { issuer: 'issuerForTesting' }; spyOnProperty(storagePersistanceService, 'authWellKnownEndPoints', 'get').and.returnValue(null); + spyOn(configValidationService, 'validateConfig').and.returnValue(true); const eventServiceSpy = spyOn(eventsService, 'fireEvent'); const storeWellKnownEndpointsSpy = spyOn(oidcConfigService as any, 'storeWellKnownEndpoints'); @@ -125,6 +132,7 @@ describe('Configuration Service', () => { const config = { stsServer: 'stsServerForTesting', eagerLoadAuthWellKnownEndpoints: true }; spyOnProperty(storagePersistanceService, 'authWellKnownEndPoints', 'get').and.returnValue(null); spyOn(configurationProvider, 'setConfig').and.returnValue(config); + spyOn(configValidationService, 'validateConfig').and.returnValue(true); const getWellKnownEndPointsFromUrlSpy = spyOn(authWellKnownService, 'getWellKnownEndPointsFromUrl').and.returnValue(of(null)); const promise = oidcConfigService.withConfig(config); @@ -139,6 +147,7 @@ describe('Configuration Service', () => { spyOnProperty(storagePersistanceService, 'authWellKnownEndPoints', 'get').and.returnValue(null); const storeWellKnownEndpointsSpy = spyOn(oidcConfigService as any, 'storeWellKnownEndpoints').and.returnValue(false); spyOn(configurationProvider, 'setConfig').and.returnValue(config); + spyOn(configValidationService, 'validateConfig').and.returnValue(true); spyOn(authWellKnownService, 'getWellKnownEndPointsFromUrl').and.returnValue(of({ issuer: 'issuerForTesting' })); const promise = oidcConfigService.withConfig(config); @@ -153,6 +162,7 @@ describe('Configuration Service', () => { spyOnProperty(storagePersistanceService, 'authWellKnownEndPoints', 'get').and.returnValue(null); spyOn(oidcConfigService as any, 'storeWellKnownEndpoints').and.returnValue(false); spyOn(configurationProvider, 'setConfig').and.returnValue(config); + spyOn(configValidationService, 'validateConfig').and.returnValue(true); spyOn(authWellKnownService, 'getWellKnownEndPointsFromUrl').and.returnValue(of({ issuer: 'issuerForTesting' })); const eventServiceSpy = spyOn(eventsService, 'fireEvent'); diff --git a/projects/angular-auth-oidc-client/src/lib/config/config.service.ts b/projects/angular-auth-oidc-client/src/lib/config/config.service.ts index 025904a7e..85a725421 100644 --- a/projects/angular-auth-oidc-client/src/lib/config/config.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/config/config.service.ts @@ -2,6 +2,7 @@ import { tap } from 'rxjs/operators'; import { ConfigValidationService } from '../config-validation/config-validation.service'; import { ConfigurationProvider } from '../config/config.provider'; +import { LoggerService } from '../logging/logger.service'; import { EventTypes } from '../public-events/event-types'; import { PublicEventsService } from '../public-events/public-events.service'; import { StoragePersistanceService } from '../storage/storage-persistance.service'; @@ -13,6 +14,7 @@ import { PublicConfiguration } from './public-configuration'; @Injectable() export class OidcConfigService { constructor( + private readonly loggerService: LoggerService, private readonly publicEventsService: PublicEventsService, private readonly configurationProvider: ConfigurationProvider, private readonly authWellKnownService: AuthWellKnownService, @@ -23,6 +25,7 @@ export class OidcConfigService { withConfig(passedConfig: OpenIdConfiguration, passedAuthWellKnownEndpoints?: AuthWellKnownEndpoints): Promise { return new Promise((resolve, reject) => { if (!this.configValidationService.validateConfig(passedConfig)) { + this.loggerService.logError('Validation of config rejected with errors'); return reject(); } From 0c7188f96ed52a65a7676b43239ec8ae2084eb7e Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Thu, 14 May 2020 09:09:45 +0200 Subject: [PATCH 04/18] added unit tests --- .../config-validation.service.spec.ts | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts new file mode 100644 index 000000000..57099737c --- /dev/null +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts @@ -0,0 +1,22 @@ +import { TestBed } from '@angular/core/testing'; +import { LoggerService } from '../logging/logger.service'; +import { LoggerServiceMock } from '../logging/logger.service-mock'; +import { ConfigValidationService } from './config-validation.service'; + +describe('Config Validation Service', () => { + let configValidationService: ConfigValidationService; + + beforeEach(() => { + TestBed.configureTestingModule({ + providers: [ConfigValidationService, { provide: LoggerService, useClass: LoggerServiceMock }], + }); + }); + + beforeEach(() => { + configValidationService = TestBed.inject(ConfigValidationService); + }); + + it('should create', () => { + expect(configValidationService).toBeTruthy(); + }); +}); From f1c2c4d9b9a08c2df76617fe7b0831836ad57960 Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Thu, 14 May 2020 11:14:06 +0200 Subject: [PATCH 05/18] finalized config validation --- .../config-validation.service.spec.ts | 71 +++++++++++++++++++ .../config-validation.service.ts | 2 +- ...se-offline-scope-with-silent-renew.rule.ts | 3 +- 3 files changed, 74 insertions(+), 2 deletions(-) diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts index 57099737c..6982d6f39 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts @@ -1,10 +1,12 @@ import { TestBed } from '@angular/core/testing'; +import { LogLevel } from 'angular-auth-oidc-client'; import { LoggerService } from '../logging/logger.service'; import { LoggerServiceMock } from '../logging/logger.service-mock'; import { ConfigValidationService } from './config-validation.service'; describe('Config Validation Service', () => { let configValidationService: ConfigValidationService; + let loggerService: LoggerService; beforeEach(() => { TestBed.configureTestingModule({ @@ -12,11 +14,80 @@ describe('Config Validation Service', () => { }); }); + const VALID_CONFIG = { + stsServer: 'https://offeringsolutions-sts.azurewebsites.net', + redirectUrl: window.location.origin, + postLogoutRedirectUri: window.location.origin, + clientId: 'angularClient', + scope: 'openid profile email', + responseType: 'code', + silentRenew: true, + silentRenewUrl: `${window.location.origin}/silent-renew.html`, + renewTimeBeforeTokenExpiresInSeconds: 10, + logLevel: LogLevel.Debug, + }; + beforeEach(() => { configValidationService = TestBed.inject(ConfigValidationService); + loggerService = TestBed.inject(LoggerService); }); it('should create', () => { expect(configValidationService).toBeTruthy(); }); + + it('should return false for empty config', () => { + const config = {}; + const result = configValidationService.validateConfig(config); + expect(result).toBeFalse(); + }); + + it('should return true for valid config', () => { + const result = configValidationService.validateConfig(VALID_CONFIG); + expect(result).toBeTrue(); + }); + + describe('ensure-clientId.rule', () => { + it('return false when no clientId is set', () => { + const config = { ...VALID_CONFIG, clientId: null }; + const result = configValidationService.validateConfig(config); + expect(result).toBeFalse(); + }); + }); + + describe('ensure-sts-server.rule', () => { + it('return false when no sts server is set', () => { + const config = { ...VALID_CONFIG, stsServer: null }; + const result = configValidationService.validateConfig(config); + expect(result).toBeFalse(); + }); + }); + + describe('ensure-redirect-url.rule', () => { + it('return false for no redirect Url', () => { + const config = { ...VALID_CONFIG, redirectUrl: '' }; + const result = configValidationService.validateConfig(config); + expect(result).toBeFalse(); + }); + }); + + describe('ensureSilentRenewUrlWhenNoRefreshTokenUsed', () => { + it('return false when silent renew is used with no useRefreshToken and no silentrenewUrl', () => { + const config = { ...VALID_CONFIG, silentRenew: true, useRefreshToken: false, silentRenewUrl: null }; + const result = configValidationService.validateConfig(config); + expect(result).toBeFalse(); + }); + }); + + describe('use-offline-scope-with-silent-renew.rule', () => { + it('return true but warning when silent renew is used with useRefreshToken but no offline_access scope is given', () => { + const config = { ...VALID_CONFIG, silentRenew: true, useRefreshToken: true, scopes: 'scope1 scope2 but_no_offline_access' }; + + const loggerSpy = spyOn(loggerService, 'logWarning'); + + const result = configValidationService.validateConfig(config); + expect(result).toBeTrue(); + expect(loggerSpy).toHaveBeenCalled(); + }); + }); }); diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts index e6763d2fd..15b94736a 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts @@ -17,6 +17,6 @@ export class ConfigValidationService { allMessages.filter((x) => x.level === 'warning').map((message) => this.loggerService.logWarning(message)); - return allErrors.length > 0; + return allErrors.length === 0; } } diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts index a16b0211f..6b70a0c5d 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts @@ -4,7 +4,8 @@ import { POSITIVE_VALIDATION_RESULT, RuleValidationResult } from '../rule'; export function useOfflineScopeWithSilentRenew(passedConfig: OpenIdConfiguration): RuleValidationResult { const hasRefreshToken = passedConfig.useRefreshToken; const hasSilentRenew = passedConfig.silentRenew; - const hasOfflineScope = passedConfig.scope.split(' ').includes('offline_access'); + const scope = passedConfig.scope || ''; + const hasOfflineScope = scope.split(' ').includes('offline_access'); if (hasRefreshToken && hasSilentRenew && !hasOfflineScope) { return { From 879b00d11d3220d23f7526851d55cf73ff4e38bf Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Thu, 14 May 2020 11:26:23 +0200 Subject: [PATCH 06/18] fixing builds --- .../src/lib/config-validation/config-validation.service.spec.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts index 6982d6f39..be291bd6c 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts @@ -1,5 +1,5 @@ import { TestBed } from '@angular/core/testing'; -import { LogLevel } from 'angular-auth-oidc-client'; +import { LogLevel } from '../logging/log-level'; import { LoggerService } from '../logging/logger.service'; import { LoggerServiceMock } from '../logging/logger.service-mock'; import { ConfigValidationService } from './config-validation.service'; From 0fb660f945066e3a0e0f576ffd12f3950fc45880 Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Thu, 14 May 2020 11:56:13 +0200 Subject: [PATCH 07/18] added better handling of error messages --- .../src/lib/config-validation/config-validation.service.ts | 7 ++++--- .../config-validation/rules/ensure-redirect-url.rule.ts | 2 +- .../src/lib/config/config.service.ts | 4 ++-- projects/sample-code-flow/src/app/app.module.ts | 2 +- 4 files changed, 8 insertions(+), 7 deletions(-) diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts index 15b94736a..f4f228001 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts @@ -12,11 +12,12 @@ export class ConfigValidationService { const allMessages = allValidationResults.filter((x) => x.messages.length > 0); - const allErrors = allMessages.filter((x) => x.level === 'error'); - allErrors.map((message) => this.loggerService.logError(message)); + const allErroMessages = allMessages.filter((x) => x.level === 'error').map((result) => result.messages); + const allFlatErrorMessages = allErroMessages.reduce((acc, val) => acc.concat(val), []); + allFlatErrorMessages.map((message) => this.loggerService.logError(message)); allMessages.filter((x) => x.level === 'warning').map((message) => this.loggerService.logWarning(message)); - return allErrors.length === 0; + return allFlatErrorMessages.length === 0; } } diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts index 5b65d7878..a88704e7e 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts @@ -5,7 +5,7 @@ export function ensureRedirectRule(passedConfig: OpenIdConfiguration): RuleValid if (!passedConfig.redirectUrl) { return { result: false, - messages: ['Please provide a redirect rule'], + messages: ['Missing redirectURL'], level: 'error', }; } diff --git a/projects/angular-auth-oidc-client/src/lib/config/config.service.ts b/projects/angular-auth-oidc-client/src/lib/config/config.service.ts index 85a725421..58181b03e 100644 --- a/projects/angular-auth-oidc-client/src/lib/config/config.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/config/config.service.ts @@ -25,8 +25,8 @@ export class OidcConfigService { withConfig(passedConfig: OpenIdConfiguration, passedAuthWellKnownEndpoints?: AuthWellKnownEndpoints): Promise { return new Promise((resolve, reject) => { if (!this.configValidationService.validateConfig(passedConfig)) { - this.loggerService.logError('Validation of config rejected with errors'); - return reject(); + this.loggerService.logError('Validation of config rejected with errors. Config is NOT set.'); + return resolve(); } if (!passedConfig.authWellknownEndpoint) { diff --git a/projects/sample-code-flow/src/app/app.module.ts b/projects/sample-code-flow/src/app/app.module.ts index 0a2fbab17..ae5c5f0eb 100644 --- a/projects/sample-code-flow/src/app/app.module.ts +++ b/projects/sample-code-flow/src/app/app.module.ts @@ -11,7 +11,7 @@ export function configureAuth(oidcConfigService: OidcConfigService) { return () => oidcConfigService.withConfig({ stsServer: 'https://offeringsolutions-sts.azurewebsites.net', - redirectUrl: window.location.origin, + redirectUrl: '', postLogoutRedirectUri: window.location.origin, clientId: 'angularClient', scope: 'openid profile email', From 4f1c687bc01bd4efd7a22a8ac7b76d66f95099b9 Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Thu, 14 May 2020 11:57:37 +0200 Subject: [PATCH 08/18] added a working example again --- projects/sample-code-flow/src/app/app.module.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/sample-code-flow/src/app/app.module.ts b/projects/sample-code-flow/src/app/app.module.ts index ae5c5f0eb..0a2fbab17 100644 --- a/projects/sample-code-flow/src/app/app.module.ts +++ b/projects/sample-code-flow/src/app/app.module.ts @@ -11,7 +11,7 @@ export function configureAuth(oidcConfigService: OidcConfigService) { return () => oidcConfigService.withConfig({ stsServer: 'https://offeringsolutions-sts.azurewebsites.net', - redirectUrl: '', + redirectUrl: window.location.origin, postLogoutRedirectUri: window.location.origin, clientId: 'angularClient', scope: 'openid profile email', From ab26e2d7ec564cd4c86ae75e87be671d355704b1 Mon Sep 17 00:00:00 2001 From: damienbod Date: Thu, 14 May 2020 16:09:51 +0200 Subject: [PATCH 09/18] fix typo --- docs/features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features.md b/docs/features.md index 7d67a26ea..fbe03b19e 100644 --- a/docs/features.md +++ b/docs/features.md @@ -210,7 +210,7 @@ The property `eagerLoadAuthWellKnownEndpoints` in the configuration sets exactly You also have the option to pass the already existing `.well-known/openid-configuration` into the `withConfig` method as a second parameter. In this case no HTTPS call to load the `.well-known/openid-configuration` will be made. ```typescript -oidcConfigService.withonfig( +oidcConfigService.withConfig( { /* config */ }, From e7dfae059ba3787d08ad5b402ae0773c4b82fabc Mon Sep 17 00:00:00 2001 From: damienbod Date: Thu, 14 May 2020 16:10:39 +0200 Subject: [PATCH 10/18] fix typo --- docs/features.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/features.md b/docs/features.md index fbe03b19e..cc620345c 100644 --- a/docs/features.md +++ b/docs/features.md @@ -117,7 +117,7 @@ If you want to pass dynamic custom parameters with the request url to the sts yo ```typescript login() { - this.oidcSecurityService.authorize({ customParams: { 'ui_locales: 'de-CH' }); + this.oidcSecurityService.authorize({ customParams: { ui_locales: 'de-CH' }); } ``` From f8863cf9717d7040b5fca16e3bd8807c938ca142 Mon Sep 17 00:00:00 2001 From: damienbod Date: Thu, 14 May 2020 16:18:25 +0200 Subject: [PATCH 11/18] some text improvements --- .../src/lib/config-validation/rules/ensure-clientId.rule.ts | 2 +- .../src/lib/config-validation/rules/ensure-redirect-url.rule.ts | 2 +- .../rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts | 2 +- .../src/lib/config-validation/rules/ensure-sts-server.rule.ts | 2 +- .../rules/use-offline-scope-with-silent-renew.rule.ts | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-clientId.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-clientId.rule.ts index f2b67638f..08d7ab328 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-clientId.rule.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-clientId.rule.ts @@ -5,7 +5,7 @@ export function ensureClientId(passedConfig: OpenIdConfiguration): RuleValidatio if (!passedConfig.clientId) { return { result: false, - messages: ['Please provide a clientId'], + messages: ['The clientId is required and missing from your config!'], level: 'error', }; } diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts index a88704e7e..3b1d7f240 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-redirect-url.rule.ts @@ -5,7 +5,7 @@ export function ensureRedirectRule(passedConfig: OpenIdConfiguration): RuleValid if (!passedConfig.redirectUrl) { return { result: false, - messages: ['Missing redirectURL'], + messages: ['The redirectURL is required and missing from your config'], level: 'error', }; } diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts index 7c32e6e24..c691d0564 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-silentRenewUrl-with-no-refreshtokens.rule.ts @@ -9,7 +9,7 @@ export function ensureSilentRenewUrlWhenNoRefreshTokenUsed(passedConfig: OpenIdC if (usesSilentRenew && !usesRefreshToken && !hasSilentRenewUrl) { return { result: false, - messages: ['Please provide a silent renew URL'], + messages: ['Please provide a silent renew URL if using renew and not refresh tokens'], level: 'error', }; } diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-sts-server.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-sts-server.rule.ts index 891afcf50..82b7a6c7c 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-sts-server.rule.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/ensure-sts-server.rule.ts @@ -5,7 +5,7 @@ export function ensureStsServer(passedConfig: OpenIdConfiguration): RuleValidati if (!passedConfig.stsServer) { return { result: false, - messages: ['Please provide at least an sts server'], + messages: ['The STS URL MUST be provided in the configuration!'], level: 'error', }; } diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts index 6b70a0c5d..20b1cc7ba 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts @@ -10,7 +10,7 @@ export function useOfflineScopeWithSilentRenew(passedConfig: OpenIdConfiguration if (hasRefreshToken && hasSilentRenew && !hasOfflineScope) { return { result: false, - messages: ['When using silentRenew and refresh tokens please set the `offline_access` scope'], + messages: ['When using silent renew and refresh tokens please set the `offline_access` scope'], level: 'warning', }; } From 744c8346e57ca97b3b32576ce2d5739e9c5f09c1 Mon Sep 17 00:00:00 2001 From: damienbod Date: Thu, 14 May 2020 16:25:44 +0200 Subject: [PATCH 12/18] set this to error as well --- .../rules/use-offline-scope-with-silent-renew.rule.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts index 20b1cc7ba..0492f6a16 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/rules/use-offline-scope-with-silent-renew.rule.ts @@ -11,7 +11,7 @@ export function useOfflineScopeWithSilentRenew(passedConfig: OpenIdConfiguration return { result: false, messages: ['When using silent renew and refresh tokens please set the `offline_access` scope'], - level: 'warning', + level: 'error', }; } From 767d4d43a1a90b0c5d4fc95b861ca9ac8e9da78c Mon Sep 17 00:00:00 2001 From: damienbod Date: Thu, 14 May 2020 16:29:58 +0200 Subject: [PATCH 13/18] change log --- CHANGELOG.md | 5 +++++ package.json | 2 +- projects/angular-auth-oidc-client/package.json | 2 +- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 663ffb095..d304f9df4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,10 @@ ## Angular Lib for OpenID Connect/OAuth2 Changelog +### 2020-05-xx Version 11.1.1 + +- Added validation for the lib configuration +- fixed some doc typos + ### 2020-05-14 Version 11.1.0 - Eager loading of well known endpoints can be configured: Made it possible to load the well known endpoints late (per configuration) diff --git a/package.json b/package.json index 0378da07f..aba4c17e7 100644 --- a/package.json +++ b/package.json @@ -8,7 +8,7 @@ "bugs": { "url": "https://github.com/damienbod/angular-auth-oidc-client/issues" }, - "version": "11.1.0", + "version": "11.1.1", "scripts": { "ng": "ng", "build": "npm run build-lib", diff --git a/projects/angular-auth-oidc-client/package.json b/projects/angular-auth-oidc-client/package.json index d80316501..d5ff59b56 100644 --- a/projects/angular-auth-oidc-client/package.json +++ b/projects/angular-auth-oidc-client/package.json @@ -36,6 +36,6 @@ "authorization" ], "license": "MIT", - "version": "11.1.0", + "version": "11.1.1", "description": "Angular Lib for OpenID Connect & OAuth2" } From 0e05177351f2e942b0f716cb523c3218c6b14dc2 Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Thu, 14 May 2020 19:47:27 +0200 Subject: [PATCH 14/18] fixed build --- .../config-validation.service.spec.ts | 4 ++-- .../config-validation.service.ts | 15 ++++++++++----- .../src/lib/logging/logger.service.ts | 10 +++++++++- .../src/app/app.module.ts | 2 +- 4 files changed, 22 insertions(+), 9 deletions(-) diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts index be291bd6c..5e8f90fb1 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.spec.ts @@ -83,10 +83,10 @@ describe('Config Validation Service', () => { it('return true but warning when silent renew is used with useRefreshToken but no offline_access scope is given', () => { const config = { ...VALID_CONFIG, silentRenew: true, useRefreshToken: true, scopes: 'scope1 scope2 but_no_offline_access' }; - const loggerSpy = spyOn(loggerService, 'logWarning'); + const loggerSpy = spyOn(loggerService, 'logError'); const result = configValidationService.validateConfig(config); - expect(result).toBeTrue(); + expect(result).toBeFalse(); expect(loggerSpy).toHaveBeenCalled(); }); }); diff --git a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts index f4f228001..d11064856 100644 --- a/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/config-validation/config-validation.service.ts @@ -1,6 +1,7 @@ import { Injectable } from '@angular/core'; import { OpenIdConfiguration } from '../angular-auth-oidc-client'; import { LoggerService } from '../logging/logger.service'; +import { Level, RuleValidationResult } from './rule'; import { allRules } from './rules'; @Injectable({ providedIn: 'root' }) @@ -12,12 +13,16 @@ export class ConfigValidationService { const allMessages = allValidationResults.filter((x) => x.messages.length > 0); - const allErroMessages = allMessages.filter((x) => x.level === 'error').map((result) => result.messages); - const allFlatErrorMessages = allErroMessages.reduce((acc, val) => acc.concat(val), []); - allFlatErrorMessages.map((message) => this.loggerService.logError(message)); + const allErrorMessages = this.getAllMessagesOfType('error', allMessages); + const allWarnings = this.getAllMessagesOfType('warning', allMessages); + allErrorMessages.map((message) => this.loggerService.logError(message)); + allWarnings.map((message) => this.loggerService.logWarning(message)); - allMessages.filter((x) => x.level === 'warning').map((message) => this.loggerService.logWarning(message)); + return allErrorMessages.length === 0; + } - return allFlatErrorMessages.length === 0; + private getAllMessagesOfType(type: Level, results: RuleValidationResult[]) { + const allMessages = results.filter((x) => x.level === type).map((result) => result.messages); + return allMessages.reduce((acc, val) => acc.concat(val), []); } } diff --git a/projects/angular-auth-oidc-client/src/lib/logging/logger.service.ts b/projects/angular-auth-oidc-client/src/lib/logging/logger.service.ts index 69ff32ed7..b0da11191 100644 --- a/projects/angular-auth-oidc-client/src/lib/logging/logger.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/logging/logger.service.ts @@ -23,6 +23,14 @@ export class LoggerService { } private currentLogLevelIsEqualOrSmallerThan(logLevel: LogLevel) { - return this.configurationProvider.openIDConfiguration.logLevel <= logLevel; + if (this.logLevelIsSet()) { + return this.configurationProvider.openIDConfiguration.logLevel <= logLevel; + } + + return true; + } + + private logLevelIsSet() { + return !!this.configurationProvider.openIDConfiguration?.logLevel; } } diff --git a/projects/sample-implicit-flow-silent-renew/src/app/app.module.ts b/projects/sample-implicit-flow-silent-renew/src/app/app.module.ts index b54129c2b..368b0dc24 100644 --- a/projects/sample-implicit-flow-silent-renew/src/app/app.module.ts +++ b/projects/sample-implicit-flow-silent-renew/src/app/app.module.ts @@ -18,7 +18,7 @@ export function configureAuth(oidcConfigService: OidcConfigService) { responseType: 'id_token token', startCheckSession: true, silentRenew: true, - silentRenewUrl: window.location.origin + '/silent-renew.html', + silentRenewUrl: '', logLevel: LogLevel.Debug, }); } From c05a94d354f0c651bc9430f4defa86304a77cf71 Mon Sep 17 00:00:00 2001 From: damienbod Date: Thu, 14 May 2020 23:05:53 +0200 Subject: [PATCH 15/18] bugfix multiple events after login --- .../src/lib/callback/callback.service.ts | 3 +++ .../src/lib/oidc.security.service.ts | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/projects/angular-auth-oidc-client/src/lib/callback/callback.service.ts b/projects/angular-auth-oidc-client/src/lib/callback/callback.service.ts index 0c1201e3a..868eb67da 100644 --- a/projects/angular-auth-oidc-client/src/lib/callback/callback.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/callback/callback.service.ts @@ -40,6 +40,9 @@ export class CallbackService { private authStateService: AuthStateService ) {} + isCallback(): boolean { + return this.urlService.isCallbackFromSts(); + } handlePossibleStsCallback(currentCallbackUrl: string) { let callback$: Observable; diff --git a/projects/angular-auth-oidc-client/src/lib/oidc.security.service.ts b/projects/angular-auth-oidc-client/src/lib/oidc.security.service.ts index 4344915c3..c3df36f58 100644 --- a/projects/angular-auth-oidc-client/src/lib/oidc.security.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/oidc.security.service.ts @@ -67,13 +67,16 @@ export class OidcSecurityService { this.loggerService.logDebug('STS server: ' + this.configurationProvider.openIDConfiguration.stsServer); const currentUrl = window.location.toString(); + const isCallback = this.callbackService.isCallback(); return this.callbackService.handlePossibleStsCallback(currentUrl).pipe( map(() => { const isAuthenticated = this.authStateService.areAuthStorageTokensValid(); if (isAuthenticated) { - this.authStateService.setAuthorizedAndFireEvent(); - this.userService.publishUserdataIfExists(); + if (!isCallback) { + this.authStateService.setAuthorizedAndFireEvent(); + this.userService.publishUserdataIfExists(); + } if (this.checkSessionService.isCheckSessionConfigured()) { this.checkSessionService.start(); From 6d69f7d2e6765cb5df5f49e6906c555e1fdbcb02 Mon Sep 17 00:00:00 2001 From: damienbod Date: Thu, 14 May 2020 23:21:39 +0200 Subject: [PATCH 16/18] Updating changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index d304f9df4..3158cae50 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,8 @@ - Added validation for the lib configuration - fixed some doc typos +- fixed bug 2 auth events emitter on STS callback + - https://github.com/damienbod/angular-auth-oidc-client/issues/734 ### 2020-05-14 Version 11.1.0 From c5e2c42fcb2b1587b548e31040d75dab0e06f149 Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Fri, 15 May 2020 07:59:55 +0200 Subject: [PATCH 17/18] fixed docs and code beautify --- CHANGELOG.md | 5 +++-- .../src/lib/callback/callback.service.ts | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3158cae50..3ce3ee374 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,9 +3,10 @@ ### 2020-05-xx Version 11.1.1 - Added validation for the lib configuration + - Fixes [#725](https://github.com/damienbod/angular-auth-oidc-client/issues/725) - fixed some doc typos -- fixed bug 2 auth events emitter on STS callback - - https://github.com/damienbod/angular-auth-oidc-client/issues/734 +- fixed bug 2 auth events emitter on STS callback + - Fixes [#734](https://github.com/damienbod/angular-auth-oidc-client/issues/734) ### 2020-05-14 Version 11.1.0 diff --git a/projects/angular-auth-oidc-client/src/lib/callback/callback.service.ts b/projects/angular-auth-oidc-client/src/lib/callback/callback.service.ts index 868eb67da..13fa33e9c 100644 --- a/projects/angular-auth-oidc-client/src/lib/callback/callback.service.ts +++ b/projects/angular-auth-oidc-client/src/lib/callback/callback.service.ts @@ -43,6 +43,7 @@ export class CallbackService { isCallback(): boolean { return this.urlService.isCallbackFromSts(); } + handlePossibleStsCallback(currentCallbackUrl: string) { let callback$: Observable; From 3c061bdb1e6c68aba395998ab7ef95078a652bb3 Mon Sep 17 00:00:00 2001 From: Fabian Gosebrink Date: Fri, 15 May 2020 08:03:43 +0200 Subject: [PATCH 18/18] added PR to changelog --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ce3ee374..8ad9ac439 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,10 +3,10 @@ ### 2020-05-xx Version 11.1.1 - Added validation for the lib configuration - - Fixes [#725](https://github.com/damienbod/angular-auth-oidc-client/issues/725) + - [PR](https://github.com/damienbod/angular-auth-oidc-client/pull/731) // Fixes [#725](https://github.com/damienbod/angular-auth-oidc-client/issues/725) - fixed some doc typos - fixed bug 2 auth events emitter on STS callback - - Fixes [#734](https://github.com/damienbod/angular-auth-oidc-client/issues/734) + - Fixes [PR](https://github.com/damienbod/angular-auth-oidc-client/pull/731) // [#734](https://github.com/damienbod/angular-auth-oidc-client/issues/734) ### 2020-05-14 Version 11.1.0