Das www.IT-Visions.de-Blog
Nachrichten von Dr. Holger Schwichtenberg und Kollegen

Over the last weeks, Ive worked on version 2.1 of my OpenId Connect (OIDC) certified library angular-oauth2-oidc which allows for implementing Authentication in Angular using external Identity Providers that support OAuth 2 or OIDC.

Here are the added features:

• New Config API (the original one is still supported). This allows putting the whole configuration in an own file:

   // auth.config.ts
   
   import { AuthConfig } from angular-oauth2-oidc;
   
   export const authConfig: AuthConfig = {
   
     // Url of the Identity Provider
     issuer: https://steyer-identity-server.azurewebsites.net/identity,
   
     // URL of the SPA to redirect the user to after login
     redirectUri: window.location.origin + /index.html,
   
     // The SPAs id. The SPA is registerd with this id at the auth-server
     clientId: spa-demo,
   
     // set the scope for the permissions the client should request
     // The first three are defined by OIDC. The 4th is a usecase-specific one
     scope: openid profile email voucher,
   }

  After defining the configuration object, you can pass it to the libraries configure method:

   import { OAuthService } from angular-oauth2-oidc;
   import { JwksValidationHandler } from angular-oauth2-oidc;
   import { authConfig } from ./auth.config;
   import { Component } from @angular/core;
   
   @Component({
       selector: flight-app,
       templateUrl: ./app.component.html
   })
   export class AppComponent {
   
       constructor(private oauthService: OAuthService) {
         this.configureWithNewConfigApi();
       }
   
       private configureWithNewConfigApi() {
         this.oauthService.configure(authConfig);
         this.oauthService.tokenValidationHandler = new JwksValidationHandler();
         this.oauthService.loadDiscoveryDocumentAndTryLogin();
       }
   }

• New convenience methods in OAuthService to streamline default tasks:

  • setupAutomaticSilentRefresh()
  • loadDiscoveryDocumentAndTryLogin()

• Single Sign out through Session Status Change Notification according to the OpenID Connect Session Management specs. This means, you can be notified when the user logs out using at the login provider:

  

  To use this feature, your Identity Provider needs to support it. You also have to activate it in the configuration:

   import { AuthConfig } from angular-oauth2-oidc;
   
   export const authConfig: AuthConfig = {
     [...]  
     sessionChecksEnabled: true,
     sessionCheckIntervall: 3 * 1000
   }

  The optional configuration option sessionCheckIntervall which defaults to 3000 msec defines the interval that is used to check whether the user has logged out at the identity provider.

• Possibility to define the ValidationHandler, the Config as well as the OAuthStorage via DI

   [...],
   providers: [
       {provide: AuthConfig, useValue: authConfig },
       { provide: OAuthStorage, useClass: DemoStorage },
       { provide: ValidationHandler, useClass: JwksValidationHandler },
   ],
   [...]

• Better structured documentation: