angular-oauth2-oidc
- Version 17.0.2
- Published
- 957 kB
- 1 dependency
- MIT license
Install
npm i angular-oauth2-oidc
yarn add angular-oauth2-oidc
pnpm add angular-oauth2-oidc
Overview
Support for OAuth 2 and OpenId Connect (OIDC) in Angular. Already prepared for the upcoming OAuth 2.1.
Index
Variables
Functions
Classes
AuthConfig
- checkOrigin
- clearHashAfterLogin
- clientId
- clockSkewInSec
- customQueryParams
- customTokenParameters
- decreaseExpirationBySec
- disableAtHashCheck
- disableIdTokenTimer
- disablePKCE
- dummyClientSecret
- fallbackAccessTokenExpirationTimeInSec
- issuer
- jwks
- loginUrl
- logoutUrl
- nonceStateSeparator
- oidc
- openUri
- options
- postLogoutRedirectUri
- preserveRequestedRoute
- redirectUri
- redirectUriAsPostLogoutRedirectUriFallback
- requestAccessToken
- requireHttps
- resource
- responseType
- revocationEndpoint
- rngUrl
- scope
- sessionCheckIFrameName
- sessionCheckIFrameUrl
- sessionCheckIntervall
- sessionChecksEnabled
- showDebugInformation
- silentRefreshIFrameName
- silentRefreshMessagePrefix
- silentRefreshRedirectUri
- silentRefreshShowIFrame
- silentRefreshTimeout
- skipIssuerCheck
- skipSubjectCheck
- strictDiscoveryDocumentValidation
- timeoutFactor
- tokenEndpoint
- useHttpBasicAuth
- useIdTokenHintForSilentRefresh
- userinfoEndpoint
- useSilentRefresh
- waitForTokenInMsec
OAuthService
- accessTokenTimeoutSubscription
- assertUrlNotNullAndCorrectProtocol()
- authorizationHeader()
- automaticRefreshSubscription
- calcTimeout()
- calculatePopupFeatures()
- callOnTokenReceivedIfExists()
- canPerformSessionCheck()
- checkAtHash()
- checkSession()
- checkSignature()
- clearAccessTokenTimer()
- clearAutomaticRefreshTimer()
- clearIdTokenTimer()
- config
- configChanged()
- configure()
- createAndSaveNonce()
- createChallangeVerifierPairForPKCE()
- createLoginUrl()
- createNonce()
- crypto
- dateTimeService
- debug()
- discoveryDocumentLoadedSubject
- events
- eventsSubject
- fetchTokenUsingGrant()
- fetchTokenUsingPasswordFlow()
- fetchTokenUsingPasswordFlowAndLoadUserProfile()
- getAccessToken()
- getAccessTokenExpiration()
- getAccessTokenStoredAt()
- getCustomTokenResponseProperty()
- getGrantedScopes()
- getIdentityClaims()
- getIdToken()
- getIdTokenExpiration()
- getIdTokenStoredAt()
- getRefreshToken()
- getSessionState()
- grantTypesSupported
- handleLoginError()
- handleSessionChange()
- handleSessionError()
- handleSessionUnchanged()
- hasValidAccessToken()
- hasValidIdToken()
- http
- idTokenTimeoutSubscription
- inImplicitFlow
- initCodeFlow()
- initImplicitFlow()
- initImplicitFlowInPopup()
- initImplicitFlowInternal()
- initLoginFlow()
- initLoginFlowInPopup()
- initSessionCheck()
- jwksUri
- loadDiscoveryDocument()
- loadDiscoveryDocumentAndLogin()
- loadDiscoveryDocumentAndTryLogin()
- loadJwks()
- loadUserProfile()
- logger
- logOut()
- ngOnDestroy()
- ngZone
- ɵfac
- ɵprov
- padBase64()
- processIdToken()
- processMessageEventMessage()
- refreshInternal()
- refreshToken()
- removeSessionCheckEventListener()
- removeSilentRefreshEventListener()
- resetImplicitFlow()
- restartRefreshTimerIfStillLoggedIn()
- restartSessionChecksIfStillLoggedIn()
- revokeTokenAndLogout()
- saveNoncesInLocalStorage
- sessionCheckEventListener
- sessionCheckTimer
- setStorage()
- setupAccessTokenTimer()
- setupAutomaticSilentRefresh()
- setupExpirationTimers()
- setupIdTokenTimer()
- setupRefreshTimer()
- setupSessionCheck()
- setupSessionCheckEventListener()
- setupSilentRefreshEventListener()
- silentRefresh()
- silentRefreshPostMessageEventListener
- silentRefreshSubject
- startSessionCheckTimer()
- state
- stopAutomaticRefresh()
- stopSessionCheckTimer()
- storeAccessTokenResponse()
- storeIdToken()
- storeSessionState()
- tokenReceivedSubscription
- tokenValidationHandler
- tryLogin()
- tryLoginCodeFlow()
- tryLoginImplicitFlow()
- urlHelper
- validateDiscoveryDocument()
- validateNonce()
- validateUrlAgainstIssuer()
- validateUrlForHttps()
- validateUrlFromDiscoveryDocument()
- waitForSilentRefreshAfterSessionChange()
Interfaces
OidcDiscoveryDoc
- acr_values_supported
- authorization_endpoint
- check_session_iframe
- claim_types_supported
- claims_parameter_supported
- claims_supported
- display_values_supported
- end_session_endpoint
- grant_types_supported
- id_token_encryption_alg_values_supported
- id_token_encryption_enc_values_supported
- id_token_signing_alg_values_supported
- issuer
- jwks_uri
- registration_endpoint
- request_object_signing_alg_values_supported
- response_modes_supported
- response_types_supported
- revocation_endpoint
- scopes_supported
- service_documentation
- subject_types_supported
- token_endpoint
- token_endpoint_auth_methods_supported
- token_endpoint_auth_signing_alg_values_supported
- ui_locales_supported
- userinfo_encryption_alg_values_supported
- userinfo_encryption_enc_values_supported
- userinfo_endpoint
- userinfo_signing_alg_values_supported
Type Aliases
Variables
variable AUTH_CONFIG
const AUTH_CONFIG: InjectionToken<AuthConfig>;
Functions
function provideOAuthClient
provideOAuthClient: ( config?: OAuthModuleConfig, validationHandlerClass?: typeof NullValidationHandler) => EnvironmentProviders;
Classes
class AbstractValidationHandler
abstract class AbstractValidationHandler implements ValidationHandler {}
This abstract implementation of ValidationHandler already implements the method validateAtHash. However, to make use of it, you have to override the method calcHash.
method calcHash
protected abstract calcHash: ( valueToHash: string, algorithm: string) => Promise<string>;
Calculates the hash for the passed value by using the passed hash algorithm.
Parameter valueToHash
Parameter algorithm
method inferHashAlgorithm
protected inferHashAlgorithm: (jwtHeader: object) => string;
Infers the name of the hash algorithm to use from the alg field of an id_token.
Parameter jwtHeader
the id_token's parsed header
method validateAtHash
validateAtHash: (params: ValidationParams) => Promise<boolean>;
Validates the at_hash in an id_token against the received access_token.
method validateSignature
abstract validateSignature: (validationParams: ValidationParams) => Promise<any>;
Validates the signature of an id_token.
class AuthConfig
class AuthConfig {}
constructor
constructor(json?: Partial<AuthConfig>);
property checkOrigin
checkOrigin?: boolean;
Blocks other origins requesting a silent refresh
property clearHashAfterLogin
clearHashAfterLogin?: boolean;
Defines whether to clear the hash fragment after logging in.
property clientId
clientId?: string;
The client's id as registered with the auth server
property clockSkewInSec
clockSkewInSec?: number;
The window of time (in seconds) to allow the current time to deviate when validating id_token's iat and exp values.
property customQueryParams
customQueryParams?: {};
Map with additional query parameter that are appended to the request when initializing implicit flow.
property customTokenParameters
customTokenParameters?: string[];
Names of known parameters sent out in the TokenResponse. https://tools.ietf.org/html/rfc6749#section-5.1
property decreaseExpirationBySec
decreaseExpirationBySec?: number;
Decreases the Expiration time of tokens by this number of seconds
property disableAtHashCheck
disableAtHashCheck?: boolean;
This property has been introduced to disable at_hash checks and is indented for Identity Provider that does not deliver an at_hash EVEN THOUGH its recommended by the OIDC specs. Of course, when disabling these checks then we are bypassing a security check which means we are more vulnerable.
property disableIdTokenTimer
disableIdTokenTimer?: boolean;
Allows to disable the timer for the id_token used for token refresh
property disablePKCE
disablePKCE?: boolean;
Code Flow is by defauld used together with PKCI which is also higly recommented. You can disbale it here by setting this flag to true. https://tools.ietf.org/html/rfc7636#section-1.1
property dummyClientSecret
dummyClientSecret?: string;
Some auth servers don't allow using password flow w/o a client secret while the standards do not demand for it. In this case, you can set a password here. As this password is exposed to the public it does not bring additional security and is therefore as good as using no password.
property fallbackAccessTokenExpirationTimeInSec
fallbackAccessTokenExpirationTimeInSec?: number;
According to rfc6749 it is recommended (but not required) that the auth server exposes the access_token's life time in seconds. This is a fallback value for the case this value is not exposed.
property issuer
issuer?: string;
The issuer's uri.
property jwks
jwks?: {};
JSON Web Key Set (https://tools.ietf.org/html/rfc7517) with keys used to validate received id_tokens. This is taken out of the disovery document. Can be set manually too.
property loginUrl
loginUrl?: string;
The auth server's endpoint that allows to log the user in when using implicit flow.
property logoutUrl
logoutUrl?: string;
The logout url.
property nonceStateSeparator
nonceStateSeparator?: string;
final state sent to issuer is built as follows: state = nonce + nonceStateSeparator + additional state Default separator is ';' (encoded %3B). In rare cases, this character might be forbidden or inconvenient to use by the issuer so it can be customized.
property oidc
oidc?: boolean;
Defines whether to use OpenId Connect during implicit flow.
property openUri
openUri?: (uri: string) => void;
This property allows you to override the method that is used to open the login url, allowing a way for implementations to specify their own method of routing to new urls.
property options
options?: any;
property postLogoutRedirectUri
postLogoutRedirectUri?: string;
An optional second redirectUri where the auth server redirects the user to after logging out.
property preserveRequestedRoute
preserveRequestedRoute?: boolean;
Set this to true to preserve the requested route including query parameters after code flow login. This setting enables deep linking for the code flow.
property redirectUri
redirectUri?: string;
The client's redirectUri as registered with the auth server
property redirectUriAsPostLogoutRedirectUriFallback
redirectUriAsPostLogoutRedirectUriFallback?: boolean;
Defines whether to use 'redirectUri' as a replacement of 'postLogoutRedirectUri' if the latter is not set.
property requestAccessToken
requestAccessToken?: boolean;
Defines whether to request an access token during implicit flow.
property requireHttps
requireHttps?: boolean | 'remoteOnly';
Defines whether https is required. The default value is remoteOnly which only allows http for localhost, while every other domains need to be used with https.
property resource
resource?: string;
property responseType
responseType?: string;
property revocationEndpoint
revocationEndpoint?: string;
Url of the revocation endpoint as defined by OpenId Connect and OAuth 2.
property rngUrl
rngUrl?: string;
property scope
scope?: string;
The requested scopes
property sessionCheckIFrameName
sessionCheckIFrameName?: string;
Name of the iframe to use for session checks
property sessionCheckIFrameUrl
sessionCheckIFrameUrl?: string;
Url for the iframe used for session checks
property sessionCheckIntervall
sessionCheckIntervall?: number;
Interval in msec for checking the session according to http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
property sessionChecksEnabled
sessionChecksEnabled?: boolean;
If true, the lib will try to check whether the user is still logged in on a regular basis as described in http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
property showDebugInformation
showDebugInformation?: boolean;
Defines whether additional debug information should be shown at the console. Note that in certain browsers the verbosity of the console needs to be explicitly set to include Debug level messages.
property silentRefreshIFrameName
silentRefreshIFrameName?: string;
property silentRefreshMessagePrefix
silentRefreshMessagePrefix?: string;
property silentRefreshRedirectUri
silentRefreshRedirectUri?: string;
The redirect uri used when doing silent refresh.
property silentRefreshShowIFrame
silentRefreshShowIFrame?: boolean;
Set this to true to display the iframe used for silent refresh for debugging.
property silentRefreshTimeout
silentRefreshTimeout?: number;
Timeout for silent refresh.
property skipIssuerCheck
skipIssuerCheck?: boolean;
Defined whether to skip the validation of the issuer in the discovery document. Normally, the discovey document's url starts with the url of the issuer.
property skipSubjectCheck
skipSubjectCheck?: boolean;
Defines wether to check the subject of a refreshed token after silent refresh. Normally, it should be the same as before.
property strictDiscoveryDocumentValidation
strictDiscoveryDocumentValidation?: boolean;
Defines whether every url provided by the discovery document has to start with the issuer's url.
property timeoutFactor
timeoutFactor?: number;
Defines when the token_timeout event should be raised. If you set this to the default value 0.75, the event is triggered after 75% of the token's life time.
property tokenEndpoint
tokenEndpoint?: string;
Url of the token endpoint as defined by OpenId Connect and OAuth 2.
property useHttpBasicAuth
useHttpBasicAuth?: boolean;
Set this to true to use HTTP BASIC auth for AJAX calls
property useIdTokenHintForSilentRefresh
useIdTokenHintForSilentRefresh?: boolean;
property userinfoEndpoint
userinfoEndpoint?: string;
Url of the userinfo endpoint as defined by OpenId Connect.
property useSilentRefresh
useSilentRefresh?: any;
Set this to true if you want to use silent refresh together with code flow. As silent refresh is the only option for refreshing with implicit flow, you don't need to explicitly turn it on in this case.
property waitForTokenInMsec
waitForTokenInMsec?: number;
The interceptors waits this time span if there is no token
class DateTimeProvider
abstract class DateTimeProvider {}
class DefaultHashHandler
class DefaultHashHandler implements HashHandler {}
property ɵfac
static ɵfac: i0.ɵɵFactoryDeclaration<DefaultHashHandler, never>;
property ɵprov
static ɵprov: i0.ɵɵInjectableDeclaration<DefaultHashHandler>;
method calcHash
calcHash: (valueToHash: string, algorithm: string) => Promise<string>;
method toHashString
toHashString: (buffer: ArrayBuffer) => string;
method toHashString2
toHashString2: (byteArray: number[]) => string;
class DefaultOAuthInterceptor
class DefaultOAuthInterceptor implements HttpInterceptor {}
constructor
constructor( oAuthService: OAuthService, errorHandler: OAuthResourceServerErrorHandler, moduleConfig: OAuthModuleConfig);
property ɵfac
static ɵfac: i0.ɵɵFactoryDeclaration< DefaultOAuthInterceptor, [null, null, { optional: true }]>;
property ɵprov
static ɵprov: i0.ɵɵInjectableDeclaration<DefaultOAuthInterceptor>;
method intercept
intercept: ( req: HttpRequest<any>, next: HttpHandler) => Observable<HttpEvent<any>>;
class HashHandler
abstract class HashHandler {}
Abstraction for crypto algorithms
method calcHash
abstract calcHash: (valueToHash: string, algorithm: string) => Promise<string>;
class JwksValidationHandler
class JwksValidationHandler extends NullValidationHandler {}
This is just a dummy of the JwksValidationHandler telling the users that the real one has been moved to an library of its own, namely angular-oauth2-oidc-utils
constructor
constructor();
class LoginOptions
class LoginOptions {}
Additional options that can be passed to tryLogin.
property customHashFragment
customHashFragment?: string;
A custom hash fragment to be used instead of the actual one. This is used for silent refreshes, to pass the iframes hash fragment to this method, and is also used by popup flows in the same manner. This can be used with code flow, where is must be set to a hash symbol followed by the querystring. The question mark is optional, but may be present following the hash symbol.
property customRedirectUri
customRedirectUri?: string;
Set this for code flow if you used a custom redirect Uri when retrieving the code. This is used internally for silent refresh and popup flows.
property disableNonceCheck
disableNonceCheck?: boolean;
Set this to true to disable the nonce check which is used to avoid replay attacks. This flag should never be true in production environments.
property disableOAuth2StateCheck
disableOAuth2StateCheck?: boolean;
Set this to true to disable the oauth2 state check which is a best practice to avoid security attacks. As OIDC defines a nonce check that includes this, this can be set to true when only doing OIDC.
property onLoginError
onLoginError?: (params: object) => void;
Called when tryLogin detects that the auth server included an error message into the hash fragment.
Deprecated: Use property ``events`` on OAuthService instead.
property onTokenReceived
onTokenReceived?: (receivedTokens: ReceivedTokens) => void;
Is called, after a token has been received and successfully validated.
Deprecated: Use property ``events`` on OAuthService instead.
property preventClearHashAfterLogin
preventClearHashAfterLogin?: boolean;
Normally, you want to clear your hash fragment after the lib read the token(s) so that they are not displayed anymore in the url. If not, set this to true. For code flow this controls removing query string values.
property validationHandler
validationHandler?: (receivedTokens: ReceivedTokens) => Promise<any>;
Hook, to validate the received tokens.
Deprecated: Use property ``tokenValidationHandler`` on OAuthService instead.
class MemoryStorage
class MemoryStorage implements OAuthStorage {}
property ɵfac
static ɵfac: i0.ɵɵFactoryDeclaration<MemoryStorage, never>;
property ɵprov
static ɵprov: i0.ɵɵInjectableDeclaration<MemoryStorage>;
method getItem
getItem: (key: string) => string;
method removeItem
removeItem: (key: string) => void;
method setItem
setItem: (key: string, data: string) => void;
class NullValidationHandler
class NullValidationHandler implements ValidationHandler {}
A validation handler that isn't validating nothing. Can be used to skip validation (at your own risk).
method validateAtHash
validateAtHash: (validationParams: ValidationParams) => Promise<boolean>;
method validateSignature
validateSignature: (validationParams: ValidationParams) => Promise<any>;
class OAuthErrorEvent
class OAuthErrorEvent extends OAuthEvent {}
constructor
constructor(type: EventType, reason: {}, params?: {});
property params
readonly params: {};
property reason
readonly reason: {};
class OAuthEvent
abstract class OAuthEvent {}
constructor
constructor(type: EventType);
property type
readonly type: EventType;
class OAuthInfoEvent
class OAuthInfoEvent extends OAuthEvent {}
constructor
constructor(type: EventType, info?: any);
property info
readonly info: any;
class OAuthLogger
abstract class OAuthLogger {}
Defines the logging interface the OAuthService uses internally. Is compatible with the
console
object, but you can provide your own implementation as well through dependency injection.
method debug
abstract debug: (message?: any, ...optionalParams: any[]) => void;
method error
abstract error: (message?: any, ...optionalParams: any[]) => void;
method info
abstract info: (message?: any, ...optionalParams: any[]) => void;
method log
abstract log: (message?: any, ...optionalParams: any[]) => void;
method warn
abstract warn: (message?: any, ...optionalParams: any[]) => void;
class OAuthModule
class OAuthModule {}
property ɵfac
static ɵfac: i0.ɵɵFactoryDeclaration<OAuthModule, never>;
property ɵinj
static ɵinj: i0.ɵɵInjectorDeclaration<OAuthModule>;
property ɵmod
static ɵmod: i0.ɵɵNgModuleDeclaration<OAuthModule, never, [any], never>;
method forRoot
static forRoot: ( config?: OAuthModuleConfig, validationHandlerClass?: typeof NullValidationHandler) => ModuleWithProviders<OAuthModule>;
class OAuthModuleConfig
abstract class OAuthModuleConfig {}
property resourceServer
resourceServer: OAuthResourceServerConfig;
class OAuthNoopResourceServerErrorHandler
class OAuthNoopResourceServerErrorHandler implements OAuthResourceServerErrorHandler {}
method handleError
handleError: (err: HttpResponse<any>) => Observable<any>;
class OAuthResourceServerConfig
abstract class OAuthResourceServerConfig {}
property allowedUrls
allowedUrls?: string[];
Urls for which calls should be intercepted. If there is an ResourceServerErrorHandler registered, it is used for them. If sendAccessToken is set to true, the access_token is send to them too.
property customUrlValidation
customUrlValidation?: (url: string) => boolean;
property sendAccessToken
sendAccessToken: boolean;
class OAuthResourceServerErrorHandler
abstract class OAuthResourceServerErrorHandler {}
method handleError
abstract handleError: (err: HttpResponse<any>) => Observable<any>;
class OAuthService
class OAuthService extends AuthConfig implements OnDestroy {}
Service for logging in and logging out with OIDC and OAuth2. Supports implicit flow and password flow.
constructor
constructor( ngZone: NgZone, http: HttpClient, storage: OAuthStorage, tokenValidationHandler: ValidationHandler, config: AuthConfig, urlHelper: UrlHelperService, logger: OAuthLogger, crypto: HashHandler, document: Document, dateTimeService: DateTimeProvider);
property accessTokenTimeoutSubscription
protected accessTokenTimeoutSubscription: Subscription;
property automaticRefreshSubscription
protected automaticRefreshSubscription: Subscription;
property config
protected config: AuthConfig;
property crypto
protected crypto: HashHandler;
property dateTimeService
protected dateTimeService: DateTimeProvider;
property discoveryDocumentLoadedSubject
protected discoveryDocumentLoadedSubject: Subject<OidcDiscoveryDoc>;
property events
events: Observable<OAuthEvent>;
Informs about events, like token_received or token_expires. See the string enum EventType for a full list of event types.
property eventsSubject
protected eventsSubject: Subject<OAuthEvent>;
property grantTypesSupported
protected grantTypesSupported: string[];
property http
protected http: HttpClient;
property idTokenTimeoutSubscription
protected idTokenTimeoutSubscription: Subscription;
property inImplicitFlow
protected inImplicitFlow: boolean;
property jwksUri
protected jwksUri: string;
property logger
protected logger: OAuthLogger;
property ngZone
protected ngZone: NgZone;
property ɵfac
static ɵfac: i0.ɵɵFactoryDeclaration< OAuthService, [ null, null, { optional: true }, { optional: true }, { optional: true }, null, null, { optional: true }, null, null ]>;
property ɵprov
static ɵprov: i0.ɵɵInjectableDeclaration<OAuthService>;
property saveNoncesInLocalStorage
protected saveNoncesInLocalStorage: boolean;
property sessionCheckEventListener
protected sessionCheckEventListener: EventListener;
property sessionCheckTimer
protected sessionCheckTimer: any;
property silentRefreshPostMessageEventListener
protected silentRefreshPostMessageEventListener: EventListener;
property silentRefreshSubject
protected silentRefreshSubject: string;
property state
state?: string;
The received (passed around) state, when logging in with implicit flow.
property tokenReceivedSubscription
protected tokenReceivedSubscription: Subscription;
property tokenValidationHandler
tokenValidationHandler: ValidationHandler;
The ValidationHandler used to validate received id_tokens.
property urlHelper
protected urlHelper: UrlHelperService;
method assertUrlNotNullAndCorrectProtocol
protected assertUrlNotNullAndCorrectProtocol: ( url: string | undefined, description: string) => void;
method authorizationHeader
authorizationHeader: () => string;
Returns the auth-header that can be used to transmit the access_token to a service
method calcTimeout
protected calcTimeout: (storedAt: number, expiration: number) => number;
method calculatePopupFeatures
protected calculatePopupFeatures: (options: { height?: number; width?: number;}) => string;
method callOnTokenReceivedIfExists
protected callOnTokenReceivedIfExists: (options: LoginOptions) => void;
method canPerformSessionCheck
protected canPerformSessionCheck: () => boolean;
method checkAtHash
protected checkAtHash: (params: ValidationParams) => Promise<boolean>;
method checkSession
checkSession: () => void;
method checkSignature
protected checkSignature: (params: ValidationParams) => Promise<any>;
method clearAccessTokenTimer
protected clearAccessTokenTimer: () => void;
method clearAutomaticRefreshTimer
protected clearAutomaticRefreshTimer: () => void;
method clearIdTokenTimer
protected clearIdTokenTimer: () => void;
method configChanged
protected configChanged: () => void;
method configure
configure: (config: AuthConfig) => void;
Use this method to configure the service
Parameter config
the configuration
method createAndSaveNonce
createAndSaveNonce: () => Promise<string>;
method createChallangeVerifierPairForPKCE
protected createChallangeVerifierPairForPKCE: () => Promise<[string, string]>;
method createLoginUrl
protected createLoginUrl: ( state?: string, loginHint?: string, customRedirectUri?: string, noPrompt?: boolean, params?: object) => Promise<string>;
method createNonce
protected createNonce: () => Promise<string>;
method debug
protected debug: (...args: any[]) => void;
method fetchTokenUsingGrant
fetchTokenUsingGrant: ( grantType: string, parameters: object, headers?: HttpHeaders) => Promise<TokenResponse>;
Uses a custom grant type to retrieve tokens.
Parameter grantType
Grant type.
Parameter parameters
Parameters to pass.
Parameter headers
Optional additional HTTP headers.
method fetchTokenUsingPasswordFlow
fetchTokenUsingPasswordFlow: ( userName: string, password: string, headers?: HttpHeaders) => Promise<TokenResponse>;
Uses password flow to exchange userName and password for an access_token.
Parameter userName
Parameter password
Parameter headers
Optional additional http-headers.
method fetchTokenUsingPasswordFlowAndLoadUserProfile
fetchTokenUsingPasswordFlowAndLoadUserProfile: ( userName: string, password: string, headers?: HttpHeaders) => Promise<object>;
Uses password flow to exchange userName and password for an access_token. After receiving the access_token, this method uses it to query the userinfo endpoint in order to get information about the user in question.
When using this, make sure that the property oidc is set to false. Otherwise stricter validations take place that make this operation fail.
Parameter userName
Parameter password
Parameter headers
Optional additional http-headers.
method getAccessToken
getAccessToken: () => string;
Returns the current access_token.
method getAccessTokenExpiration
getAccessTokenExpiration: () => number;
Returns the expiration date of the access_token as milliseconds since 1970.
method getAccessTokenStoredAt
protected getAccessTokenStoredAt: () => number;
method getCustomTokenResponseProperty
getCustomTokenResponseProperty: (requestedProperty: string) => any;
Retrieve a saved custom property of the TokenReponse object. Only if predefined in authconfig.
method getGrantedScopes
getGrantedScopes: () => object;
Returns the granted scopes from the server.
method getIdentityClaims
getIdentityClaims: () => Record<string, any>;
Returns the received claims about the user.
method getIdToken
getIdToken: () => string;
Returns the current id_token.
method getIdTokenExpiration
getIdTokenExpiration: () => number;
Returns the expiration date of the id_token as milliseconds since 1970.
method getIdTokenStoredAt
protected getIdTokenStoredAt: () => number;
method getRefreshToken
getRefreshToken: () => string;
method getSessionState
protected getSessionState: () => string;
method handleLoginError
protected handleLoginError: (options: LoginOptions, parts: object) => void;
method handleSessionChange
protected handleSessionChange: () => void;
method handleSessionError
protected handleSessionError: () => void;
method handleSessionUnchanged
protected handleSessionUnchanged: () => void;
method hasValidAccessToken
hasValidAccessToken: () => boolean;
Checkes, whether there is a valid access_token.
method hasValidIdToken
hasValidIdToken: () => boolean;
Checks whether there is a valid id_token.
method initCodeFlow
initCodeFlow: (additionalState?: string, params?: {}) => void;
Starts the authorization code flow and redirects to user to the auth servers login url.
method initImplicitFlow
initImplicitFlow: (additionalState?: string, params?: string | object) => void;
Starts the implicit flow and redirects to user to the auth servers' login url.
Parameter additionalState
Optional state that is passed around. You'll find this state in the property
state
aftertryLogin
logged in the user.Parameter params
Hash with additional parameter. If it is a string, it is used for the parameter loginHint (for the sake of compatibility with former versions)
method initImplicitFlowInPopup
initImplicitFlowInPopup: (options?: { height?: number; width?: number; windowRef?: Window;}) => Promise<unknown>;
This method exists for backwards compatibility. OAuthService#initLoginFlowInPopup handles both code and implicit flows.
method initImplicitFlowInternal
initImplicitFlowInternal: ( additionalState?: string, params?: string | object) => void;
method initLoginFlow
initLoginFlow: (additionalState?: string, params?: {}) => void;
Start the implicit flow or the code flow, depending on your configuration.
method initLoginFlowInPopup
initLoginFlowInPopup: (options?: { height?: number; width?: number; windowRef?: Window;}) => Promise<unknown>;
method initSessionCheck
protected initSessionCheck: () => void;
method loadDiscoveryDocument
loadDiscoveryDocument: (fullUrl?: string) => Promise<OAuthSuccessEvent>;
Loads the discovery document to configure most properties of this service. The url of the discovery document is infered from the issuer's url according to the OpenId Connect spec. To use another url you can pass it to to optional parameter fullUrl.
Parameter fullUrl
method loadDiscoveryDocumentAndLogin
loadDiscoveryDocumentAndLogin: ( options?: LoginOptions & { state?: string }) => Promise<boolean>;
Convenience method that first calls
loadDiscoveryDocumentAndTryLogin(...)
and if then chains toinitLoginFlow()
, but only if there is no valid IdToken or no valid AccessToken.Parameter options
LoginOptions to pass through to
tryLogin(...)
method loadDiscoveryDocumentAndTryLogin
loadDiscoveryDocumentAndTryLogin: (options?: LoginOptions) => Promise<boolean>;
Convenience method that first calls
loadDiscoveryDocument(...)
and directly chains using thethen(...)
part of the promise to call thetryLogin(...)
method.Parameter options
LoginOptions to pass through to
tryLogin(...)
method loadJwks
protected loadJwks: () => Promise<object>;
method loadUserProfile
loadUserProfile: () => Promise<object>;
Loads the user profile by accessing the user info endpoint defined by OpenId Connect.
When using this with OAuth2 password flow, make sure that the property oidc is set to false. Otherwise stricter validations take place that make this operation fail.
method logOut
logOut: { (): void; (customParameters: boolean | object): void; (noRedirectToLogoutUrl: boolean): void; (noRedirectToLogoutUrl: boolean, state: string): void;};
Removes all tokens and logs the user out. If a logout url is configured, the user is redirected to it with optional state parameter.
Parameter noRedirectToLogoutUrl
Parameter state
method ngOnDestroy
ngOnDestroy: () => void;
method padBase64
protected padBase64: (base64data: any) => string;
method processIdToken
processIdToken: ( idToken: string, accessToken: string, skipNonceCheck?: boolean) => Promise<ParsedIdToken>;
method processMessageEventMessage
protected processMessageEventMessage: (e: MessageEvent) => string;
method refreshInternal
protected refreshInternal: ( params: any, noPrompt: any) => Promise<TokenResponse | OAuthEvent>;
method refreshToken
refreshToken: () => Promise<TokenResponse>;
Refreshes the token using a refresh_token. This does not work for implicit flow, b/c there is no refresh_token in this flow. A solution for this is provided by the method silentRefresh.
method removeSessionCheckEventListener
protected removeSessionCheckEventListener: () => void;
method removeSilentRefreshEventListener
protected removeSilentRefreshEventListener: () => void;
method resetImplicitFlow
resetImplicitFlow: () => void;
Reset current implicit flow
This method allows resetting the current implict flow in order to be initialized again.
method restartRefreshTimerIfStillLoggedIn
protected restartRefreshTimerIfStillLoggedIn: () => void;
method restartSessionChecksIfStillLoggedIn
restartSessionChecksIfStillLoggedIn: () => void;
method revokeTokenAndLogout
revokeTokenAndLogout: ( customParameters?: boolean | object, ignoreCorsIssues?: boolean) => Promise<any>;
Revokes the auth token to secure the vulnarability of the token issued allowing the authorization server to clean up any security credentials associated with the authorization
method setStorage
setStorage: (storage: OAuthStorage) => void;
DEPRECATED. Use a provider for OAuthStorage instead:
{ provide: OAuthStorage, useFactory: oAuthStorageFactory } export function oAuthStorageFactory(): OAuthStorage { return localStorage; } Sets a custom storage used to store the received tokens on client side. By default, the browser's sessionStorage is used.
Parameter storage
method setupAccessTokenTimer
protected setupAccessTokenTimer: () => void;
method setupAutomaticSilentRefresh
setupAutomaticSilentRefresh: ( params?: object, listenTo?: 'access_token' | 'id_token' | 'any', noPrompt?: boolean) => void;
Will setup up silent refreshing for when the token is about to expire. When the user is logged out via this.logOut method, the silent refreshing will pause and not refresh the tokens until the user is logged back in via receiving a new token.
Parameter params
Additional parameter to pass
Parameter listenTo
Setup automatic refresh of a specific token type
method setupExpirationTimers
protected setupExpirationTimers: () => void;
method setupIdTokenTimer
protected setupIdTokenTimer: () => void;
method setupRefreshTimer
protected setupRefreshTimer: () => void;
method setupSessionCheck
protected setupSessionCheck: () => void;
method setupSessionCheckEventListener
protected setupSessionCheckEventListener: () => void;
method setupSilentRefreshEventListener
protected setupSilentRefreshEventListener: () => void;
method silentRefresh
silentRefresh: (params?: object, noPrompt?: boolean) => Promise<OAuthEvent>;
Performs a silent refresh for implicit flow. Use this method to get new tokens when/before the existing tokens expire.
method startSessionCheckTimer
protected startSessionCheckTimer: () => void;
method stopAutomaticRefresh
stopAutomaticRefresh: () => void;
Stops timers for automatic refresh. To restart it, call setupAutomaticSilentRefresh again.
method stopSessionCheckTimer
protected stopSessionCheckTimer: () => void;
method storeAccessTokenResponse
protected storeAccessTokenResponse: ( accessToken: string, refreshToken: string, expiresIn: number, grantedScopes: string, customParameters?: Map<string, string>) => void;
method storeIdToken
protected storeIdToken: (idToken: ParsedIdToken) => void;
method storeSessionState
protected storeSessionState: (sessionState: string) => void;
method tryLogin
tryLogin: (options?: LoginOptions) => Promise<boolean>;
Delegates to tryLoginImplicitFlow for the sake of competability
Parameter options
Optional options.
method tryLoginCodeFlow
tryLoginCodeFlow: (options?: LoginOptions) => Promise<void>;
method tryLoginImplicitFlow
tryLoginImplicitFlow: (options?: LoginOptions) => Promise<boolean>;
Checks whether there are tokens in the hash fragment as a result of the implicit flow. These tokens are parsed, validated and used to sign the user in to the current client.
Parameter options
Optional options.
method validateDiscoveryDocument
protected validateDiscoveryDocument: (doc: OidcDiscoveryDoc) => boolean;
method validateNonce
protected validateNonce: (nonceInState: string) => boolean;
method validateUrlAgainstIssuer
protected validateUrlAgainstIssuer: (url: string) => boolean;
method validateUrlForHttps
protected validateUrlForHttps: (url: string) => boolean;
method validateUrlFromDiscoveryDocument
protected validateUrlFromDiscoveryDocument: (url: string) => string[];
method waitForSilentRefreshAfterSessionChange
protected waitForSilentRefreshAfterSessionChange: () => void;
class OAuthStorage
abstract class OAuthStorage {}
Defines a simple storage that can be used for storing the tokens at client side. Is compatible to localStorage and sessionStorage, but you can also create your own implementations.
method getItem
abstract getItem: (key: string) => string | null;
method removeItem
abstract removeItem: (key: string) => void;
method setItem
abstract setItem: (key: string, data: string) => void;
class OAuthSuccessEvent
class OAuthSuccessEvent extends OAuthEvent {}
constructor
constructor(type: EventType, info?: any);
property info
readonly info: any;
class ReceivedTokens
class ReceivedTokens {}
Represents the received tokens, the received state and the parsed claims from the id-token.
property accessToken
accessToken: string;
property idClaims
idClaims?: {};
property idToken
idToken: string;
property state
state?: string;
class SystemDateTimeProvider
class SystemDateTimeProvider extends DateTimeProvider {}
class UrlHelperService
class UrlHelperService {}
property ɵfac
static ɵfac: i0.ɵɵFactoryDeclaration<UrlHelperService, never>;
property ɵprov
static ɵprov: i0.ɵɵInjectableDeclaration<UrlHelperService>;
method getHashFragmentParams
getHashFragmentParams: (customHashFragment?: string) => object;
method parseQueryString
parseQueryString: (queryString: string) => object;
class ValidationHandler
abstract class ValidationHandler {}
Interface for Handlers that are hooked in to validate tokens.
method validateAtHash
abstract validateAtHash: ( validationParams: ValidationParams) => Promise<boolean>;
Validates the at_hash in an id_token against the received access_token.
method validateSignature
abstract validateSignature: (validationParams: ValidationParams) => Promise<any>;
Validates the signature of an id_token.
Interfaces
interface OidcDiscoveryDoc
interface OidcDiscoveryDoc {}
Represents an OpenID Connect discovery document
property acr_values_supported
acr_values_supported: string[];
property authorization_endpoint
authorization_endpoint: string;
property check_session_iframe
check_session_iframe: string;
property claim_types_supported
claim_types_supported: string[];
property claims_parameter_supported
claims_parameter_supported: boolean;
property claims_supported
claims_supported: string[];
property display_values_supported
display_values_supported: string[];
property end_session_endpoint
end_session_endpoint: string;
property grant_types_supported
grant_types_supported: string[];
property id_token_encryption_alg_values_supported
id_token_encryption_alg_values_supported: string[];
property id_token_encryption_enc_values_supported
id_token_encryption_enc_values_supported: string[];
property id_token_signing_alg_values_supported
id_token_signing_alg_values_supported: string[];
property issuer
issuer: string;
property jwks_uri
jwks_uri: string;
property registration_endpoint
registration_endpoint: string;
property request_object_signing_alg_values_supported
request_object_signing_alg_values_supported: string[];
property response_modes_supported
response_modes_supported: string[];
property response_types_supported
response_types_supported: string[];
property revocation_endpoint
revocation_endpoint: string;
property scopes_supported
scopes_supported: string[];
property service_documentation
service_documentation: string;
property subject_types_supported
subject_types_supported: string[];
property token_endpoint
token_endpoint: string;
property token_endpoint_auth_methods_supported
token_endpoint_auth_methods_supported: string[];
property token_endpoint_auth_signing_alg_values_supported
token_endpoint_auth_signing_alg_values_supported: string[];
property ui_locales_supported
ui_locales_supported: string[];
property userinfo_encryption_alg_values_supported
userinfo_encryption_alg_values_supported: string[];
property userinfo_encryption_enc_values_supported
userinfo_encryption_enc_values_supported: string[];
property userinfo_endpoint
userinfo_endpoint: string;
property userinfo_signing_alg_values_supported
userinfo_signing_alg_values_supported: string[];
interface ParsedIdToken
interface ParsedIdToken {}
Represents the parsed and validated id_token.
property idToken
idToken: string;
property idTokenClaims
idTokenClaims: object;
property idTokenClaimsJson
idTokenClaimsJson: string;
property idTokenExpiresAt
idTokenExpiresAt: number;
property idTokenHeader
idTokenHeader: object;
property idTokenHeaderJson
idTokenHeaderJson: string;
interface TokenResponse
interface TokenResponse {}
Represents the response from the token endpoint http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint
property access_token
access_token: string;
property expires_in
expires_in: number;
property id_token
id_token: string;
property refresh_token
refresh_token: string;
property scope
scope: string;
property state
state?: string;
property token_type
token_type: string;
interface UserInfo
interface UserInfo {}
Represents the response from the user info endpoint http://openid.net/specs/openid-connect-core-1_0.html#UserInfo
property sub
sub: string;
index signature
[key: string]: any;
interface ValidationParams
interface ValidationParams {}
property accessToken
accessToken: string;
property idToken
idToken: string;
property idTokenClaims
idTokenClaims: object;
property idTokenHeader
idTokenHeader: object;
property jwks
jwks: object;
property loadKeys
loadKeys: () => Promise<object>;
Type Aliases
type EventType
type EventType = | 'discovery_document_loaded' | 'jwks_load_error' | 'invalid_nonce_in_state' | 'discovery_document_load_error' | 'discovery_document_validation_error' | 'user_profile_loaded' | 'user_profile_load_error' | 'token_received' | 'token_error' | 'code_error' | 'token_refreshed' | 'token_refresh_error' | 'silent_refresh_error' | 'silently_refreshed' | 'silent_refresh_timeout' | 'token_validation_error' | 'token_expires' | 'session_changed' | 'session_error' | 'session_terminated' | 'session_unchanged' | 'logout' | 'popup_closed' | 'popup_blocked' | 'token_revoke_error';
Package Files (17)
- angular-oauth-oidc.module.d.ts
- auth.config.d.ts
- date-time-provider.d.ts
- events.d.ts
- index.d.ts
- interceptors/default-oauth.interceptor.d.ts
- interceptors/resource-server-error-handler.d.ts
- oauth-module.config.d.ts
- oauth-service.d.ts
- provider.d.ts
- token-validation/hash-handler.d.ts
- token-validation/jwks-validation-handler.d.ts
- token-validation/null-validation-handler.d.ts
- token-validation/validation-handler.d.ts
- tokens.d.ts
- types.d.ts
- url-helper.service.d.ts
Dependencies (1)
Dev Dependencies (0)
No dev dependencies.
Peer Dependencies (2)
Badge
To add a badge like this oneto your package's README, use the codes available below.
You may also use Shields.io to create a custom badge linking to https://www.jsdocs.io/package/angular-oauth2-oidc
.
- Markdown[![jsDocs.io](https://img.shields.io/badge/jsDocs.io-reference-blue)](https://www.jsdocs.io/package/angular-oauth2-oidc)
- HTML<a href="https://www.jsdocs.io/package/angular-oauth2-oidc"><img src="https://img.shields.io/badge/jsDocs.io-reference-blue" alt="jsDocs.io"></a>
- Updated .
Package analyzed in 7345 ms. - Missing or incorrect documentation? Open an issue for this package.