Getting Token Issue in angular 2

[Kannan2020]

Hi Team,
am new to DEX. i configured dex in my server, in default redirection page is showing token. But when i try to login via my angular 2 application login is success and it is redirected to my requested page but in my oauthService.tryLogin({}) method is not triggered and ever time hasValidAccessToken also false.

i refereed for angular 2 Oauth2 given URL : https://www.npmjs.com/package/angular-oauth2-oidc-b2c

Please help on that. thanks

[ericchiang]

It is because we don't implement the userinfo endpoint? #376

[Kannan2020]

Thanks for your reply. Can you please provide sample steps to create userinfo end point in my application.

if you provide detail document for that it is helpful for me

[srenatus]

Can you please provide sample steps to create userinfo end point in my application.

The userinfo endpoint is not something your application would have to provide, but Dex -- as the "OAuth2.0 Authorization Server" in this setting.

However, from looking at the code of the angular2 package you've shared, it seems that this only makes use of the userinfo endpoint in loadUserProfile -- and that only happens for what they call "password flow".
tl;dr: I think this should work with dex when using the implicit flow.

Do you see any errors in your browsers JS console when attempting to login using that package?

[Kannan2020]

Hi Srenatus,

No, am not getting any issue. its working fine but the problem is am not received token. after redirect to my page.

[srenatus]

For other reasons, I'm looking into the use of angular-oauth2-oidc with dex.

I've noted that the project you're using looks like a fork that has been neglected -- judging from the compare view.

• I've checked out the project, fixed a small bug in the example app:

  $ git clone https://github.com/manfredsteyer/angular-oauth2-oidc
  // ...
  $ cd angular-oauth2-oidc/sample
  $ npm install
  // ...
  
  # fix problem in sample:
  $ gsed -i /silet/d src/app/auth-no-discovery.config.ts
  

• Now, add a proxy.conf.json that makes dex being served throught ng serve:

  $ cat > proxy.conf.json <<EOF
  {
    "/dex": {
      "target": "http://localhost:5556",
      "secure": false
    }
  }
  EOF
  

• Change issuer in src/app/auth.config.ts to say http://localhost:4200/dex.

• Change src/app/app.component.ts's configureWithNewConfigApi to use that authConfig -- make it read:

  this.oauthService.configure(authConfig);
  // this.oauthService.configure(googleAuthConfig);

  • also remove voucher from scopes:

    scope: 'openid profile email',

• Also start a dex instance with issuer set to http://localhost:4200/dex, and with a staticClient like this:

  staticClients:
  - id: spa-demo
    redirectURIs:
    - http://localhost:4200/index.html
    name: spa-demo

• start the dev server

  $ node_modules/.bin/ng serve --proxy-config proxy.conf.json
  // ** NG Live Development Server is listening on localhost:4200, open your browser on http://localhost:4200 **
  // ...
  

• go to http://localhost:4200/home, press "Login"
  

• you're redirected do dex, login according to its setup

• you're redirected back to /home, and you'll see it got both an access_token and an id_token:
  

Also note that I see quite a bot going on in the dev tools JS console. Maybe you'll have more insight when adding

  showDebugInformation: true,

to your authConfig?

[srenatus]

@Kannan2020 Is this still something you're interested in, or could this be closed? 😃

[panoti]

I found error from your guide @srenatus

invalid issuer in discovery document expected: http://localhost:4200/dex

Edited: This my fault (I forgot config dex config file 😃), but some warnings appear

sessionChecksEnabled is activated but discovery document does not contain a check_session_iframe field

May be, dex not support check_session_iframe yet, I work around by setting sessionChecksEnabled = false

[srenatus]

May be, dex not support check_session_iframe yet,

That is correct. Dex has no such thing.

[panoti]

Why do you not add /userinfo entrypoint? I found many PR about it but you don't merge. @srenatus

[srenatus]

@panoti I'm in no position to decide (let alone merge! 😅) anything here -- please reach out to the project maintainers (cc @ericchiang @rithujohn191)

[panoti]

LOL. I'm sorry, I thought you was in their team too.

[srenatus]

@panoti no worries 😄 ... I'm just a fan 😉