Your example AngularClient is sort of mixture MVC + Angular 2 is there reason for that?
Why wouldn't you use just Angular-CLI for that project ?

Rx warnings in browser, need to fix, remove

Hi!

Thanks for your work on this and your blog - they have both been a great resource for me in dealing with auth in ng2.

Not sure if you are actually trying to document how to implement the entire OIDC spec yourself. If not, it would be great to use the official" oidc-client. Any plans for that? That way we would get a lot of "freebies", like token renewal, token validation, better fragment handling...

https://github.com/IdentityModel/oidc-client-js

Via the decoding, the profile information is missing meanwhile the OIDC_client can fetch anything out.
Any hint for it?

Thanks, Alva

http://openid.net/specs/openid-connect-implicit-1_0.html

described: 2.2.1. ID Token Validation

aspnet/DataProtection#146

Hi Damo,

With the angularJS client, loading just says This is server routing, not angular2 routing

Looking in the project, there is no index page either? something missing here?

Cheers

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

In the method AuthorizedCallback() when the "authResponseIsValid" is true there are a command "this._router.navigate(['/dataeventrecords']);" --> this command don't work.

Clients MUST validate the ID Token per Section 2.2.1.”.
If the nonce from the id token is being used, then should the client validate the signature of the id token too?

Hi,
I've got your sample AngularJS code working in my project at a basic level, it authenticates OK which is all fine, but I need to develop this a bit further, and looking for some pointers on the best way to do this.

Say for example I have a left had Nav bar and with 2 items "view" and "admin" and I have 2 users ReadOnlyUser and AdminUser (admin user has role/claim of Admin) ReadOnlyUser doesn't. I only want to show "admin" in the NavBar to AdminUser and protect the root /admin - what is the best way of doing this in Angular?

Thanks
Richard

This requires an extra round trip with IdentityServer rc4 to get the user claims, roles, no longer included in the id_token

I implemented angular2client oidc service, when I run app in .net core I get following error:

An unhandled exception occurred while processing the request.

Exception: Call to Node module failed with error: ReferenceError: sessionStorage is not defined
at new OidcSecurityService

Add support for one time tokens so that the access_token is not used in the URL for file downloads

When the server session has expired, the client SPA should check this before calling the https://localhost:44345/connect/endsession

URL:
https://localhost:44345/connect/checksession

can you show an example of this using Angular2?

http://stackoverflow.com/questions/35048005/has-anyone-created-any-angular2-auth-wrapper-classes-for-identityserver-3-4

Severity Code Description Project File Line Suppression State
Error eqeqeq Expected '!==' and instead saw '!='. AngularClient C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\AngularClient\wwwroot\app.js 1
Error TS5023 Build:Unknown compiler option 'skipLibCheck'. C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\ResourceWithIdentityServerWithClient\ResourceWithIdentityServerWithClient.xproj C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\ResourceWithIdentityServerWithClient\tsc 1
Error TS5023 Build:Unknown compiler option 'lib'. C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\ResourceWithIdentityServerWithClient\ResourceWithIdentityServerWithClient.xproj C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\ResourceWithIdentityServerWithClient\tsc 1
Error TS5023 Build:Unknown compiler option 'types'. C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\ResourceWithIdentityServerWithClient\ResourceWithIdentityServerWithClient.xproj C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\ResourceWithIdentityServerWithClient\tsc 1
Error TS5023 Build:Unknown compiler option 'skipLibCheck'. Angular2Client C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\Angular2Client\tsc 1
Error TS5023 Build:Unknown compiler option 'lib'. Angular2Client C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\Angular2Client\tsc 1
Error TS5023 Build:Unknown compiler option 'types'. Angular2Client C:\Git\AspNet5IdentityServerAngularImplicitFlow\src\Angular2Client\tsc 1

After a successfully login, the SPA throws a routing exception for the '' route.

hi,
Thanks a lot for your sample very helpful.
i've got error when i click to login? i don't know why.
i've got the same error when i use implicit flow example here https://github.com/IdentityServer/IdentityServer4.Samples

can you please help.

Lots of breaking changes

• login changed (OK for multi app, single app routing problem since update)
• logout changed (OK)
• Config Scopes (OK)
• IProfileService changed (OK)
• ConsentModel changed (OK)
• Register new user redirects incorrectly (must test again)
• Consent shows double claims (OK)
• resource claims check returns a 403 (OK)
• roles missing from id_token (OK)
• claims missing from introspection result, cannot use claims on resource server (OK)

client should logoff and redirect

Hi,
first of all thanks for the work you're doing. I'm really appreciating these examples cause they're giving me a way to start my implementation. I started from your IdentityServerWithIdentitySQLite project and used SQLServer instead of SQLite. Everything is working, I have many clients and I would say everything is ok except for one issue: PostLogoutRedictUris are always null, so there's no redirection once the user accept to logout.

From the OpenId Connect protocol I know that logout should do a get request to the IdentityServer4:
/connect/endsession?id_token_hint=...&post_logout_redirect_uri=https://myapp.com
as written here in the documentation https://identityserver.github.io/Documentation/docsv2/endpoints/endSession.html.

By debugging I saw that the IdentityServer automatically redirect this request (302 http code) to
/account/logout?logoutId=0cf0260b9525018e49bb0e9398691865 and then your AccountController.cs take the request and should get info about the LogoutId using the IIdentityServerInteractionService _interaction variable. Here is my issue:

var logout = await _interaction.GetLogoutContextAsync(model.LogoutId);
var vm = new LoggedOutViewModel
            {
                PostLogoutRedirectUri = logout?.PostLogoutRedirectUri,
                ClientName = logout?.ClientId,
                SignOutIframeUrl = logout?.SignOutIFrameUrl
            };

logout has all fields sets to null, except for the SignOutIframeUrl which is set to the url of the http://identityserverurlandport//connect/endsession/callback?sid=e9dd3bdacab365f7fd1872f3ddfb2852&logoutId=0cf0260b9525018e49bb0e9398691865

Do you have an idea why _interaction is not giving me any information from my LogoutId? LogoutId as you can see is not empty. I really do not catch why GetLogoutContextAsync is giving me back null values except SignOutIframeUrl.

Alessandro

It would be nice to update the project to use the most recent version 1.1 of ASP.NET Core and the new tools preview.
It might be as little as changing the Version in global.json to "version": "1.0.0-preview2-003131" instead of "version": "1.0.0-preview2-003121"

Hi Damo,

keep up the fantastic work mate.

Any chance can do an Ionic 2 or Electron example?

cant seem to find anything out there, and wondering if you could please do one or point towards one if you know of one.

Thank you for awesome examples. Any chance you will create one for Hybrid flow + Angular 2 ?

code splitting
lazy loading

When I press the button “Yes, Allow” at the screen “angularclient is requesting your permission” I have an error:
GET https://localhost:44347/authorized 404 (not Found) :44347/authorized#id_token=eyJhbGciOiJSUzI1NiIsImtp…

fixes client performance

I try to start without debugging the IdentityServerAspNet5 using IIS Express.
The first time it attempted to execute I was asked if I would like to install a security token. I answered yes.
Thereafter and each subsequent time I attempt to start the app I get a http Error 500.19
The suspicious information on that page is the Config file reads ?\C:\git\damienbod\AspNet5IdentityServerAngularImplicitFlow\src\IdentityServerAspNet5\wwwroot\web.config
Any hints on how to get past this point?

EDIT
If I try Start Debugging - The error message is "An error occurred attempting to determine the process id of the DNX" process hosting your application.

Under Visual Studio 2015 it is not possible to build the project. The build session hangs.

Hi,

Great examples, thanks for that.

I'm trying to add external providers to your IdentityServer4 implementation but I cannot find the right way :(

I have added Microsoft.AspNet.Authentication.Google as a dependency and added the following to Startup.cs:

    app.UseGoogleAuthentication( options =>
    {
        options.ClientId = "xxx";
        options.ClientSecret = "xxx";
    } );

Got the error "The 'SignInScheme' option must be provided." so I added the following too: options.SignInScheme = "NoIdeaWhatToPutThereButItWorks";.

Now it loads, but I have no idea what to do next :(

I'm trying to see how MVC6 does it but they use AspNet.Identity, which I think isn't ready for IdentityServer4, plus, I don't really want local registration anyway, I'd like to use external providers only.

Thanks.