In my angular2-oauth2 application iam sending request URL as
http://localhost:4200/#/dashboard to get the access token from facebook, but when it returns the code it excludes dashboard and it returns in this form
http://localhost:4200/?accesstoken=tyutsdtsoidspo

Does this one support Resource Owner Flow ? If yes could you please provide sample. I cannot get it work. Thanks.

Hi!

After installed 1.3.10 the problems with wrong at_hash disappearad, at least I thought so. Today the problem re-emerged again. We have a test suite with about 10 GUI tests (coypu based) that tests our login implementation. When executing the suite, now and then some tests fails with wrong at_hash.

Since it is almost impossible to reproduce the problem manually, I have not much information to give you. If I can do anything to help you finding the problem, please let me know!

Regards,

Fredrik

I use server side pre-rendering in my app.

With this service, I have to turn this off in order to use it as the storage provider 'local storage' is not available in node.

This could be fixed by using a shim such as https://www.npmjs.com/package/node-localstorage

if (typeof localStorage === "undefined" || localStorage === null) {
  var LocalStorage = require('node-localstorage').LocalStorage;
  localStorage = new LocalStorage('./scratch');
}

I've been trying to use your module with angular2-seed, and SystemJS keeps reporting errors regarding some weird path issues. It tries to look for the dependency modules under the top node_modules folder and somehow it wants to load node_modules/node_modules/package.json.

I spent a few hours on this and finally solved it by adding the following to my SystemJS config:

    packages: {
        rxjs: { defaultExtension: false },
        "angular2-oauth2": {
            //"baseURL": "/",
            //"format": "register",
            "defaultExtension": "js",
            "map": {
                "base64-js": "./node_modules/base64-js/lib/b64.js",
                "buffer": "./node_modules/buffer/index.js",
                "convert-hex": "./node_modules/sha256/node_modules/convert-hex/convert-hex.js",
                "convert-string": "./node_modules/sha256/node_modules/convert-string/convert-string.js",
                "ieee754": "./node_modules/buffer/node_modules/ieee754/index.js",
                "isarray": "./node_modules/buffer/node_modules/isarray/index.js",
                "js-base64": "./node_modules/js-base64/base64.js",
                "sha256": "./node_modules/sha256/lib/sha256.js"
            },
        }
    },

Not sure if this is the best approach, thought you might want to know this.

Thanks!

The OAuth 2 Authorization Code Grant appears to not be implemented?

Is this on the roadmap?

Spec: https://tools.ietf.org/html/rfc6749#section-4.1

Mistake here:

OAuthService.prototype.hasValidIdToken = function () {
if (this.getIdToken) {

should be this.getIdToken() ?

The onTokenReceived option to OAuthService.tryLogin() is called twice when the token was only received once. It may be as simple as removing the first call to the function and let it be handled in callEventIfExists.

I am using using your library with my angular rc4 project. My Oauth 2 server is Spring Oauth 2.

Everything works fine but access token and other information gets appended in the redirect Uri after successful authentication.

It becomes like this :
http://localhost:3000/setup#access_token=bf7a077c-00cd-4abe-a3dc-cbf3986dec08&token_type=bearer&state=7rxsUXgchbnNU1T3A2SwmHwpmZeQCmB9EdFlotMY&expires_in=1799563032

Please help me as I have to deliver this quickly.

nice work on this library BTW, its working like a charm!

My only issue is tokens time out after about 24 hours; so rather than the app becoming unresponsive I'd like to setup a timer that if the user leaves their browser open the UI automatically redirects to the login page when the token expires. To do this I just need a public method to expose the expires_at property thats stored in the local / session storage

Can anybody provide an real-world example of using this lib? I tryed to authorize Steam using this, but maximum, that i achieved, was redirection after pressing "login" button on steamcomunity.com page without any sighn of authentification process. Is it possible? Steam using OpenId. Thanks!

I get the following error at this line in the checkAtHash method:
var leftMostHalf = tokenHash.slice(0, (tokenHash.length/2) );
var tokenHashBase64 = fromByteArray(leftMostHalf); --> Argument of type 'any[]' is not assignable to parameter of type 'Uint8Array'

I use the default value of sessionChecksEnabled (false).
In the validateDiscoveryDocument function
this.sessionChecksEnabled = doc['check_session_iframe'];
so later if(this.sessionChecksEnabled) will be true (even if I specified false initially)

I'm newbie with angular2 and you angular2-oauth2 module.

I want to create login form with username and password and after user click login app send this data to my own (golang oauth2 backend, that verifies data and return some token).
What i need to do in login?

   public login() {
        this.oAuthService.initImplicitFlow();
    }

what is the initImplicitFlow ? where i can find help for module methods? Thanks!

On readme says that we need to configure the loginUrl, redirectUri, etc (https://github.com/manfredsteyer/angular2-oauth2#top-level-component) but on new angular2 structure should be a bit different.

We should configure it on src/app/app.module.ts something like Angular2Ouath2.forRoot(loginUrl: ...)

It would be cool if this supported refresh tokens. They're pretty handy when accessing Google APIs.

Hi!

I unintentionally found a minor glitch in the warn output written to the console when the defined issuer isn't the issuer set in the returned claims:

    if (this.issuer && claims.iss !== this.issuer) {
        console.warn("Wrong issuer: " + claims.issuer);
        return false;
    }

The property issuer in the console.warn should be iss.

Thanks for an excellent and easy way to authenticate our users!

Without the repository attribute in package.json, NPM doesn't automatically know where to find the source. I realize that the source link is in the README but that doesn't show up in the NPM sidebar where users would normally look.

I could probably do a PR with this but can't do an npm publish.

Hi Guys,

How/Where can i assign the "responseType", currently get error of "Property 'responseType' does not exist on type 'OAuthService'"

Cheers, Rodrigo

Hi!

After logging in, I am able to access some of the values stored by the service, like access_token, but not id_token ? I'm getting back both values through the url

Bear in mind I'm very new at this.

thanks!

Javier

I'm trying to implement some sort of single-sign-on when the user loads the app but doesn't have a valid (access-/)identitytoken. How who we implement this?

1. User enters page
2. Not logged in?
3. Redirect to token provider
4. Check the token
5. Access the application

We want to implement it so the user doesn't have to press the login button, they are probably already logged-in so they'll get a token instantly.

Where should I put the initImplicitFlow() call for this to happen?

I tried to integrate this with angular2 (using google platform authenticate) latest release 2.1.0 but it fails at this point, there were some different options provided by google platform than given in your documentation. Can you please give an example with Google authentication?

I get many errors like:
context.idToken and oauthService.clientId is null, .toPromise(); is not a method.

this.oauthService.tryLogin({
validationHandler: context => {
var search = new URLSearchParams();
search.set('token', context.idToken);
search.set('client_id', oauthService.clientId);
return http.get(validationUrl, { search}).toPromise();
}
})

In the tryLogin() method, if oidc is set to false then onTokenReceived get invoked due to following code

if (!this.oidc && options.onTokenReceived) {
       options.onTokenReceived({ accessToken: accessToken });
}

Then later, in the same method, it gets invoked again due to

if (options.validationHandler) {
        var validationParams = { accessToken: accessToken, idToken: idToken };
        options
            .validationHandler(validationParams)
            .then(function () {
            _this.callEventIfExists(options);
        })
            .catch(function (reason) {
            console.error('Error validating tokens');
            console.error(reason);
        });
}
else {
        this.callEventIfExists(options);
}

Why does angular2-oauth2 needs base64-js and js-base64 which seems to fullfill the same purpose. Where's the difference and why we need to include both?

When I try to use canActivate on a route it always returns false. I am doing an implicit flow and when it redirects back it seems like it does not wait for the service to be aware of the login and it always redirects back to the login page.

`@Injectable()
export class AuthGuardService implements CanActivate {

constructor (
    private _oauthService: OAuthService,
    private _router: Router
) {

}

canActivate(route: ActivatedRouteSnapshot, state: RouterStateSnapshot) {
    if (this.loggedIn) {
        return true;
    }

    //Redirect the user before denying them access to this route
    this._router.navigate(['/welcome']);
    return false;
}

get loggedIn() {
    return this._oauthService.hasValidAccessToken();
}

}`

Do you plan to implement password flow ?