2

I use this oidc for accessing identityserver4 authentication. every thing works fine. After I log in, user data was lost after I hit F5 to refresh the data. Here is my auth.service.ts.

import { HttpClient , HttpHeaders} from '@angular/common/http';
import { EventEmitter, Injectable } from '@angular/core';
import { User, UserManager } from 'oidc-client';
import { Observable } from 'rxjs/Rx';

import { getUserManagerSettings } from '../utils/get-user-manager-settings-util';

@Injectable()
export class AuthService {
   mgr: UserManager = new UserManager(getUserManagerSettings());
   userLoadededEvent: EventEmitter<User> = new EventEmitter<User>();
   currentUser: User;
   loggedIn = false;
   authHeaders: Headers;
   constructor(private http: HttpClient) {

    this.mgr.getUser()
    .then((user) => {
    if (user) {
      this.loggedIn = true;
      this.currentUser = user;
      this.userLoadededEvent.emit(user);
    } else {
      this.loggedIn = false;
    }
  })
  .catch((err) => {
    this.loggedIn = false;
  });

  this.mgr.events.addUserLoaded((user) => {
    this.currentUser = user;
    this.loggedIn = !!user;
  });

  this.mgr.events.addUserUnloaded((e) => {
    this.loggedIn = false;
  });
 }

isLoggedInObs(): Observable<boolean> {
   return Observable.fromPromise(this.mgr.getUser()).map<User, boolean>
  ((user) => {
  if (user) {
    return true;
  } else {
    return false;
  }
});
}

clearState() {
 this.mgr.clearStaleState().then(function () {
}).catch(function (e) {
});
}

getUser() {
this.mgr.getUser().then((user) => {
  this.currentUser = user;
}).catch(function (err) {
});
}

removeUser() {
this.mgr.removeUser().then(() => {
}).catch(function (err) {
});
}

startSigninMainWindow() {
 this.mgr.signinRedirect({ data: 'some data' }).then(function () {
}).catch(function (err) {
});
}
endSigninMainWindow() {
this.mgr.signinRedirectCallback().then(function (user) {
}).catch(function (err) {
});
}

startSignoutMainWindow() {
 this.mgr.signoutRedirect().then(function (resp) {
  setTimeout(5000, () => {
  });
}).catch(function (err) {
});
}

endSignoutMainWindow() {
this.mgr.signoutRedirectCallback().then(function (resp) {
}).catch(function (err) {
});
}

getHeader() {
  return new HttpHeaders().set('Authorization', this.currentUser.token_type 
+ ' ' + this.currentUser.access_token);
}
}

Here is the api.service.ts file. The auth.service.ts is used by ap.service to get headers.

   import { HttpClient } from '@angular/common/http';
   import { Injectable } from '@angular/core';
   import { Observable } from 'rxjs/Observable';
   import { AuthService} from './auth.service';

   @Injectable()
    export class ApiService {

    constructor(private http: HttpClient, private authService: AuthService) 
    { }

   get(path, body?): Observable<any> {
     const options = body ? {...body, headers: this.authService.getHeader()} 
    : {headers: this.authService.getHeader()};
    return this.http.get(path, options);
   }

   post(path, body?) {
       return this.http.post(path, body, { headers: 
     this.authService.getHeader()});
   }
   put(path, body?) {
     return this.http.put(path, body, {headers: 
    this.authService.getHeader()});
    }
   delete(path: string, body?) {
     const options = body ? {...body, headers: this.authService.getHeader()} 
    : {headers: this.authService.getHeader()};
    return this.http.delete(path, options);
  }
 }

It seems the api call fire twice. There is no header first time, then there is second call with header.

user3097695
  • 1,152
  • 2
  • 16
  • 42
  • give some more details, log messages etc. – m3n7alsnak3 Feb 21 '18 at 19:12
  • You question is too broad, but if you are using JWT you need to store your token local storage etc – johnny 5 Feb 21 '18 at 19:58
  • oidc-client library provide user management. When I set break point, I noticed token is still there in angular api call. However, I did not receive the claims in IdentityServer4 code. It seems each api call fire twice. There is no header first time, and there is a header second time from trace in fiddler. – user3097695 Feb 21 '18 at 20:23
  • I wonder if the api call first time is called preflight requests. – user3097695 Feb 21 '18 at 20:43
  • My expression is that the F5 will cause page reload. I wonder if that action clear some cache used by oidc-client library. – user3097695 Feb 21 '18 at 21:56
  • I tried to debug it C# api controller method. The token is actually in the request headers. There is an error message in sessions. "Session has not been configured for this application or request." – user3097695 Feb 21 '18 at 23:51
  • I think I found the reason for the problem. There is a lifetime for the access token. I give a value of 10 mins. if there is an inactivity for 10 mins, the login user expired. Here is the proposed fix: I will set the accesstokenlifetime to 1 hour ( the same as default value in IdentityServer4). When the user is expired, the Angular application will login out when F5 is pressed or there is an action. – user3097695 Feb 22 '18 at 16:51

0 Answers0