1

I'm using oidc-client-js in an Angular application and would like to use the acr_values to pass an IDP value to Identity Server 4. (Identity Server is our primary token service, but we have configured it to use Okta as an external provider for one tenant of the application.)

Setting the value like this in Angular:

this.userManager = new UserManager({
      authority: environment.stsAuthority,
      client_id: window.location.hostname,
      acr_values: 'ipd:oktatest',
      ...

The generated URL contains %26acr_values%3Dipd%253Aoktatest which is what you get if you URL encode idp:oktatest twice.

If I manually change the URL to %26acr_values%3Didp%3Aoktatest it works as expected. (It's hard to pick up on the difference but the % sign in %3A between ipd and okta becomes %25 when it's double encoded.)

Am I doing something wrong? Is this a bug? Is there a better way to specify the value of acr_values in the Angular code?

jefftrotman
  • 1,059
  • 7
  • 16
  • Did you try `encodeURIComponent ` before sending to IDP? this migh resolve your issue – Sohan Sep 08 '20 at 06:58
  • I can't explain why, but after trying the suggestion about signinRedirect and changing my code back - this started working without the double encoding. So - it works, but I have no idea what's different now. – jefftrotman Sep 09 '20 at 00:12
  • Could you tell me what exactly you changed, did you tried only `encodeURIComponent ` or both i.e below answer given by Shahar ? – Sohan Sep 09 '20 at 08:42

1 Answers1

0

You can try this workaround by defining the acr_values at the level of signinRedirect:

this.options.acr_values = 'ipd:oktatest';
this.userManager.signinRedirect(this.options);

this.userManager = new UserManager({
    authority: environment.stsAuthority,
    client_id: window.location.hostname,
    ...});
Shahar Shokrani
  • 7,598
  • 9
  • 48
  • 91
  • This seemed like a good possibility although I couldn't get it work as written. I did try calling the signInRedirect but this didn't seem to work either. – jefftrotman Sep 09 '20 at 00:10