0

I'm trying to implement angular-oauth2-oidc Authentication in my angular app. On server side everything is configured correctly (also CORS).

My configuration looks like this:

    this.oauthService.configure(authCodeFlowConfig);
    this.oauthService.setStorage(localStorage);
    this.oauthService.setupAutomaticSilentRefresh();
    this.oauthService.tokenValidationHandler = new NullValidationHandler();
    this.oauthService.loadDiscoveryDocumentAndTryLogin().then(() => {
       console.log('Discovery document fetched successfully');
    });

My URL looks like this:

https://some-identity-provider.com/OAuth/Authorize?client_id=xxxxxx&p=my_policy&redirect_uri=' + window.location.origin + '&scope=openid%20profile&response_type=id_token

This URL definitely works. When I open it directly in the browser, it correctly redirects me to the login page.

However, in my application, it tries to redirect me to the login page, but I'm getting a CORS error: enter image description here

When I look at the parameters, it seems to append /.well-known/openid-configuration to the last parameter.

enter image description here

Somehow it seems to mix up the URL and its query parameters...

Can anybody please help?

dave0688
  • 5,372
  • 7
  • 33
  • 64
  • 1
    You're not showing the full code to reproduce the issue, so we need to guess a little bit at the root cause unfortunately. Did you perhaps configure the library with the query string inside the `issuer`? The library needs the "naked" issuer and be allowed to append the `.well-known` stuff for some requests, and do the query string itself for others. See for example [this way I tend to configure things](https://github.com/jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards/blob/master/src/app/core/auth-config.ts). – Jeroen Mar 23 '23 at 23:39
  • Hi @Jeroen, meanwhile I figured it out. It was exactly what you pointed out: I've added the URL (with it's query parameters). But in order to fetch the `.well-known`, it needs to be without the query parameter. This was something which kept me up for a long time (my mistake). However, this could also be highlighted more prominently in the docs to save others from that. – dave0688 Mar 27 '23 at 18:28
  • Cheers! You could consider writing it up as an answer to your own question, for others to see more clearly than a comment? Cheers anyways, glad you fixed it! – Jeroen Mar 27 '23 at 21:06

0 Answers0