Feat/Auth : Playground Sample : automatic refresh token #658

alain-charles · 2018-08-22T15:40:10Z

Feat/Auth : Playground / Backend sample : automatic refreshToken

This pull requests implements in both backend and playground an example of Oauth2 authentication with automatic refreshtoken requests sent to the backend when the local stored accesstoken has expired.
This allows the user not to type his login/password as long as his refresh-token is valid.
The refreshtoken requests are sent transparently.

You can easily test the code by calling the url http:https://localhost:4200/#/auth/api-calls.component
Then the AuthGuard service redirects you to the login page.

The strategy used to log in is Oauth2 with password grant-type, so you can use [email protected].

You are then logged with an access token whose ttl is 60 seconds and a refresh token whose ttl is 120 seconds.
These values can be modified in the configuration of the backend (config.js).

Call of the secured api

Once logged, go immediately to http:https://localhost:4200/#/auth/api-calls.component and click the call API button.

The XHR request is send with the authorization header containing Bearer + the access-token.
You can see that Alain's got good wines in his cellar.

Automatic refresh-token request

Wait a minute, and click once again on the call-api button.

Observe the network logs of you browser : the acces-token was expired, so the framework sent automatically a refresh request to the backend

with the next content :

and it got a new access-token:

then it called with success the protected api.

Redirect to login or anything else when refresh_token has expired

If you wait once a minute, and if you click the call-api button, the framework sends a new refreshToken request

The component responsible for the API call intercepts the backend 401 error and you are redirected to the login page

Hope you will like this work.

PS: this can be played in the playground with NbAuthPasswordStrategy as well, just replace in the ** playground** auth-module.ts:

login: {
          strategy: 'password',
...}

by

login: {
          strategy: 'email',
...}

Now : If existing, NbAuthResult contains backend error description other Changes requested by Dmitry (first review)

Now : If existing, NbAuthResult contains backend error description other Changes requested by Dmitry (first review) +tslint missing trailing comma arghhh

…erted in the doc

…hService

…strategy used to create the token (future use)

The token now contains ownerStrategyName, with is a back link to the strategy used to create the token (future use). BREAKING CHANGE : NbAuthCreateToken (token.ts) now takes a third parameter, which is the ownerStrategyName Tokens are created by strategies that are called from services, so it is *potentially* a breaking change.

The token now contains ownerStrategyName, with is a back link to the strategy used to create the token (future use). updated unit tests files and oauth2-password-login.component (breaking change below) BREAKING CHANGE : NbAuthCreateToken (token.ts) now takes a third parameter, which is the ownerStrategyName Tokens are created by strategies that are called from services, so it is *potentially* a breaking change.

removed useless code and cleaned one unit test file BREAKING CHANGE : NbAuthCreateToken (token.ts) now takes a third parameter, which is the ownerStrategyName Tokens are created by strategies that are called from services, so it is *potentially* a breaking change.

# Conflicts: # src/framework/auth/services/token/token.ts Optimized token.ts code

…uth-automaticRefreshToken # Conflicts: # src/framework/auth/services/token/token.spec.ts # src/framework/auth/services/token/token.ts

In cas of invalid token, the interceptor & authService now try *automatically* to refresh the token. Redirection to the login page is now made only if refreshToken fails to get a valid access-token. playground : new Url ''/auth/api-calls.component' to play the above functionality. backend : updated with necessary stuff to respond to the api-calls.component.

…cture This version implements a filter function for any urls the client code wants to exclude from NbAuthJWTInterceptor. Auths url base endpoints must be added in filters so that the interceptor does not run into infinite loop. NOT TO BE MERGED since another possible version is commented out in this code.

… into feat/auth-automaticRefreshToken

Automatic refreshToken Call example in the playground.

nnixaa · 2018-08-22T15:43:08Z

src/backend/app.js

+ var token = req.body.refresh_token;
+
+ // token issued via email strategy
+ if (token === 'eb4e15840117437cbfd7343f257c4aae') {


let's move this 'eb4e15840117437cbfd7343f257c4aae' into a variable

nnixaa · 2018-08-22T15:44:53Z

src/framework/auth/strategies/oauth2/oauth2-strategy.ts

@@ -3,7 +3,7 @@
 * Copyright Akveo. All Rights Reserved.
 * Licensed under the MIT License. See License.txt in the project root for license information.
 */
-import { Inject, Injectable } from '@angular/core';
+import {Inject, Injectable } from '@angular/core';


we really need that style checker!

nnixaa · 2018-08-22T15:45:00Z

src/framework/auth/strategies/oauth2/oauth2-strategy.ts

@@ -23,7 +23,7 @@ import {
 auth2StrategyOptions,
 NbOAuth2GrantType, NbOAuth2ClientAuthMethod,
 } from './oauth2-strategy.options';
-import { NbAuthStrategyClass } from '../../auth.options';
+import { NbAuthStrategyClass} from '../../auth.options';


nnixaa · 2018-08-22T15:45:10Z