[Bug]: Load config from HTTP implicit flow - not working

[Meteoeoeo]

Version

15.0.3

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

After checkAuth token is null, isAuthenticated is false

Steps to reproduce the behavior

No response

A clear and concise description of what you expected to happen.

No response

Additional context

After migration to v15 from v12 i have problem with getting configuration. Configuration inside checkauth is downloaded from service, but token is null and isAuthenticated is false. In the response from identity server token exists.

import { HttpClient } from '@angular/common/http';
import { NgModule } from '@angular/core';
import { AuthModule, LogLevel, StsConfigHttpLoader, StsConfigLoader } from 'angular-auth-oidc-client';
import { map } from 'rxjs/operators';
 
export const httpLoaderFactory = (_httpClient: HttpClient) => {
  const config$ = _httpClient
    .get<any>('/_configuration/eFile')
    .pipe(
      map((customConfig: any) => {
        return {
          authority: 'https://localhost:5001',
          authWellknownEndpointUrl: 'https://localhost:5001/.well-known/openid-configuration',// customConfig.authWellknownEndpointUrl,
          redirectUrl: window.location.origin,
          postLogoutRedirectUri: window.location.origin,
          clientId: 'sYy5BdJE4g_ihsud_vC4TL92VN9sbgNiAkgsMb4e_Mg',
          scope: 'openid profile custom.user',
          responseType: 'id_token token',
          logLevel: LogLevel.Debug,
          silentRenew: customConfig.silentRenew,
          useRefreshToken: true,
          ignoreNonceAfterRefresh: true, // this is required if the id_token is not returned
          allowUnsafeReuseRefreshToken: true, // this is required if the refresh token is not rotated
          triggerRefreshWhenIdTokenExpired: false, // required to refresh the browser if id_token is not updated after the first authentication
          autoUserInfo: false, // if the user endpoint is not supported
          secureRoutes: [window.location.origin],
        };
      })
  );

  return new StsConfigHttpLoader(config$);
};

@NgModule({
  imports: [
    AuthModule.forRoot({
      loader: {
        provide: StsConfigLoader,
        useFactory: httpLoaderFactory,
        deps: [HttpClient],
      },
    }),
  ],
  exports: [AuthModule],
})
export class AuthConfigModule { }

When I change configuration to static it's work correctly.

import { HttpClient } from '@angular/common/http';
import { NgModule } from '@angular/core';
import { AuthModule, LogLevel, StsConfigHttpLoader, StsConfigLoader } from 'angular-auth-oidc-client';
import { map } from 'rxjs/operators';
 

@NgModule({
  imports: [
    AuthModule.forRoot({
      config: {
         authority: 'https://localhost:5001',
          authWellknownEndpointUrl: 'https://localhost:5001/.well-known/openid-configuration',// customConfig.authWellknownEndpointUrl,
          redirectUrl: window.location.origin,
          postLogoutRedirectUri: window.location.origin,
          clientId: 'sYy5BdJE4g_ihsud_vC4TL92VN9sbgNiAkgsMb4e_Mg',
          scope: 'openid profile custom.user',
          responseType: 'id_token token',
          logLevel: LogLevel.Debug,
          silentRenew: customConfig.silentRenew,
          useRefreshToken: true,
          ignoreNonceAfterRefresh: true, // this is required if the id_token is not returned
          allowUnsafeReuseRefreshToken: true, // this is required if the refresh token is not rotated
          triggerRefreshWhenIdTokenExpired: false, // required to refresh the browser if id_token is not updated after the first authentication
          autoUserInfo: false, // if the user endpoint is not supported
          secureRoutes: [window.location.origin],
      },
    }),
  ],
  exports: [AuthModule],
})
export class AuthConfigModule { }

[FabianGosebrink]

Did you debug the custom config in your http example to hold the correct values?

[jayachristina]

@Meteoeoeo did you get around fixing this please?

[Meteoeoeo]

Hi,
I changed a few things, I don't remember what exactly helped, because it was some time ago.
It seems to me that the first point solved the above problem, but I will describe you what else I changed.

1. I added window.location.href to the checkAuth method, the earlier version didn't need it and it wasn't described in the migration steps.

this._oidcSecurityService.checkAuth(window.location.href)
2. I removed routing { path: '**', redirectTo: '/home' }
3. I changed obsolete implementation of CanActivate to implementation CanActivateFn

export const AuthGuard: CanActivateFn = (
  _route: ActivatedRouteSnapshot,
  _state: RouterStateSnapshot) => {
  const _authService = inject(AuthenticationService);
 [...]
}

[Meteoeoeo]

Did you debug the custom config in your http example to hold the correct values?

while debugging, I had the correct values in the configuration, but the checkAuth method was not returning the token

[jayachristina]

Thank you @Meteoeoeo

[damienbod]

Could you solve this?

Greetings Damien

[knoxx093]

Having this same issue using code flow.
When we moved from using hard coded config to loading the config via http, login would no longer work (checkAuth showed isAuthenticated: false, after redirecting from SSO back to app)
solution 1. added window.location.href to the checkAuth method
fixed this for us but no idea why.