Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Logoff not working #1945

Open
krabouilleur opened this issue May 21, 2024 · 1 comment
Open

[Bug]: Logoff not working #1945

krabouilleur opened this issue May 21, 2024 · 1 comment

Comments

@krabouilleur
Copy link

krabouilleur commented May 21, 2024

Version

17.3.0

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

on "@angular/core": "^17.3.0",
"angular-auth-oidc-client": "17.0.0",

I try to reproduce this example : https://github.com/damienbod/angular-auth-oidc-client/tree/main/projects/sample-code-flow-refresh-tokens

The login is OK, but all logoff methods (revoke etc...) not working

Steps to reproduce the behavior

app.component.html:
<router-outlet />

app.component.ts:
export class AppComponent implements OnInit {
  private readonly oidcSecurityService = inject(OidcSecurityService);
  private readonly primengConfig = inject(PrimeNGConfig);

  isAuthenticated$!: Observable<boolean>;

  ngOnInit(): void {
    this.primengConfig.ripple = true;
    this.isAuthenticated$ = this.oidcSecurityService.isAuthenticated$.pipe(map(r => r.isAuthenticated))

    this.oidcSecurityService
      .checkAuth()
      .subscribe(({ isAuthenticated, accessToken }) => {
        console.log('app authenticated', isAuthenticated);
        console.log(`Current access token is '${accessToken}'`);
      });
  }
}

home.component.ts:
@Component({
  selector: 'app-home',
  standalone: true,
  imports: [AsyncPipe, JsonPipe, NgIf],
  templateUrl: './home.component.html',
  styleUrl: './home.component.scss'
})
export class HomeComponent implements OnInit {
  private readonly oidcSecurityService = inject(OidcSecurityService);

  configuration$ = this.oidcSecurityService.getConfiguration();

  userData$ = this.oidcSecurityService.userData$;

  isAuthenticated = false;

  ngOnInit(): void {
    this.oidcSecurityService.isAuthenticated$.subscribe(
      ({ isAuthenticated }) => {
        this.isAuthenticated = isAuthenticated;

        console.warn('authenticated: ', isAuthenticated);
      }
    );
  }

  login(): void {
    this.oidcSecurityService.authorize();
  }

  refreshSession(): void {
    this.oidcSecurityService
      .forceRefreshSession()
      .subscribe((result) => console.log(result));
  }

  logout(): void {
    this.oidcSecurityService
      .logoff()
      .subscribe((result) => {
        console.log(result)
  });
  }

  logoffAndRevokeTokens(): void {
    this.oidcSecurityService
      .logoffAndRevokeTokens()
      .subscribe((result) => console.log(result));
  }

  revokeRefreshToken(): void {
    this.oidcSecurityService
      .revokeRefreshToken()
      .subscribe((result) => console.log(result));
  }

  revokeAccessToken(): void {
    this.oidcSecurityService
      .revokeAccessToken()
      .subscribe((result) => console.log(result));
  }
}

home.component.html:
<div>Welcome to home Route</div>

<div *ngIf="isAuthenticated; else noAuth">
  <button (click)="logout()">Logout</button>
  <button (click)="logoffAndRevokeTokens()">Logout and revoke tokens</button>
  <button (click)="revokeAccessToken()">Revoke access token</button>
  <button (click)="revokeRefreshToken()">Revoke refresh token</button>
  <button (click)="refreshSession()">Refresh session</button>
  <hr />

  <br />

  Is Authenticated: {{ isAuthenticated }}

  <br />
  userData
  <pre>{{ userData$ | async | json }}</pre>

  <br />
</div>

<ng-template #noAuth>
  <button (click)="login()">Login</button>
  <hr />
</ng-template>

Configuration loaded:
<pre>{{ configuration$ | async | json }}</pre>

app.config.ts:
export const appConfig: ApplicationConfig = {
  providers: [
    provideRouter(routes),
    provideAuth(environment.authConf),
    provideHttpClient()
  ]
};

the auth config:
config: {
        authority: 'https://.....',
        redirectUrl: window.location.origin,
        postLogoutRedirectUri: window.location.origin,
        clientId: '.....',
        scope: 'openid profile email',
        responseType: 'code',
        logLevel: LogLevel.Debug,
    }

A clear and concise description of what you expected to happen.

No response

Additional context

the debug console:
[DEBUG] 0-xxxxxxx - logoff, remove auth undefined
angular-auth-oidc-client.mjs:79
[DEBUG] 0-xxxxxxx - No endsessionUrl present. Logoff was only locally. Returning.
angular-auth-oidc-client.mjs:79

@laurentAstonIf
Copy link

laurentAstonIf commented Jul 4, 2024

Hi

Same concern when migrating from v16.0.1 to v18.0.1
it looks like when you don't provide any configuration name, that the library is using by default the configuration provided
by the server at httpxxxx/.well-known/openid-configuration
instead of the one declared manually which was not the case in v16.0.1

if you have access to the server code, you can declare this endsessionUrl
or pass a configuration key to you logoff method

Laurent

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants