changed to code flow

2020-10-15 15:52:45 +03:00 · 2020-10-15 15:52:45 +03:00 · 7d3cd68e41
commit 7d3cd68e41
parent 45acf3b005
2 changed files with 32 additions and 5 deletions
--- a/apps/red-ui/src/app/app.module.ts
+++ b/apps/red-ui/src/app/app.module.ts
@ -2,7 +2,7 @@ import { BrowserModule } from '@angular/platform-browser';
 import { APP_INITIALIZER, NgModule } from '@angular/core';

 import { AppComponent } from './app.component';
-import { RouterModule } from '@angular/router';
+import {ActivatedRoute, ActivatedRouteSnapshot, Router, RouterModule} from '@angular/router';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 import { ReactiveFormsModule, FormsModule } from '@angular/forms';
 import { HTTP_INTERCEPTORS, HttpClient, HttpClientModule } from '@angular/common/http';
@ -168,4 +168,20 @@ export function HttpLoaderFactory(httpClient: HttpClient) {
  bootstrap: [AppComponent]
 })
 export class AppModule {
+
+  constructor(private router: Router,private route: ActivatedRoute) {
+    route.queryParamMap.subscribe(queryParams=>{
+      if(queryParams.has('code') || queryParams.has('state') || queryParams.has('session_state')) {
+        this.router.navigate([], {
+          queryParams: {
+            'state': null,
+            'session_state': null,
+            'code': null,
+          },
+          queryParamsHandling: 'merge'
+        })
+      }
+    })
+
+  }
 }
--- a/apps/red-ui/src/app/auth/auth.guard.ts
+++ b/apps/red-ui/src/app/auth/auth.guard.ts
@ -4,7 +4,6 @@ import {Observable} from "rxjs";
 import {AuthConfig, OAuthService} from "angular-oauth2-oidc";
 import {AppConfigKey, AppConfigService} from "../app-config/app-config.service";
 import {map} from "rxjs/operators";
-import {JwksValidationHandler} from "angular-oauth2-oidc-jwks";
 import {UserService} from "../user/user.service";


@ -24,8 +23,17 @@ export class AuthGuard implements CanActivate {
    this._configured = true;
    const authConfig = await this._createConfiguration().toPromise();
    this._oauthService.configure(authConfig);
-    this._oauthService.tokenValidationHandler = new JwksValidationHandler();
    this._oauthService.setupAutomaticSilentRefresh();
+
+
+    window['silentRefresh'] =() =>{
+      this
+        ._oauthService
+        .silentRefresh()
+        .then(info => console.debug('refresh ok', info))
+        .catch(err => console.error('refresh error', err));
+    };
+
    return this._oauthService.loadDiscoveryDocumentAndTryLogin();
  }

@ -38,7 +46,9 @@ export class AuthGuard implements CanActivate {
  }

  private async _checkToken() {
-    const expired = this._oauthService.getAccessTokenExpiration() - new Date().getTime() < 0;
+    const timeLeft= ((this._oauthService.getAccessTokenExpiration() - new Date().getTime()) / 1000);
+    const expired = timeLeft < 60;
+
    if (!this._oauthService.getAccessToken() || expired) {
      this._oauthService.initLoginFlow();
      return false;
@ -56,7 +66,8 @@ export class AuthGuard implements CanActivate {
        issuer: config[AppConfigKey.OAUTH_URL],
        redirectUri: window.location.origin,
        clientId: config[AppConfigKey.OAUTH_CLIENT_ID],
-        scope: 'openid',
+        scope: 'openid profile email offline_access',
+        responseType: 'code',
        showDebugInformation: true,
        silentRefreshRedirectUri: window.location.origin + '/assets/oauth/silent-refresh.html',
        useSilentRefresh: true,