Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Implicit flow not working without access token #1899

Open
lorenzodallavecchia opened this issue Feb 9, 2024 · 0 comments
Open

[Bug]: Implicit flow not working without access token #1899

lorenzodallavecchia opened this issue Feb 9, 2024 · 0 comments

Comments

@lorenzodallavecchia
Copy link

Version

At least 14.0.2 up to 17.1.3 (latest)

Please provide a link to a minimal reproduction of the bug

https://github.com/lorenzodallavecchia/bug-implicit-without-token

Please provide the exception or error you saw

The authentication does not complete correctly, despite the IdP successful response.

Steps to reproduce the behavior

Please see the README.md file in the repro repository.

A clear and concise description of what you expected to happen.

I expected the authentication to be completed correctly, accepting the `id_token` passed back from the IdP. I am not expecting to retrieve data from the user profile, since it is not possible without an access token.

Additional context

Angular-auth-oidc-client is considering the configuration unauthenticated because there is no access token.

There is also this weird point in state-validation.service.ts that declares the same configuration both successful and unsuccessful (you can see that in the log too). That line was even commented in the original commit that introduced it.

angular-auth-oidc-client/projects/angular-auth-oidc-client/src/lib/validation/state-validation.service.ts

Line 349 in d4d613e

this.handleUnsuccessfulValidation(configuration);

This is the relevant log.

[DEBUG] 0-public - Working with config '0-public' using https://oidctest.wsweet.org/
[DEBUG] 0-public - currentUrl to check auth with:  http://localhost:8080/#id_token=eyJraWQiOiJvaWRjdGVzdCIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJpYXQiOjE3MDc0ODk2OTMsIm5hbWUiOiJEb2N0b3IgV2hvIiwiYWNyIjoibG9hLTIiLCJpc3MiOiJodHRwczovL29pZGN0ZXN0Lndzd2VldC5vcmcvIiwiYXV0aF90aW1lIjoxNzA3NDg5NjkzLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJkd2hvIiwic3ViIjoiZHdobyIsImF1ZCI6WyJwdWJsaWMiXSwiZW1haWwiOiJkd2hvQGJhZHdvbGYub3JnIiwibm9uY2UiOiIyNjYxNjVkMTVmNDc3ODk1YTQ1YzA0MzJjMTlkZDY3Mzg3VHV2UnNqYSIsImF6cCI6InB1YmxpYyIsImV4cCI6MTcwNzQ5MzI5M30.tk2qeoaJF3Gp5DdTwt6hLYL-IKAur3U3pRVB8OKquCwEyAKfFO7WV1TOglEoY85IAmn1FVMjdtOx8J0ZqH9iIq3GzfYdhvCi4S6DhW7Mv5i_D1Mmuqh7eyhxRM_Zk2gKyzlM1x-0mBAMPcE1NRqjQu_CcnpWlp49rk5zBa-8MehXN38Z0G1_hW9GFwzFd_1Ub5Rtq_z6GOZCNiXUx6gwrKpJyMHb_6NkxjqLKif3pvdGk9Js7wd5dQ5teJMxHdR4dMeEP5E-x-8kX_DNeN70Kk4D3nJY36WHnbU5m0sv-oig9wnsKan3XI8PXtDGS1cmvDCdzG-n023H-bsYtgw6YIc0-4UWXSeWkCJ-ERHJ3pnFP7rCMxJOru_vYYjvX0SWGC0Sk12esQTvFFYdmkYSrZcpPrl8qNEq-OL0Nbe5p-Dl0VywFKU3OtthrhNvIXB_YvUYfdUFOjbzl3DNwkH0dZG0P2doNqF1XbGpP8eIK4Dnf28qRcCvGkSNmxZZfU2k4QwbAsMIcP9kS_O2Kl4q0U5I2YmyMMUxy2sDm5ZAY_XAm6IpRbQrQM5UVDYK1Vwcj2KsybNf3iLQZknq-w6SHqfLcjXnfCydX6RbGU5xnV29Ub-MG8xzw8AX8EGyIzRJ1K-PZAXVTnSwvzhXJ0sEe3J9J87rmhL-64pcQEtQi0I&expires_in=3600&state=dbe120b65661b0b571b74a7a1d0fbb80e83I3tPC7&scope=openid+profile+email&session_state=jf5MKhOWxrGlQA5HzEp3sfuqoUFNvkjM07xtLgM%2FP8c%3D.ZVVTa3lKaWhaY01TbUNUc2hEbk9aTUtBMk1VdW5WWGxjYjNXT3BaNjNKYk1KQ1Fsa2RCcmc1K0FqYnFSTlNJaGRzSU1RS3NwSk5mNE1FZEkrcHNvUXc9PQ
[DEBUG] 0-public - BEGIN callback, no auth data
[DEBUG] 0-public - Local Login information cleaned up and event fired
[DEBUG] 0-public - AuthResult '{
GVzdCIsInR5cCI6IkpXVCIsImFsZyI6IlJTMjU2In0.eyJpYXQiOjE3MDc0ODk2OTMsIm5hbWUiOiJEb2N0b3IgV2hvIiwiYWNyIjoibG9hLTIiLCJpc3MiOiJodHRwczovL29pZGN0ZXN0Lndzd2VldC5vcmcvIiwiYXV0aF90aW1lIjoxNzA3NDg5NjkzLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJkd2hvIiwic3ViIjoiZHdobyIsImF1ZCI6WyJwdWJsaWMiXSwiZW1haWwiOiJkd2hvQGJhZHdvbGYub3JnIiwibm9uY2UiOiIyNjYxNjVkMTVmNDc3ODk1YTQ1YzA0MzJjMTlkZDY3Mzg3VHV2UnNqYSIsImF6cCI6InB1YmxpYyIsImV4cCI6MTcwNzQ5MzI5M30.tk2qeoaJF3Gp5DdTwt6hLYL-IKAur3U3pRVB8OKquCwEyAKfFO7WV1TOglEoY85IAmn1FVMjdtOx8J0ZqH9iIq3GzfYdhvCi4S6DhW7Mv5i_D1Mmuqh7eyhxRM_Zk2gKyzlM1x-0mBAMPcE1NRqjQu_CcnpWlp49rk5zBa-8MehXN38Z0G1_hW9GFwzFd_1Ub5Rtq_z6GOZCNiXUx6gwrKpJyMHb_6NkxjqLKif3pvdGk9Js7wd5dQ5teJMxHdR4dMeEP5E-x-8kX_DNeN70Kk4D3nJY36WHnbU5m0sv-oig9wnsKan3XI8PXtDGS1cmvDCdzG-n023H-bsYtgw6YIc0-4UWXSeWkCJ-ERHJ3pnFP7rCMxJOru_vYYjvX0SWGC0Sk12esQTvFFYdmkYSrZcpPrl8qNEq-OL0Nbe5p-Dl0VywFKU3OtthrhNvIXB_YvUYfdUFOjbzl3DNwkH0dZG0P2doNqF1XbGpP8eIK4Dnf28qRcCvGkSNmxZZfU2k4QwbAsMIcP9kS_O2Kl4q0U5I2YmyMMUxy2sDm5ZAY_XAm6IpRbQrQM5UVDYK1Vwcj2KsybNf3iLQZknq-w6SHqfLcjXnfCydX6RbGU5xnV29Ub-MG8xzw8AX8EGyIzRJ1K-PZAXVTnSwvzhXJ0sEe3J9J87rmhL-64pcQEtQi0I",

4a7a1d0fbb80e83I3tPC7",
",
QA5HzEp3sfuqoUFNvkjM07xtLgM%2FP8c%3D.ZVVTa3lKaWhaY01TbUNUc2hEbk9aTUtBMk1VdW5WWGxjYjNXT3BaNjNKYk1KQ1Fsa2RCcmc1K0FqYnFSTlNJaGRzSU1RS3NwSk5mNE1FZEkrcHNvUXc9PQ"

n token validation
[DEBUG] 0-public - Getting signinkeys from  https://oidctest.wsweet.org/oauth2/jwks
g in development mode.
[DEBUG] 0-public - validate id token iat max offset 1000 < 120000
[DEBUG] 0-public - Has idToken expired: false --> expires in 59:59 , 16:41:33 > 15:41:34
[DEBUG] 0-public - authCallback token(s) validated, continue
[DEBUG] 0-public - authCallback token(s) invalid
[DEBUG] 0-public - storing the accessToken ''
[DEBUG] 0-public - authCallback idToken flow with accessToken 
[DEBUG] 0-public - checkAuth completed - firing events now. isAuthenticated: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lorenzodallavecchia