You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
Error: Failed to retrieve user info with error: Error: Received no user data, request failed.
This error has been raised by the event service. The real error has not been handled correctly.
The user data can't be stored, because it makes a validation of the id_tokens.sub, which is undefined in case you have activated the `disableIdTokenValidation` in the OpenIdConfiguration.
The function validateUserDataSubIdToken() is called in the UserService. This function returns undefined. That blocks the logic to store the user data.
Steps to reproduce the behavior
- login and use special configs autoUserInfo = true and disableIdTokenValidation=true
- get error messages in your console and see that user info can't be loaded
A clear and concise description of what you expected to happen.
I expect, that user info can be loaded, no matter if I disable or enable the `disableIdTokenValidation" - Property in the OpenIdConfiguration - Class.
Additional context
Description
We run the authentication client with Angular Version 14 and Authentication Package Version 14. Enduser told us, they need to relogin after a couple of minutes. Our solution: disableIdTokenValidation = true, which worked fine for us.
We are updating our projects to Angular 17, now. So, we update the authentication package, also. I'm happy about the fact, that there are no breaking changes in the API. Thank you for that!
BUT: With the exact settings we are not able to join you software, because the user data can't be loaded. After a couple of hours and a lot of debugging, I found out, that everything works fine, when I set disableIdTokenValidation to false.
There must be a change in the previouse versions. I my oppinion it is a bug.
Context
Here are my Configurations:
import{Injectable}from"@angular/core";import{LogLevel,OpenIdConfiguration}from"angular-auth-oidc-client";import{ClientConfigurationProvider}from"../../application-bootstrapping/client-configuration-provider";import{ClientConfiguration}from"../../application-configuration/client-configuration";/** * Provider is loaded by the OIDC Service. I provides the suitable configs for the angular oidc client * See: https://angular-auth-oidc-client.com/docs/documentation/configuration#getting-static-config-from-a-service-sync to get more informations */
@Injectable({providedIn: "root"})exportclassAuthenticationConfigProvider{constructor(privatereadonly_clientConfigurationProvider: ClientConfigurationProvider){}publicprovide(): OpenIdConfiguration{constcurrentClient: ClientConfiguration=this._clientConfigurationProvider.provide();constconfigFromClientConfiguration=currentClient.identityServerConfiguration;constconfig: OpenIdConfiguration={authority: configFromClientConfiguration?.identityHostUrl,redirectUrl: configFromClientConfiguration?.loginRedirectUrl,postLoginRoute: "/auto-login",clientId: configFromClientConfiguration?.clientId,responseType: "code",scope: configFromClientConfiguration?.scopes,useRefreshToken: true,silentRenew: true,logLevel: LogLevel.Debug,silentRenewUrl: `${configFromClientConfiguration?.clientProtocol}://${configFromClientConfiguration?.clientHost}/silent-renew.html`,triggerAuthorizationResultEvent: false,disableIatOffsetValidation: true,renewTimeBeforeTokenExpiresInSeconds: 100,disableIdTokenValidation: true};returnconfig;}}
Please let me know if you need more informations
Related Classes
Let me show you what I found out:
I am using CodeFlow.
Therefore the FlowService.processCodeFlowCallback() will be called.
In that function the this lines of code will be called:
Here the callback will be enriched with informations.
You are landing in the StateValidationService and the function validateState()
In case you have disableIdTokenValidation = true the callback will not enrichted correctly.
Let's go to a higher view again:
FlowService.processCodeFlowCallback()
Version
17.0.0
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
Steps to reproduce the behavior
A clear and concise description of what you expected to happen.
Additional context
Description
We run the authentication client with Angular Version 14 and Authentication Package Version 14. Enduser told us, they need to relogin after a couple of minutes. Our solution: disableIdTokenValidation = true, which worked fine for us.
We are updating our projects to Angular 17, now. So, we update the authentication package, also. I'm happy about the fact, that there are no breaking changes in the API. Thank you for that!
BUT: With the exact settings we are not able to join you software, because the user data can't be loaded. After a couple of hours and a lot of debugging, I found out, that everything works fine, when I set
disableIdTokenValidation
to false.There must be a change in the previouse versions. I my oppinion it is a bug.
Context
Here are my Configurations:
Please let me know if you need more informations
Related Classes
Let me show you what I found out:
I am using CodeFlow.
Therefore the FlowService.processCodeFlowCallback() will be called.
In that function the this lines of code will be called:
Here the callback will be enriched with informations.
You are landing in the StateValidationService and the function validateState()
In case you have disableIdTokenValidation = true the callback will not enrichted correctly.
Let's go to a higher view again:
FlowService.processCodeFlowCallback()
Here is this code fragment:
This is responsible to validate the user info and store it in the browser session state.
The code reaches:
The last function can't return true, because the callback context doesn't keep the id_token.
How to fix
StateValidationService
UserService
The text was updated successfully, but these errors were encountered: