Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

JwksValidationHandler + requestAccessToken: false = Error validating tokens

See original GitHub issue

Hi,

In my use case, we don’t use the access_token, we only use the id_token. So I’ve set requestAccessToken to false, but I still need to validate the id_token.

I’m validating the token using this.oauthService.tokenValidationHandler = new JwksValidationHandler();, which throw an error after the login:

angular-oauth2-oidc.js:1183 Error validating tokens
angular-oauth2-oidc.js:1184 TypeError: Cannot read property 'words' of undefined
core.js:15714 ERROR Error: Uncaught (in promise): TypeError: Cannot read property 'words' of undefined

I think that that the validateAtHash method in the ValidationHandler should not be called if requestAccessToken is set to false.

For now I simply extended the JwksValidationHandler and override validateAtHash:

import {JwksValidationHandler, ValidationParams} from 'angular-oauth2-oidc';

/**
 * Override the validateAtHash method as we don't request/use the access_token
 */
export class NoAccessTokenValidationHandler extends JwksValidationHandler {
    validateAtHash(validationParams: ValidationParams): Promise<boolean> {
        return Promise.resolve(true);
    }
}

Issue Analytics

State:
Created 5 years ago
Reactions:6
Comments:7 (1 by maintainers)

Top GitHub Comments

1reaction

manfredsteyercommented, Mar 23, 2020

Forgot to close this. We’ve added this check a while ago.

1reaction

ddhillecommented, Nov 21, 2019

Sorry for answering this old thread, it’s still open. Maybe I can clarify things:

@orditeck I just ran into the same issue. Same configuration, no access_token. TypeError: Cannot read property 'words' of undefined.

Thoroughly debugged @manfredsteyer 's code; was wondering why the JwksValidationHandler is missing the jwks object though it has been loaded.

Facepalm: I initialized the JwksValidationHandler BEFORE the DiscoveryDocument has been loaded. This solved my issue:

this.oauthService.loadDiscoveryDocument(myfunnyurl).then(() => {
  this.oauthService.tokenValidationHandler = new JwksValidationHandler();
});

Adding error handling for this would be nice @manfredsteyer 😉

@coltonneil The NullValidationHandler is not a solution; you’re just skipping validation, right…?

Top Results From Across the Web

JwksValidationHandler + requestAccessToken: false = Error ...

JwksValidationHandler + requestAccessToken: false = Error validating tokens ... Hi,. In my use case, we don't use the access_token , we only use...

Token not getting set with libary [angular-oauth2-oidc]

Need to add JWKs token Validator in your configration. And set Jwks as per your Response type this.oauthService.

OAuthService - angular-oauth2-oidc

These tokens are parsed, validated and used to sign the user in to the current client. Parameters : Name, Type, Optional, Default value,...

Angular-oauth2-oidc: Error validating tokens. Wrong nonce.

As a consequence the nonce from the first request(loadDiscoveryDocumentAndTryLogin) is overwritten by the second request(initImplicitFlow) ...

angular-oauth2-oidc - UNPKG

6, "ng://angular-oauth2-oidc/out/token-validation/jwks-validation-handler.ts", ... !this.oidc) {\r\n throw new Error(\r\n 'Either requestAccessToken or oidc ...