Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Response Type 'id_token' in implicit flow

See original GitHub issue

I’m trying to do the implicit flow with response_type id_token and requestAccessToken: false. The library is throwing the error ‘Error validating tokens’ in ‘angular-oauth2-oidc.js:1785’.

My AuthConfig:

export const authConfig: AuthConfig = {
  issuer: environment.url,
  skipIssuerCheck: true,
  redirectUri: window.location.href,
  clientId: environment.clientId,
  responseType: 'id_token',
  requestAccessToken: false,
  scope: 'openid groups',
  showDebugInformation: true,
};

Versions:

“angular-oauth2-oidc”: “^9.2.0”,
“angular-oauth2-oidc-jwks”: “^9.0.0”,

Entire stack trace:

TypeError: Cannot read property 'words' of undefined
    at init.concat (jsrsasign.js:26)
    at Object._append (jsrsasign.js:26)
    at Object.update (jsrsasign.js:26)
    at push../node_modules/jsrsasign/lib/jsrsasign.js.KJUR.crypto.MessageDigest.updateString (jsrsasign.js:242)
    at push../node_modules/jsrsasign/lib/jsrsasign.js.KJUR.crypto.MessageDigest.digestString (jsrsasign.js:242)
    at JwksValidationHandler.calcHash (angular-oauth2-oidc-jwks.js:118)
    at JwksValidationHandler.<anonymous> (angular-oauth2-oidc.js:100)
    at Generator.next (<anonymous>)
    at tslib.es6.js:74
    at new ZoneAwarePromise (zone-evergreen.js:960)

ERROR Error: Uncaught (in promise): TypeError: Cannot read property 'words' of undefined
TypeError: Cannot read property 'words' of undefined
    at init.concat (jsrsasign.js:26)
    at Object._append (jsrsasign.js:26)
    at Object.update (jsrsasign.js:26)
    at push../node_modules/jsrsasign/lib/jsrsasign.js.KJUR.crypto.MessageDigest.updateString (jsrsasign.js:242)
    at push../node_modules/jsrsasign/lib/jsrsasign.js.KJUR.crypto.MessageDigest.digestString (jsrsasign.js:242)
    at JwksValidationHandler.calcHash (angular-oauth2-oidc-jwks.js:118)
    at JwksValidationHandler.<anonymous> (angular-oauth2-oidc.js:100)
    at Generator.next (<anonymous>)
    at tslib.es6.js:74
    at new ZoneAwarePromise (zone-evergreen.js:960)
    at resolvePromise (zone-evergreen.js:798)
    at resolvePromise (zone-evergreen.js:750)
    at zone-evergreen.js:860
    at ZoneDelegate.invokeTask (zone-evergreen.js:399)
    at Object.onInvokeTask (core.js:41344)
    at ZoneDelegate.invokeTask (zone-evergreen.js:398)
    at Zone.runTask (zone-evergreen.js:167)
    at drainMicroTaskQueue (zone-evergreen.js:569)
    at ZoneTask.invokeTask [as invoke] (zone-evergreen.js:484)
    at invokeTask (zone-evergreen.js:1621)

Best regards Nick

Issue Analytics

State:
Created 3 years ago
Comments:12 (6 by maintainers)

Top GitHub Comments

1reaction

nick1699commented, Aug 3, 2020

@jeroenheijmans The issue can be closed.

1reaction

nick1699commented, Apr 29, 2020

I debugged through the code and found the error. There is no at_hash in my id token. I set the property “disableAtHashCheck” in the AuthConfig to true and now it is working.

I think in case of response_type “id_token” in implicit flow the at_hash check should be disabled by default. I created a pull request for this case. (https://github.com/manfredsteyer/angular-oauth2-oidc/pull/808)