Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
skipIssuerCheck flag is ignored
See original GitHub issueI ran into an issue where configuring the library without a discovery document causes an wrong issuer error to be thrown even though skipIssuerCheck is true.
Error validating tokens angular-oauth2-oidc.js:1183
Wrong issuer: https://login.microsoftonline.com/cba9e115-3016-4462-a1ab-a565cba0cdf1/v2.0 angular-oauth2-oidc.js:1184
ERROR Error: "Uncaught (in promise): Wrong issuer: https://login.microsoftonline.com/cba9e115-3016-4462-a1ab-a565cba0cdf1/v2.0"
export const config: AuthConfig = {
clientId: '<redacted>',
redirectUri: window.location.origin,
skipIssuerCheck: true,
scope: 'openid profile email',
issuer: 'https://login.microsoftonline.com/common/v2.0',
loginUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
logoutUrl: 'https://login.microsoftonline.com/common/oauth2/v2.0/logout',
tokenEndpoint: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
userinfoEndpoint: 'https://graph.microsoft.com/oidc/userinfo',
};
@Injectable()
export class AuthenticationService {
private service: OAuthService;
constructor(service: OAuthService) {
this.service = service;
this.service.configure(config);
this.service.tokenValidationHandler = new JwksValidationHandler();
}
login(): void {
if (!this.service.hasValidAccessToken()) {
this.service.tryLogin().then(() => {
this.service.initImplicitFlow();
});
}
}
}
Issue Analytics
- State:
- Created 5 years ago
- Reactions:2
- Comments:7 (2 by maintainers)
Top Results From Across the Web
OAuthService - angular-oauth2-oidc
Public Optional skipIssuerCheck. Default value : false. Inherited from AuthConfig. Defined in AuthConfig:213. Defined whether to skip the validation of the ...
Read more >Allow the OIDC issuer verification to be skipped if desired ...
Allow the OIDC issuer verification to be skipped if desired. ... SkipOIDCDiscovery bool `flag:"skip-oidc-discovery" ...
Read more >angular-oauth2-oidc: Versions | Openbase
Skip issuer check in processIdToken if skipIssuerCheck is true #527 by ismcagdas ... Added a flag to disable OAuth2-style state check for edge...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Looking at the code, this might be intentional (if I read/understand it right). The
skipIssuerCheckonly does this:https://github.com/manfredsteyer/angular-oauth2-oidc/blob/0274cf5c03080e2a139abbf84d2bb9dd2480f3c2/projects/lib/src/oauth-service.ts#L480-L490
The error you describe is thrown here, inside the
processIdToken(...)method:https://github.com/manfredsteyer/angular-oauth2-oidc/blob/0274cf5c03080e2a139abbf84d2bb9dd2480f3c2/projects/lib/src/oauth-service.ts#L1503-L1506
Not sure if this was intentional or is a bug, but either way there seems to be no way to skip validation of the issuer mentioned in the
processIdToken(...)method.If you’d want that, the only things to do seem to be:
Not sure from the top of my head if it makes sense to have the check only in one case, someone else might chip in on that.
Done, https://github.com/manfredsteyer/angular-oauth2-oidc/pull/527