问题描述
我正在尝试使用 OAuth2 库 (angular-oauth2-oidc) 通过 aws cognito 进行身份验证。 当我启动我的应用程序时,我很好地获得了 AwsCognito 的默认登录页面,但是当我输入登录名/密码时,我得到了一个循环页面(未生成令牌)。 hasValidAccesToken 的值已经是 false 这是我登录后得到的循环 URL:
http://localhost:4200/?code=cfb39cc7-936d-4a0d-a176-d796c080dda2&state=Y01hS0dyeXpWY35-Yk9sfmVvZjriRFhoNWF4cGN4TUlZU2JCOUdLS1VMeUE5
在我的代码下面:
Guards.ts
canActivate() {
if (!this.oauthService.hasValidAccesstoken()) {
this.router.navigate(['login']);
return false;
}
return true;
}
登录.ts
constructor(private oauthService: OAuthService,private configService: ConfigService,private router: Router) {
this.oauthService.configure(this.loadConfig());
this.oauthService.tokenValidationHandler = new JwksValidationHandler();
this.oauthService.loaddiscoveryDocumentAndTryLogin().then(() => {
if (!this.oauthService.hasValidIdToken()) {
this.oauthService.initCodeFlow();
}
});
this.oauthService.setupAutomaticSilentRefresh();
}
private loadConfig() {
let authConfiguration: AuthConfig = {};
authConfiguration.clientId = this.configService.config['clientId'];
authConfiguration.issuer = this.configService.config['issuer'];
authConfiguration.clientId = this.configService.config['clientId']; // The "Auth Code + PKCE" client
authConfiguration.responseType = this.configService.config['responseType'];
authConfiguration.redirectUri = window.location.origin +'/home';
authConfiguration.scope = this.configService.config['scope']; // Ask offline_access to support refresh token refreshes
authConfiguration.useSilentRefresh = this.configService.config['useSilentRefresh']; // Needed for Code Flow to suggest using iframe-based refreshes
authConfiguration.silentRefreshTimeout = this.configService.config['silentRefreshTimeout']; // For faster testing
authConfiguration.sessionChecksEnabled = this.configService.config['sessionChecksEnabled'];
authConfiguration.showDebuginformation = this.configService.config['showDebuginformation']; // Also requires enabling "Verbose" level in devtools
authConfiguration.clearHashAfterLogin = this.configService.config['clearHashAfterLogin']; // https://github.com/manfredsteyer/angular-oauth2-oidc/issues/457#issuecomment-431807040;
authConfiguration.nonceStateSeparator = this.configService.config['nonceStateSeparator']; // Real semicolon gets mangled by IdentityServer's URI encoding;
authConfiguration.strictdiscoveryDocumentValidation = this.configService.config['strictdiscoveryDocumentValidation'];
return authConfiguration;
}
config.json
{
"issuer": "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_XXXXXXX","clientId": "3XXXXXXXXXXXXXXX2uc","responseType": "code","scope": "openid profile","useSilentRefresh": true,"silentRefreshTimeout": 5000,"sessionChecksEnabled": true,"showDebuginformation": true,"clearHashAfterLogin": false,"nonceStateSeparator": "semicolon","strictdiscoveryDocumentValidation": false,"AlwaysIncludeuserClaimsInIdToken": true
}
有人对这个问题有想法吗?
解决方法
您尝试使用哪个流程?您的配置定义了 "responseType": "code",
,它建议代码流。
然后,在您的代码中执行 this.oauthService.initImplicitFlow()
使应用尝试使用隐式流程登录。
根据您的 IdP 的配置方式以及您要使用的流,将 responseType 更改为令牌,或使用 this.oauthService.initCodeFlow()
。