angular-auth-oidc-client
angular-auth-oidc-client copied to clipboard
damienbod
[Question]: How can I do error handling when using StsConfigHttpLoader?
What Version of the library are you using? 13.1.0
Question In my backend, the oidc server to use is configurable. That's why I fetch this config from the backend, and then use StsConfigHttpLoader to tell the library the server to load the appropriate config. But if the user makes a mistake, or if the well-known endpoint is not reachable for any reason, my app explodes. How do I handle the error of the library not being able to fetch the urls given?
This is what I'm doing:
export const oidcConfigLoaderFactory = (
httpClient: HttpClient
): StsConfigHttpLoader =>
new StsConfigHttpLoader(
httpClient.get<BackendVersion>('/api/version/').pipe(
retry(1),
catchError(() => EMPTY),
filter<BackendVersion>(
[....]
),
map<BackendVersion, OpenIdConfiguration>((backendVersion) => ({
authWellknownEndpointUrl: backendVersion.oidc_url,
[....]
})),
)
);
[....]
AuthModule.forRoot({
loader: {
provide: StsConfigLoader,
useFactory: oidcConfigLoaderFactory,
deps: [HttpClient],
},
}),
[...]
I read through the source code and I think the error is coming from here: https://github.com/damienbod/angular-auth-oidc-client/blob/main/projects/angular-auth-oidc-client/src/lib/config/auth-well-known/auth-well-known.service.ts#L34 But I don't see a way to register an error handler there.
Hello, same issue in version 11, there is no way to handle Exception when the request /well-known/openid-configuration fails. I used this lib within an app that should work even if there is no internet access, is there a way to handle this ?
@Lexa-tech I ended up implementing a workaround. It's stupid, but it works. Before configuring the library, I try to fetch the openid-configuration myself - if it works, I pass the url to the library (which then goes and fetches it again). If it doesn't, I don't pass the url to the library.
@peroxid Thanks for the quick reply. In version 11, there is 'eagerLoadAuthWellKnownEndpoints' configuration parameter which can be set to false. The 'well-known/openid-configuration' url is not fetched at startup but later, and it allows my app not to be blocked. According the documentation, with this parameter set to false, the 'well-known/openid-configuration' url should be fetched just before calling the authorize method, but it doesn't seem to be what happens. The good news is: it's non blocking.
@Lexa-tech I ended up implementing a workaround. It's stupid, but it works. Before configuring the library, I try to fetch the openid-configuration myself - if it works, I pass the url to the library (which then goes and fetches it again). If it doesn't, I don't pass the url to the library.
@peroxid , what do you mean by "not passing the url to the library" ? I try to implement your workaround , I fetch openid-configuration and if it fails, I initialize the lib using .withConfig(myConfig, { issuer: 'failed'} . It works, the lib don't call the url to get the endpoints, but the drawback is it will never be populated with the right values when connection will be back, because the values already exist when I reload my app. (I used localStorage to store the endpoints)
@Lexa-tech I'm not sure if I understood correctly. Basically, in the module setup, where the library expects an StsHttpConfigLoader, I either pass the URL or I default to RxJS' EMPTY (see the code at the top). (Passing EMPTY causes the library to do nothing.) Then, in my Login component, I check whether there is an OIDC config using OidcSecurityService.getConfiguration(), and display the OIDC login button to the user accordingly. Hope this helps.