angular-auth-oidc-client icon indicating copy to clipboard operation
angular-auth-oidc-client copied to clipboard
verified publisher icon damienbod

[Question]: silent authentication for micro frontends

Open pavliy opened this issue 3 years ago • 2 comments

What Version of the library are you using? 14.0.0

Question I'm building micro frontends architecture using module federation and interested in such flow:

  • A (https://app-a.test.com) and B (https://app-b.test.com) - are separate relying parties with their own client ids, scopes etc.
  • User navigates to app A, gets redirected to login page, enters creds and gets in
  • Inside of app A there is app B
  • Because user has already entered creds when navigated to app A and both share same issuer - silent sign in via iframe should happen, so that app B gets its own token in parallel to existing app A

There was similar question couple years ago, but not sure I get the idea referenced there: https://github.com/damienbod/angular-auth-oidc-client/issues/166

Is it possible to achieve described behaviour?

pavliy avatar Apr 18 '22 23:04 pavliy

@pavliy SSI is for this and this works if the server to setup correctly.

damienbod avatar Apr 30 '22 06:04 damienbod

@damienbod thanks for reply. I guess it's enabled on my server. Just wondering how lib will manage to save 2 tokens - for each app. In my understanding:

  • User goes to https://app-a.test.com , gets redirected to authority for login. Enters credentials and gets into app
  • User clicks on the link to load micro app. That triggers https://app-b.test.com load. In my case that's based on webpack module federation (which will load all needs js and dependencies like auth-oidc-client as well)
  • https://app-b.test.com tries to trigger silent sign-in using hidden iframe. In that iframe - there is redirect to authorise call. And if all is good - it redirects to callback page, where there should be kind of script to inform parent window about the successful sign in. Parent saves received data into session or other storage.
  • So in result there are 2 tokens saved, for each app usage.

Wondering if lib can support this kind of flow. Because apps are in different domains and there should be some specifics on client side probably. p.s. I made some attempts, but it didn't work for me. Probably doing something wrong or whole described scenario is not really valid...

pavliy avatar Apr 30 '22 06:04 pavliy