angular-auth-oidc-client icon indicating copy to clipboard operation
angular-auth-oidc-client copied to clipboard
verified publisher icon damienbod

[Question]: is there support for responseType code and Google?

Open glauberferreira opened this issue 2 years ago • 2 comments

What Version of the library are you using? ... "angular-auth-oidc-client": "^15.0.4"

Question How can I configure angular-auth-oidc-client for authority: 'https://accounts.google.com' and responseType: 'code'?

With this configuration, I receive error 400 - https://oauth2.googleapis.com/token

{
  "error": "invalid_request",
  "error_description": "client_secret is missing."
}

Is there support for responseType code and Google? Samples page only shows an example for implicit flow Google, with responseType: 'id_token token'.

glauberferreira avatar Apr 23 '23 14:04 glauberferreira

I am having the same issue. The issue is only with https://oauth2.googleapis.com/token API as the client_secret is a mandatory query parameter.

meashishkr avatar May 04 '23 08:05 meashishkr

I'm not sure Google actually fully supports OIDC yet. I might be wrong because I honestly don't know exactly what is required. But, for example, they always return an opaque token no matter what response type you're using. I have an interceptor in Angular which redirects the token requests through a frontend server which adds the client_secret. I could as well redirect it to my API, but it made sense to use the frontend server in this case.

oidc-client-secret.interceptor.ts

import {
  HttpEvent,
  HttpHandler,
  HttpInterceptor,
  HttpRequest,
} from "@angular/common/http";
import { Injectable } from "@angular/core";
import { Observable } from "rxjs";

@Injectable()
export class OIDCClientSecretInterceptor implements HttpInterceptor {
  intercept(
    req: HttpRequest<any>,
    next: HttpHandler
  ): Observable<HttpEvent<any>> {
    if (req.url.includes(`oauth2.googleapis.com/token`)) {
      req = req.clone({ url: `/internal/google/get-token` });
    }

    return next.handle(req);
  }
}

express frontend server

app.post(`/internal/google/get-token`, async (req, res) => {
  let error = null

  const internalRequest = await axios
    .post(`https://oauth2.googleapis.com/token`, {
      ...req.body,
      client_secret: `...`,
    })
    .catch((_error) => {
      console.error(_error)
      error = `Failed to perform request.`
    })

  if (error) {
    return res.status(500).send(error)
  }

  return res.send(internalRequest.data)
})

origooo avatar Aug 18 '23 11:08 origooo