angular-auth-oidc-client icon indicating copy to clipboard operation
angular-auth-oidc-client copied to clipboard
verified publisher icon damienbod

[Question]: Redirected to callback url with code parameter but no session token is retrieved

Open jjwmenting opened this issue 1 year ago • 3 comments

What Version of the library are you using? v17.1.0

Question I have implemented the flow for AWS Cognito as my identity provider. When i try to call the .authorize() function i get redirected to the AWS Cognito login pages as expected. After i login i get redirected to the provided callback URL with the code query parameter but the library keeps telling me i am not authenticated, from my understanding there should have been another call to AWS Cognito to retrieve an access token based on the code given in the callback URL.

I have created a clean Angular v17 without SSR application and included the bare minimum quick start code but the same problem occurs when trying to authenticate. Am i missing something which retrieves the access token from AWS Cognito?

EDIT: Some extra information; after logging in the code authorization seems to be happening and i enter public event type 7 which indicates i am authenticated but .checkAuth() function keeps saying isAuthenticated: false and i can't get a token.

jjwmenting avatar Dec 12 '24 07:12 jjwmenting

Did you figure this out? I'm running into the same issue. I've tried v18.0.2 and v19.0.0. Same problem.

RedSerenity avatar Dec 22 '24 18:12 RedSerenity

For me this issue was solved by correcting the config.redirectUrl. I had accidentally told our IdP to add our URLs with a trailing slash. I guess without trailing slashes are the standard, but I was clumsy while handing over our URLs.

In version 17 of this library, the UrlService.isCallbackFromSts() looks like the following:

isCallbackFromSts(currentUrl) {
    return CALLBACK_PARAMS_TO_CHECK.some((x) => !!this.getUrlParameter(currentUrl, x));
}

In newer versions it looks as follows:

isCallbackFromSts(currentUrl, config) {
    if (config && config.checkRedirectUrlWhenCheckingIfIsCallback) {
        const currentUrlInstance = new URL(currentUrl);
        const redirectUrl = this.getRedirectUrl(config);
        if (!redirectUrl) {
            this.loggerService.logError(config, `UrlService.isCallbackFromSts: could not get redirectUrl from config, was: `, redirectUrl);
            return false;
        }
        const redirectUriUrlInstance = new URL(redirectUrl);
        const redirectUriWithoutQueryParams = this.getUrlWithoutQueryParameters(redirectUriUrlInstance).toString();
        const currentUrlWithoutQueryParams = this.getUrlWithoutQueryParameters(currentUrlInstance).toString();
        const redirectUriQueryParamsArePresentInCurrentUrl = this.queryParametersExist(redirectUriUrlInstance.searchParams, currentUrlInstance.searchParams);

        // PROBLEMATIC ROW BELOW, BUT PRESUMABLY 100% CORRECT
        // PROBLEMATIC ROW BELOW, BUT PRESUMABLY 100% CORRECT
        if (redirectUriWithoutQueryParams !== currentUrlWithoutQueryParams ||
            !redirectUriQueryParamsArePresentInCurrentUrl) {
            return false;
        }
    }
    return CALLBACK_PARAMS_TO_CHECK.some((x) => !!this.getUrlParameter(currentUrl, x));
}

The issues was simply that the current URL doesn't include a trailing slash like the config.redirectURL had. I presume this is correct.

origooo avatar Jan 14 '25 15:01 origooo

I'm using v19.0.0, the callback is complaining [ERROR] 0-6k09icbjhc9gesr99odbno4ftd - Error: Token Endpoint not defined. What am I missing?

foodisready avatar Mar 19 '25 22:03 foodisready