我正在尝试在我的应用程序中使用库angular-oauth2-oidc。
这是我的 AuthConfig
const adsfUrl = 'https://xxxx.xxxxx.xxx/adfs';
export const ADSF_AUTH_CONFIG: AuthConfig = {
redirectUri: window.location.origin,
clientId: 'debdb149-65c3-4ac7-99c5-acbfa59f66d0',
requireHttps: false,
loginUrl: adsfUrl + '/oauth2/authorize',
issuer: adsfUrl,
scope: 'openid profile email',
responseType: 'id_token token',
oidc: true,
logoutUrl: adsfUrl +
'/ls/?wa=wsignoutcleanup1.0&wreply=' + location.protocol +
'//' + location.hostname + (location.port ? ':' + location.port : ''),
postLogoutRedirectUri: location.protocol + '//' +
location.hostname + (location.port ? ':' + location.port : '')
};
这是我为隐式流配置解决方案的组件:
export class UnauthorizedHomePageComponent implements OnInit {
returnUrl: string;
constructor(
private oauthService: OAuthService,
private router: Router,
private activatedRoute: ActivatedRoute
) {}
ngOnInit(): void {
this.oauthService.configure(ADSF_AUTH_CONFIG);
this.oauthService.tokenValidationHandler = new JwksValidationHandler();
if (!this.oauthService.hasValidAccessToken()) {
this.oauthService.loadDiscoveryDocumentAndTryLogin().then(() => {
if (this.oauthService.hasValidAccessToken()) {
const obj = {
identity: this.oauthService.getIdentityClaims(),
token: this.oauthService.getAccessToken(),
idtoken: this.oauthService.getIdToken(),
};
console.log(obj);
this.router.navigate(['pages']);
}
});
}
}
}
如您所见,我没有this.oauthService.initImplicitFlow()在上面的代码中调用。我在一个子组件中执行此操作,在该组件中我还收集了一些用户的额外详细信息并将它们存储到本地存储中,然后再将它们重定向到标识提供者。
这段代码工作得很好。我这么说是因为即使用户被重定向到身份提供者并且也被正确识别,但在本地存储或会话存储中都看不到令牌,即使我可以看到在 url 中返回了令牌:
http://localhost:4200/#access_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5zaUk3eXBnU2dPOFc0SXYtWWdYQk5OMzZHbyJ9.eyJhdWQiOiJtaWNyb3NvZnQ6aWRlbnRpdHlzZXJ2ZXI6ZGViZGIxNDktNjVjMy00YWM3LTk5YzUtYWNiZmE1OWY2NmQwIiwiaXNzIjoiaHR0cDovL2FkZnNxYS5iZWxjb3JwLmJpei9hZGZzL3NlcnZpY2VzL3RydXN0IiwiaWF0IjoxNTkzMTMxNjI3LCJleHAiOjE1OTMxMzUyMjcsImFwcHR5cGUiOiJQdWJsaWMiLCJhcHBpZCI6ImRlYmRiMTQ5LTY1YzMtNGFjNy05OWM1LWFjYmZhNTlmNjZkMCIsImF1dGhtZXRob2QiOiJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5zcG9ydCIsImF1dGhfdGltZSI6IjIwMjAtMDYtMjZUMDA6MzM6NDcuMTQ0WiIsInZlciI6IjEuMCIsInNjcCI6Im9wZW5pZCJ9.qcw8pb9G1ZWWBL0Ywi3256RWxUCawUjHyfkQBrvnseysLhHw4TeAjfD0RRTrLYCzgyexZq-8e-WAkpc_1LovC7MHglkKT_IwhTuAmzZiDsYMjWVBLDq1i8B3PNjsG5P4t1gXH9xf5hrex7eguBwraHhYViwUIJ6ovZWgcs3yFicPoiJls8dsH1MsbhN5vj9EieCtUnPItlesW_pdbww7u016n2YxIdmXI83AuWiy8rQtNZ4cmK_zQefKRz7QL4NveRskt0PAfYFfw6iE-TdGqt535mTv5ddMdIXG8HIgShpsZm-fhbBGHxrXMCe5RkLVRqFBSkiJPOGtW9_Ib6bPWg&token_type=bearer&expires_in=3600&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik5zaUk3eXBnU2dPOFc0SXYtWWdYQk5OMzZHbyIsImtpZCI6Ik5zaUk3eXBnU2dPOFc0SXYtWWdYQk5OMzZHbyJ9.eyJhdWQiOiJkZWJkYjE0OS02NWMzLTRhYzctOTljNS1hY2JmYTU5ZjY2ZDAiLCJpc3MiOiJodHRwczovL2FkZnNxYS5iZWxjb3JwLmJpei9hZGZzIiwiaWF0IjoxNTkzMTMxNjI3LCJleHAiOjE1OTMxMzUyMjcsImF1dGhfdGltZSI6MTU5MzEzMTYyNywibm9uY2UiOiJMVEZsWm5kMlpHZHRRM0ZrYkVKbFRXNVlMVm81T0haTVlWSmtNbEZKZVVoS1gyMVdXRUozWlRGMFNUWksiLCJzdWIiOiJWbzN3Zlp5SGM2bUtKUkRmZXJFN1lYS1piS2RHeGRscFg3MDZmaG5DNlg0PSIsInVwbiI6InNkaWdpdGFsc3NpY2NAYmVsY29ycC5iaXoiLCJ1bmlxdWVfbmFtZSI6IkdBTElMRU9cXHNkaWdpdGFsc3NpY2MiLCJwd2RfdXJsIjoiaHR0cHM6Ly9hZGZzcWEuYmVsY29ycC5iaXovYWRmcy9wb3J0YWwvdXBkYXRlcGFzc3dvcmQvIiwicHdkX2V4cCI6IjY0NDc1NzMiLCJzaWQiOiJTLTEtNS0yMS0yOTk1NTc5MDg3LTM4MTQ3OTIyMjItMzkyNjA5OTA2Ni0xOTIyOTMiLCJhdF9oYXNoIjoiaGJ5LUNPd2hjeGp5S05ycE1DQXd1QSJ9.LXbBATjnRxQt1PmUBMOQBGQ30DZ32clcELarwt_MKel-ghEWARcfauojdW5T1QV08arWCyZp8SJRVNFWwvH-aYM3ilCUObeP8DIXpbfM2h3AP9btACybb8CpaFbLbQJtF-7zNMowZ_FTZ_1vsDDIx2VhYktEMjfXL8xghHV-Ci9NU8wRQPby8FwI0YZ-QzMqzawnXLZx4e9zpjsiI5fuFJFSCO6QQzIn0f6K-uDmalO1-9r8q8e6e_oFmYxS5Pr50FbZjH_1hGyWKZf_dnjcBziwH5O0_v0vdi1DrKiseZey43IhkFGuVIrUvctUmastRJr9-appBz0Z58tSTZks_Q&scope=openid&state=LTFlZnd2ZGdtQ3FkbEJlTW5YLVo5OHZMYVJkMlFJeUhKX21WWEJ3ZTF0STZK
我想知道的是:
- 上面代码的哪一部分应该检索和存储
access_token身份提供者返回的内容? - 它应该存储在哪里?
如果#access_token附加到 的那个段redirectUri不是在您将范围配置为 时应该返回的令牌responseType: 'id_token token',那么我应该在哪里查找该令牌?
我真的希望你能对此有所了解。