我将Auth0与oidc-client (latest 1.10.1)一起使用。
现在我要做的是使用 PKCE 流而不是隐式流,在AuthModule中我有以下oidc配置:
NgOidcClientModule.forRoot({
// prettier-ignore
oidc_config: {
authority: environment.sts.authority,
client_id: environment.sts.clientId,
redirect_uri: `${environment.appRoot}oidc-login-redirect-callback.html`,
scope: 'openid profile email',
response_type: 'code',
post_logout_redirect_uri: `${environment.appRoot}oidc-logout-redirect-callback.html`,
silent_redirect_uri: `${environment.appRoot}oidc-silent-renew-redirect-callback.html`,
accessTokenExpiringNotificationTime: 10,
automaticSilentRenew: true,
metadata: {
authorization_endpoint: `${environment.sts.authority}authorize?audience=${environment.sts.audience}`,
userinfo_endpoint: `${environment.sts.authority}userinfo`,
issuer: environment.sts.authority,
jwks_uri: `${environment.sts.authority}.well-known/jwks.json`,
// tslint:disable-next-line:max-line-length
end_session_endpoint: `${environment.sts.authority}v2/logout?returnTo=${environment.appRootEncoded + 'oidc-logout-redirect-callback.html'}&client_id=${environment.sts.clientId}`
},
userStore: (() => new WebStorageStateStore({ store: window.localStorage })) as any
}
}),
我不得不将response_type值从id_token toke更改为code。
我读到的另一件事需要更改的是静态页面:
var config = {
userStore: new Oidc.WebStorageStateStore({ store: window.localStorage }),
response_mode: 'query',
};
var mgr = new Oidc.UserManager(config);
我知道我需要为Oidc.UserManager config添加response_mode: 'query'。
现在一切都很好,但我认为我错过了一些东西,因为我被无限重定向了。
我需要在 Auth0 应用程序中进行一些额外的设置吗?