0

我正在尝试使用 OAuth2 库 (angular-oauth2-oidc) 通过 aws cognito 进行身份验证。当我启动我的应用程序时,我很好地得到了 AwsCognito 的默认登录页面,但是当我输入登录名/密码时,我得到了一个循环页面(未生成令牌)。hasValidAccesToken 的值已经是 false 这是我登录后得到的循环 URL:

http://localhost:4200/?code=cfb39cc7-936d-4a0d-a176-d796c080dda2&state=Y01hS0dyeXpWY35-Yk9sfmVvZjRiRFhoNWF4cGN4TUlZU2JCOUdLS1VMeUE5

在我的代码下面:

Guards.ts

canActivate() {
   if (!this.oauthService.hasValidAccessToken()) {
      this.router.navigate(['login']);
      return false;
    }
    return true;
  }

登录.ts

constructor(private oauthService: OAuthService, private configService: ConfigService, private router: Router) {  
    this.oauthService.configure(this.loadConfig());
    this.oauthService.tokenValidationHandler = new JwksValidationHandler();

    this.oauthService.loadDiscoveryDocumentAndTryLogin().then(() => {
     if (!this.oauthService.hasValidIdToken()) {
       this.oauthService.initCodeFlow();
     }
   });
     this.oauthService.setupAutomaticSilentRefresh();
  }

private loadConfig() {
    let authConfiguration: AuthConfig = {};
    authConfiguration.clientId = this.configService.config['clientId'];
    authConfiguration.issuer = this.configService.config['issuer'];
    authConfiguration.clientId = this.configService.config['clientId']; // The "Auth Code + PKCE" client
    authConfiguration.responseType = this.configService.config['responseType'];
    authConfiguration.redirectUri = window.location.origin +'/home';
    authConfiguration.scope = this.configService.config['scope']; // Ask offline_access to support refresh token refreshes
    authConfiguration.useSilentRefresh = this.configService.config['useSilentRefresh']; // Needed for Code Flow to suggest using iframe-based refreshes
    authConfiguration.silentRefreshTimeout = this.configService.config['silentRefreshTimeout']; // For faster testing
    authConfiguration.sessionChecksEnabled = this.configService.config['sessionChecksEnabled'];
    authConfiguration.showDebugInformation = this.configService.config['showDebugInformation']; // Also requires enabling "Verbose" level in devtools
    authConfiguration.clearHashAfterLogin = this.configService.config['clearHashAfterLogin']; // https://github.com/manfredsteyer/angular-oauth2-oidc/issues/457#issuecomment-431807040;
    authConfiguration.nonceStateSeparator = this.configService.config['nonceStateSeparator']; // Real semicolon gets mangled by IdentityServer's URI encoding;
    authConfiguration.strictDiscoveryDocumentValidation = this.configService.config['strictDiscoveryDocumentValidation'];

    return authConfiguration;
  }

配置文件

{
    "issuer": "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_XXXXXXX",
    "clientId": "3XXXXXXXXXXXXXXX2uc",
    "responseType": "code",
    "scope": "openid profile",
    "useSilentRefresh": true,
    "silentRefreshTimeout": 5000,
    "sessionChecksEnabled": true,
    "showDebugInformation": true,
    "clearHashAfterLogin": false,
    "nonceStateSeparator": "semicolon",
    "strictDiscoveryDocumentValidation": false,
    "AlwaysIncludeuserClaimsInIdToken": true
}

有人对这个问题有想法吗?

4

1 回答 1

0

您要使用哪个流程?您的配置定义了"responseType": "code",哪些建议代码流。

然后,在您的代码中,您执行的操作this.oauthService.initImplicitFlow()使应用程序尝试使用隐式流程登录。

根据 IdP 的配置方式以及要使用的流,将 responseType 更改为 token,或使用this.oauthService.initCodeFlow().

于 2021-03-25T14:18:44.280 回答