使用angular-oauth2-oidc登录后未生成令牌

Question

我正在尝试使用OAuth2库(angular-oauth2-oidc)进行aws cognito的身份验证。当我启动我的应用程序时，我得到了AwsCognito的默认登录页面，但当我输入登录/密码时，我得到了一个循环页面(未生成令牌)。hasValidAccesToken的值已经是false，这是我在日志记录后得到的循环URL：

http://localhost:4200/?code=cfb39cc7-936d-4a0d-a176-d796c080dda2&state=Y01hS0dyeXpWY35-Yk9sfmVvZjRiRFhoNWF4cGN4TUlZU2JCOUdLS1VMeUE5

下面是我的代码：

Guards.ts

canActivate() {
   if (!this.oauthService.hasValidAccessToken()) {
      this.router.navigate(['login']);
      return false;
    }
    return true;
  }

login.ts

constructor(private oauthService: OAuthService, private configService: ConfigService, private router: Router) {  
    this.oauthService.configure(this.loadConfig());
    this.oauthService.tokenValidationHandler = new JwksValidationHandler();

    this.oauthService.loadDiscoveryDocumentAndTryLogin().then(() => {
     if (!this.oauthService.hasValidIdToken()) {
       this.oauthService.initCodeFlow();
     }
   });
     this.oauthService.setupAutomaticSilentRefresh();
  }

private loadConfig() {
    let authConfiguration: AuthConfig = {};
    authConfiguration.clientId = this.configService.config['clientId'];
    authConfiguration.issuer = this.configService.config['issuer'];
    authConfiguration.clientId = this.configService.config['clientId']; // The "Auth Code + PKCE" client
    authConfiguration.responseType = this.configService.config['responseType'];
    authConfiguration.redirectUri = window.location.origin +'/home';
    authConfiguration.scope = this.configService.config['scope']; // Ask offline_access to support refresh token refreshes
    authConfiguration.useSilentRefresh = this.configService.config['useSilentRefresh']; // Needed for Code Flow to suggest using iframe-based refreshes
    authConfiguration.silentRefreshTimeout = this.configService.config['silentRefreshTimeout']; // For faster testing
    authConfiguration.sessionChecksEnabled = this.configService.config['sessionChecksEnabled'];
    authConfiguration.showDebugInformation = this.configService.config['showDebugInformation']; // Also requires enabling "Verbose" level in devtools
    authConfiguration.clearHashAfterLogin = this.configService.config['clearHashAfterLogin']; // https://github.com/manfredsteyer/angular-oauth2-oidc/issues/457#issuecomment-431807040;
    authConfiguration.nonceStateSeparator = this.configService.config['nonceStateSeparator']; // Real semicolon gets mangled by IdentityServer's URI encoding;
    authConfiguration.strictDiscoveryDocumentValidation = this.configService.config['strictDiscoveryDocumentValidation'];

    return authConfiguration;
  }

config.json

{
    "issuer": "https://cognito-idp.eu-west-1.amazonaws.com/eu-west-1_XXXXXXX",
    "clientId": "3XXXXXXXXXXXXXXX2uc",
    "responseType": "code",
    "scope": "openid profile",
    "useSilentRefresh": true,
    "silentRefreshTimeout": 5000,
    "sessionChecksEnabled": true,
    "showDebugInformation": true,
    "clearHashAfterLogin": false,
    "nonceStateSeparator": "semicolon",
    "strictDiscoveryDocumentValidation": false,
    "AlwaysIncludeuserClaimsInIdToken": true
}

有人对这个问题有想法吗？

Answer 1

您尝试使用哪个流？您的配置定义了"responseType": "code",，它建议使用代码流。

然后，在您的代码中执行this.oauthService.initImplicitFlow()，这将使应用程序尝试使用隐式流登录。

根据IdP的配置方式和要使用的流，可以将responseType更改为token，也可以使用this.oauthService.initCodeFlow()。