UNPKG

angular-oauth2-oidc-codeflow-pkce

Version:

[![Build Status](https://travis-ci.org/bechhansen/angular-oauth2-oidc.svg?branch=master)](https://travis-ci.org/bechhansen/angular-oauth2-oidc)

github.com/bipiane/angular-oauth2-oidc

bipiane/angular-oauth2-oidc

174 lines (173 loc) 5.47 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
export declare class AuthConfig { /** * The client's id as registered with the auth server */ clientId?: string; /** * The client's redirectUri as registered with the auth server */ redirectUri?: string; /** * An optional second redirectUri where the auth server * redirects the user to after logging out. */ postLogoutRedirectUri?: string; /** * The auth server's endpoint that allows to log * the user in when using implicit flow. */ loginUrl?: string; /** * The requested scopes */ scope?: string; resource?: string; rngUrl?: string; /** * Defines whether to use OpenId Connect during * implicit flow. */ oidc?: boolean; /** * Defines whether to request a access token during * implicit flow. */ requestAccessToken?: boolean; options?: any; /** * The issuer's uri. */ issuer?: string; /** * The logout url. */ logoutUrl?: string; /** * Defines whether to clear the hash fragment after logging in. */ clearHashAfterLogin?: boolean; /** * Url of the token endpoint as defined by OpenId Connect and OAuth 2. */ tokenEndpoint?: string; /** * Url of the custom userinfo endpoint */ customUserinfoEndpoint?: string; /** * Url of the userinfo endpoint as defined by OpenId Connect. * */ userinfoEndpoint?: string; responseType?: string; /** * Defines whether additional debug information should * be shown at the console. */ showDebugInformation?: boolean; /** * The redirect uri used when doing silent refresh. */ silentRefreshRedirectUri?: string; silentRefreshMessagePrefix?: string; /** * Set this to true to display the iframe used for * silent refresh for debugging. */ silentRefreshShowIFrame?: boolean; /** * Timeout for silent refresh. * @internal * depreacted b/c of typo, see silentRefreshTimeout */ siletRefreshTimeout?: number; /** * Timeout for silent refresh. */ silentRefreshTimeout?: number; /** * Some auth servers don't allow using password flow * w/o a client secreat while the standards do not * demand for it. In this case, you can set a password * here. As this passwort is exposed to the public * it does not bring additional security and is therefore * as good as using no password. */ dummyClientSecret?: string; /** * Defines whether https is required. * The default value is remoteOnly which only allows * http for localhost, while every other domains need * to be used with https. */ requireHttps?: boolean | 'remoteOnly'; /** * Defines whether every url provided by the discovery * document has to start with the issuer's url. */ strictDiscoveryDocumentValidation?: boolean; /** * JSON Web Key Set (https://tools.ietf.org/html/rfc7517) * with keys used to validate received id_tokens. * This is taken out of the disovery document. Can be set manually too. */ jwks?: object; /** * Map with additional query parameter that are appended to * the request when initializing implicit flow. */ customQueryParams?: object; silentRefreshIFrameName?: string; /** * Defines when the token_timeout event should be raised. * If you set this to the default value 0.75, the event * is triggered after 75% of the token's life time. */ timeoutFactor?: number; /** * If true, the lib will try to check whether the user * is still logged in on a regular basis as described * in http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification */ sessionChecksEnabled?: boolean; /** * Intervall in msec for checking the session * according to http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification */ sessionCheckIntervall?: number; /** * Url for the iframe used for session checks */ sessionCheckIFrameUrl?: string; /** * Name of the iframe to use for session checks */ sessionCheckIFrameName?: string; /** * This property has been introduced to disable at_hash checks * and is indented for Identity Provider that does not deliver * an at_hash EVEN THOUGH its recommended by the OIDC specs. * Of course, when disabling these checks the we are bypassing * a security check which means we are more vulnerable. */ disableAtHashCheck?: boolean; skipSubjectCheck?: boolean; useIdTokenHintForSilentRefresh?: boolean; skipIssuerCheck?: boolean; /** * According to rfc6749 it is recommended (but not required) that the auth * server exposes the access_token's life time in seconds. * This is a fallback value for the case this value is not exposed. */ fallbackAccessTokenExpirationTimeInSec?: number; nonceStateSeparator?: string; useHttpBasicAuthForPasswordFlow?: boolean; disableNonceCheck?: boolean; constructor(json?: Partial<AuthConfig>); /** * This property allows you to override the method that is used to open the login url, * allowing a way for implementations to specify their own method of routing to new * urls. */ openUri?: ((uri: string) => void); }