From e53a16452d73d47e9a2f1581631c17613c83718d Mon Sep 17 00:00:00 2001 From: dajomo Date: Mon, 23 May 2016 13:49:44 +1000 Subject: [PATCH 1/6] Add support for OIDC acr_values parameter --- README.md | 7 +++++++ dist/angularJsOAuth2.js | 9 +++++++-- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f112931..4a0c82f 100644 --- a/README.md +++ b/README.md @@ -70,6 +70,7 @@ silent-token-redirect-url|*(Optional)* If specified this will enable silent toke state |*(Optional)* The value to use for CSRF protection. If not specified then a value will be autogenerated. template |*(Optional)* The Angular template to use for the sign in and out buttons. token-storage-handler |*(Optional)* Allows a custom token storage strategy to be used. See Token Storage below. +acr-values |*(Optional)* Allows custom parameters to be passed to the server authentication context ## Token Storage / State Management @@ -153,6 +154,12 @@ A variety of events are raised to indicate a change in state or communicate impo oauth2:authError |An error occurred in the authentication process. The error is supplied as the event payload. oauth2:authExpired |The token has expired. The token is supplied as the event payload. oauth2:authSuccess |Indicates authorization has succeeded and a token returned. The token is supplied as the event payload. + +## ACR Values + +A space seperated string of name:value pairs that allow the client to pass context information to the server if required. This can allow selection of a specific tenant for example. + + ## Thanks diff --git a/dist/angularJsOAuth2.js b/dist/angularJsOAuth2.js index 04fa30f..e458c26 100755 --- a/dist/angularJsOAuth2.js +++ b/dist/angularJsOAuth2.js @@ -212,6 +212,9 @@ if( performSilently ) { url = url + "&prompt=none"; } + if (service.acrValues) { + url += '&acr_values=' + encodeURIComponent(service.acrValues); + } return url; } @@ -283,7 +286,7 @@ if (!params.nonce && params.autoGenerateNonce) { params.nonce = generateState(); - } + } service.nonce = params.nonce; service.clientId= params.clientId; service.redirectUrl= params.redirectUrl; @@ -297,6 +300,7 @@ if (params.signOutAppendToken == 'true') { service.appendSignoutToken = true; } + service.acrValues = params.acrValues; }; return service; @@ -331,7 +335,8 @@ silentTokenRedirectUrl: '@', // url to use for silently renewing access tokens, default behaviour is not to do nonce: '@?', // nonce value, optional. If unspecified or an empty string and autoGenerateNonce is true then a nonce will be auto-generated autoGenerateNonce: '=?', // Should a nonce be autogenerated if not supplied. Optional and defaults to true. - tokenStorageHandler: '=' + tokenStorageHandler: '=', + acrValues: '@' // Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this authentication request } }; From 782e5bffc7e1637b3524bd98b59c649c75e2966a Mon Sep 17 00:00:00 2001 From: dajomo Date: Wed, 24 Aug 2016 09:20:20 +1000 Subject: [PATCH 2/6] Add signOut event handler Allows the signOut function to be executed by other parts of the UI, when an idle timeout has been observed for example. --- dist/angularJsOAuth2.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/dist/angularJsOAuth2.js b/dist/angularJsOAuth2.js index e458c26..bf34c4e 100755 --- a/dist/angularJsOAuth2.js +++ b/dist/angularJsOAuth2.js @@ -419,6 +419,11 @@ }); scope.signedIn = accessToken.set() !== null; $rootScope.$on('$routeChangeStart', routeChangeHandler); + + $rootScope.$on("oauth2:signOut", function () { + //allow signout to be triggered remotely + scope.signOut(); + }); } scope.$watch('clientId', function(value) { init(); }); From cdcff180c2b9b31eb72cd0e56d5392a58a7dba0f Mon Sep 17 00:00:00 2001 From: dajomo Date: Fri, 26 Aug 2016 14:28:58 +1000 Subject: [PATCH 3/6] Change silent-renew path check When Angular SPA is hosted in IIS, URL Rewriting must be employed to send all requests to the SPA, otherwise IIS will return 404 on all non-default requests, such as /silent-renew. When the rewrite is used, the path changes a little in the browser and so we need to check the absUrl instead of the path value to check for an silent-renew request. --- dist/angularJsOAuth2.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/dist/angularJsOAuth2.js b/dist/angularJsOAuth2.js index bf34c4e..75603a5 100755 --- a/dist/angularJsOAuth2.js +++ b/dist/angularJsOAuth2.js @@ -388,7 +388,7 @@ }); scope.$on('oauth2:authSuccess', function() { if (scope.silentTokenRedirectUrl.length > 0) { - if( $location.path().indexOf("/silent-renew") == 0 ) { + if( $location.absUrl().indexOf("/silent-renew") >= 0 ) { // A 'child' frame has successfully authorised an access token. if (window.top && window.parent && window !== window.top) { var hash = hash || window.location.hash; @@ -403,7 +403,7 @@ } }); scope.$on('oauth2:authError', function() { - if( $location.path().indexOf("/silent-renew") == 0 && window.top && window.parent && window !== window.top) { + if( $location.absUrl().indexOf("/silent-renew") >= 0 && window.top && window.parent && window !== window.top) { // A 'child' frame failed to authorize. window.parent.postMessage("oauth2.silentRenewFailure", location.protocol + "//" + location.host); } From 095ef875d7c62037bea537ceccf0a562f06eb57d Mon Sep 17 00:00:00 2001 From: Michael Tuttle Date: Mon, 7 Nov 2016 13:30:02 +1000 Subject: [PATCH 4/6] Version references --- bower.json | 4 ++-- package.json | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bower.json b/bower.json index 7c4713b..7680eb4 100644 --- a/bower.json +++ b/bower.json @@ -1,7 +1,7 @@ { "name": "AngularJS-OAuth2", - "version": "1.2.0", - "homepage": "https://github.com/JamesRandall/AngularJS-OAuth2", + "version": "1.2.5", + "homepage": "https://github.com/firstmac/AngularJS-OAuth2", "authors": [ "James Randall" ], diff --git a/package.json b/package.json index 6f6b875..89edb2e 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "angularjs-oauth2", - "version": "1.2.1", + "version": "1.2.5", "description": "Bower and npm package for allowing an AngularJS application to authenticate with an OAuth 2 / Open ID Connect identity provider using the implicit flow.", "main": "dist/angularJsOAuth2.js", "scripts": { @@ -8,7 +8,7 @@ }, "repository": { "type": "git", - "url": "https://github.com/JamesRandall/AngularJS-OAuth2.git" + "url": "https://github.com/firstmac/AngularJS-OAuth2.git" }, "keywords": [ "angularjs", @@ -20,12 +20,12 @@ "authentication", "authorization" ], - "author": "James Randall", + "author": "Firstmac", "license": "MIT", "bugs": { - "url": "https://github.com/JamesRandall/AngularJS-OAuth2/issues" + "url": "https://github.com/firstmac/AngularJS-OAuth2/issues" }, - "homepage": "https://github.com/JamesRandall/AngularJS-OAuth2", + "homepage": "https://github.com/firstmac/AngularJS-OAuth2", "devDependencies": { "grunt": "^0.4.5", "karma-script-launcher": "^0.1.0", From 8ce00b8981a29983a2a0c044cc689ef1603bcb82 Mon Sep 17 00:00:00 2001 From: Scott Austen Date: Mon, 7 Nov 2016 13:47:33 +1000 Subject: [PATCH 5/6] version/author --- bower.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bower.json b/bower.json index 7680eb4..7f3ef42 100644 --- a/bower.json +++ b/bower.json @@ -1,9 +1,9 @@ { - "name": "AngularJS-OAuth2", + "name": "angularjs-oauth2", "version": "1.2.5", "homepage": "https://github.com/firstmac/AngularJS-OAuth2", "authors": [ - "James Randall" + "Firstmac" ], "description": "Adds OAuth 2 authentication support to AngularJS", "keywords": [ From 0a17e8221063fe1293ce2d34f83125a46e957b43 Mon Sep 17 00:00:00 2001 From: Scott Austen Date: Wed, 9 Nov 2016 14:30:44 +1000 Subject: [PATCH 6/6] bug fix for multiple oauth2 directives --- dist/angularJsOAuth2.js | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/dist/angularJsOAuth2.js b/dist/angularJsOAuth2.js index 75603a5..3561ed3 100755 --- a/dist/angularJsOAuth2.js +++ b/dist/angularJsOAuth2.js @@ -6,7 +6,7 @@ set: function(token, $window) { $window.sessionStorage.setItem('token', token); }, clear: function($window) { $window.sessionStorage.removeItem('token'); } }; - + function expired(token) { return (token && token.expires_at && new Date(token.expires_at) < new Date()); }; @@ -38,7 +38,7 @@ var token = getTokenFromHashParams(hash); if (token !== null) { setExpiresAt(token); - tokenStorage.set(JSON.stringify(token), $window) + tokenStorage.set(JSON.stringify(token), $window) } return token; } @@ -99,8 +99,8 @@ } } } - - if (service.token === null) { + + if (service.token === null) { service.token = getSessionToken($window); if (service.token === undefined) { service.token = null; @@ -127,7 +127,7 @@ $rootScope.$broadcast('oauth2:authError', 'Suspicious callback'); } } - + return service.token; }; @@ -142,7 +142,7 @@ // Auth interceptor - if token is missing or has expired this broadcasts an authRequired event angular.module('oauth2.interceptor', []).factory('OAuth2Interceptor', ['$rootScope', '$q', '$window', function ($rootScope, $q, $window) { - + var service = { request: function(config) { var token = getSessionToken($window); @@ -277,7 +277,7 @@ window.location.replace(url); } }; - + service.init = function(params) { function generateState() { var text = ((Date.now() + Math.random()) * Math.random()).toString().replace(".",""); @@ -286,7 +286,7 @@ if (!params.nonce && params.autoGenerateNonce) { params.nonce = generateState(); - } + } service.nonce = params.nonce; service.clientId= params.clientId; service.redirectUrl= params.redirectUrl; @@ -419,7 +419,7 @@ }); scope.signedIn = accessToken.set() !== null; $rootScope.$on('$routeChangeStart', routeChangeHandler); - + $rootScope.$on("oauth2:signOut", function () { //allow signout to be triggered remotely scope.signOut(); @@ -431,6 +431,7 @@ scope.signedIn = false; scope.signIn = function() { + endpoint.init(scope); //endpoint is singleton - if there is more than one oauth2 directive need to configured to this scope. $window.sessionStorage.setItem('oauthRedirectRoute', $location.path()); endpoint.authorize(); }