Add support for OIDC acr_values parameter

README.md

@@ -70,6 +70,7 @@ silent-token-redirect-url|*(Optional)* If specified this will enable silent toke
 state                    |*(Optional)* The value to use for CSRF protection. If not specified then a value will be autogenerated.
 template                 |*(Optional)* The Angular template to use for the sign in and out buttons.
 token-storage-handler    |*(Optional)* Allows a custom token storage strategy to be used. See Token Storage below.
+acr-values               |*(Optional)* Allows custom parameters to be passed to the server authentication context
 
 ## Token Storage / State Management
 
@@ -153,6 +154,12 @@ A variety of events are raised to indicate a change in state or communicate impo
 oauth2:authError   |An error occurred in the authentication process. The error is supplied as the event payload.
 oauth2:authExpired |The token has expired. The token is supplied as the event payload.
 oauth2:authSuccess |Indicates authorization has succeeded and a token returned. The token is supplied as the event payload.
+
+## ACR Values
+
+A space seperated string of name:value pairs that allow the client to pass context information to the server if required. This can allow selection of a specific tenant for example.
+
+    <oauth2 ... acr-values="tenant:tenantName" ...></oauth2>
 
 ## Thanks
 

bower.json

@@ -1,9 +1,9 @@
 {
-  "name": "AngularJS-OAuth2",
-  "version": "1.2.0",
-  "homepage": "https://github.com/JamesRandall/AngularJS-OAuth2",
+  "name": "angularjs-oauth2",
+  "version": "1.2.5",
+  "homepage": "https://github.com/firstmac/AngularJS-OAuth2",
   "authors": [
-    "James Randall"
+    "Firstmac"
   ],
   "description": "Adds OAuth 2 authentication support to AngularJS",
   "keywords": [

dist/angularJsOAuth2.js

@@ -6,7 +6,7 @@
         set: function(token, $window) { $window.sessionStorage.setItem('token', token); },
         clear: function($window) { $window.sessionStorage.removeItem('token'); }
     };
-    
+
 	function expired(token) {
 		return (token && token.expires_at && new Date(token.expires_at) < new Date());
 	};
@@ -38,7 +38,7 @@
 			var token = getTokenFromHashParams(hash);
 			if (token !== null) {
 				setExpiresAt(token);
-                tokenStorage.set(JSON.stringify(token), $window)	
+                tokenStorage.set(JSON.stringify(token), $window)
 			}
 			return token;
 		}
@@ -99,8 +99,8 @@
 					}
 				}
 			}
-			
-			if (service.token === null) {			
+
+			if (service.token === null) {
 				service.token = getSessionToken($window);
 				if (service.token === undefined) {
 					service.token = null;
@@ -127,7 +127,7 @@
 					$rootScope.$broadcast('oauth2:authError', 'Suspicious callback');
 				}
 			}
-			
+
 
 			return service.token;
 		};
@@ -142,7 +142,7 @@
 
 	// Auth interceptor - if token is missing or has expired this broadcasts an authRequired event
 	angular.module('oauth2.interceptor', []).factory('OAuth2Interceptor', ['$rootScope', '$q', '$window',  function ($rootScope, $q, $window) {
-		
+
 		var service = {
 			request: function(config) {
 				var token = getSessionToken($window);
@@ -212,6 +212,9 @@
 			if( performSilently ) {
 				url = url + "&prompt=none";
 			}
+			if (service.acrValues) {
+				url += '&acr_values=' + encodeURIComponent(service.acrValues);
+			}
 			return url;
 		}
 
@@ -274,7 +277,7 @@
 				window.location.replace(url);
 			}
 		};
-		
+
 		service.init = function(params) {
 			function generateState() {
 				var text = ((Date.now() + Math.random()) * Math.random()).toString().replace(".","");
@@ -297,6 +300,7 @@
 			if (params.signOutAppendToken == 'true') {
 				service.appendSignoutToken = true;
 			}
+			service.acrValues = params.acrValues;
 		};
 
 		return service;
@@ -331,7 +335,8 @@
                     silentTokenRedirectUrl: '@',	// url to use for silently renewing access tokens, default behaviour is not to do
                     nonce: '@?',					// nonce value, optional. If unspecified or an empty string and autoGenerateNonce is true then a nonce will be auto-generated
                     autoGenerateNonce: '=?',	    // Should a nonce be autogenerated if not supplied. Optional and defaults to true.
-                    tokenStorageHandler: '='
+                    tokenStorageHandler: '=',
+					acrValues: '@'					// Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this authentication request
 				}
 			};
 
@@ -383,7 +388,7 @@
 				});
 				scope.$on('oauth2:authSuccess', function() {
 					if (scope.silentTokenRedirectUrl.length > 0) {
-						if( $location.path().indexOf("/silent-renew") == 0 ) {
+						if( $location.absUrl().indexOf("/silent-renew") >= 0 ) {
 							// A 'child' frame has successfully authorised an access token.
 							if (window.top && window.parent && window !== window.top) {
 								var hash = hash || window.location.hash;
@@ -398,7 +403,7 @@
 					}
 				});
 				scope.$on('oauth2:authError', function() {
-					if( $location.path().indexOf("/silent-renew") == 0 && window.top && window.parent && window !== window.top) {
+					if( $location.absUrl().indexOf("/silent-renew") >= 0 && window.top && window.parent && window !== window.top) {
 						// A 'child' frame failed to authorize.
 						window.parent.postMessage("oauth2.silentRenewFailure", location.protocol + "//" + location.host);
 					}
@@ -414,13 +419,19 @@
 				});
 				scope.signedIn = accessToken.set() !== null;
 				$rootScope.$on('$routeChangeStart', routeChangeHandler);
+
+				$rootScope.$on("oauth2:signOut", function () {
+                    //allow signout to be triggered remotely
+				    scope.signOut();
+				});
 			}
 
 			scope.$watch('clientId', function(value) { init(); });
 
 			scope.signedIn = false;
 
 			scope.signIn = function() {
+        endpoint.init(scope); //endpoint is singleton - if there is more than one oauth2 directive need to configured to this scope.
 				$window.sessionStorage.setItem('oauthRedirectRoute', $location.path());
 				endpoint.authorize();
 			}

package.json

@@ -1,14 +1,14 @@
 {
   "name": "angularjs-oauth2",
-  "version": "1.2.1",
+  "version": "1.2.5",
   "description": "Bower and npm package for allowing an AngularJS application to authenticate with an OAuth 2 / Open ID Connect identity provider using the implicit flow.",
   "main": "dist/angularJsOAuth2.js",
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"
   },
   "repository": {
     "type": "git",
-    "url": "https://github.com/JamesRandall/AngularJS-OAuth2.git"
+    "url": "https://github.com/firstmac/AngularJS-OAuth2.git"
   },
   "keywords": [
     "angularjs",
@@ -20,12 +20,12 @@
     "authentication",
     "authorization"
   ],
-  "author": "James Randall",
+  "author": "Firstmac",
   "license": "MIT",
   "bugs": {
-    "url": "https://github.com/JamesRandall/AngularJS-OAuth2/issues"
+    "url": "https://github.com/firstmac/AngularJS-OAuth2/issues"
   },
-  "homepage": "https://github.com/JamesRandall/AngularJS-OAuth2",
+  "homepage": "https://github.com/firstmac/AngularJS-OAuth2",
   "devDependencies": {
     "grunt": "^0.4.5",
     "karma-script-launcher": "^0.1.0",