Some provider support options which are not defined in the OAuth2 standard.

I tried to use this plugin today with <a href="http://developer.okta.com" rel="nofollo

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Test config <div class="snippet-clipboard-content notranslate position-relative ov

Allow additional parameters about generic-oauth2 HOT 7 CLOSED

capacitor-community commented on August 10, 2024

Allow additional parameters

from generic-oauth2.

Comments (7)

mraible commented on August 10, 2024

I tried to use this plugin today with Okta and I get an error that a nonce parameter is not sent. Will solving this issue help that problem?

from generic-oauth2.

moberwasserlechner commented on August 10, 2024

Currently the master is not really usable because I started rewriting the Android part and was interruped by other work.

I hope to get a usable version by the end of the upcoming week.

It would be nice if you could post your config for okta (excl. secrets and appId) so I might test as soon I start this task.

from generic-oauth2.

mraible commented on August 10, 2024

I was able to solve this issue in the browser by adding a nonce parameter in src/web-utils.ts:

Index: src/web-utils.ts
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/web-utils.ts	(revision 9e08eb1f19fc6b6b01a42afa7166b06618f61c9a)
+++ src/web-utils.ts	(date 1549148684000)
@@ -44,6 +44,9 @@
             }
             url += "&state=" + options.state;
         }
+
+        url += "&nonce=" + this.randomString(10);
+        
         return encodeURI(url);
     }

My Okta config is as follows:

export const oauth2Options: OAuth2AuthenticateOptions = {
  appId: '0oaj77t71ilKMteVj0h7',
  authorizationBaseUrl: 'https://dev-737523.oktapreview.com/oauth2/default/v1/authorize',
  accessTokenEndpoint: 'https://dev-737523.oktapreview.com/oauth2/default/v1/token',
  scope: 'email openid profile',
  resourceUrl: 'https://dev-737523.oktapreview.com/oauth2/default/v1/userinfo',
  web: {
    redirectUrl: 'http://localhost:8100',
    windowOptions: 'height=600,left=0,top=0'
  },
  ios: {
    customScheme: 'healthpoints:/authorize'
  }
};

You should be able to create your own Okta account at http://developer.okta.com/signup. Then create a new SPA with http://localhost:8100 as a login (and logout) redirect URI. I created a new Ionic app with tabs, then modified src/app.component.ts to register this plugin.

Index: src/app/app.component.ts
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/app/app.component.ts	(date 1549152470000)
+++ src/app/app.component.ts	(date 1549152577000)
@@ -1,14 +1,16 @@
-import { Component } from '@angular/core';
+import { Component, OnInit } from '@angular/core';
 
 import { Platform } from '@ionic/angular';
 import { SplashScreen } from '@ionic-native/splash-screen/ngx';
 import { StatusBar } from '@ionic-native/status-bar/ngx';
+import { registerWebPlugin } from '@capacitor/core';
+import { OAuth2Client } from '@byteowls/capacitor-oauth2';
 
 @Component({
   selector: 'app-root',
   templateUrl: 'app.component.html'
 })
-export class AppComponent {
+export class AppComponent implements OnInit {
   constructor(
     private platform: Platform,
     private splashScreen: SplashScreen,
@@ -23,4 +25,10 @@
       this.splashScreen.hide();
     });
   }
+
+  ngOnInit() {
+    console.log('Register custom capacitor plugins');
+    registerWebPlugin(OAuth2Client);
+    // other stuff
+  }
 }

Then I modified tab1.page.html to contain login and logout buttons.

Index: src/app/tab1/tab1.page.html
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/app/tab1/tab1.page.html	(date 1549152470000)
+++ src/app/tab1/tab1.page.html	(date 1549152744000)
@@ -14,10 +14,15 @@
         <ion-card-title>Welcome to Ionic</ion-card-title>
       </ion-card-header>
       <ion-card-content>
-        <p>Now that your app has been created, you'll want to start building out features and components. Check out some of the resources below for next steps.</p>
+        <p>Now that your app has been created, you'll want to start building out features and components. Log in to seem some resources for next steps.</p>
+        <ion-button *ngIf="!isAuthenticated" (click)="login()"> Login </ion-button>
+        <div *ngIf="isAuthenticated">
+          <p>Hi, {{ user?.email }}</p>
+          <ion-button (click)="logout()"> Logout </ion-button>
+        </div>
       </ion-card-content>
     </ion-card>
-    <ion-list lines="none">
+    <ion-list lines="none" *ngIf="isAuthenticated">
       <ion-list-header>
         <ion-label>Resources</ion-label>
       </ion-list-header>

And I changed tab1.page.ts to have login() and logout() methods.

Index: src/app/tab1/tab1.page.ts
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/app/tab1/tab1.page.ts	(date 1549152470000)
+++ src/app/tab1/tab1.page.ts	(date 1549304856000)
@@ -1,8 +1,53 @@
 import { Component } from '@angular/core';
+import { Plugins } from '@capacitor/core';
+import { OAuth2AuthenticateOptions } from '@byteowls/capacitor-oauth2';
+
+export const oauth2Options: OAuth2AuthenticateOptions = {
+  appId: '0oaj77t71ilKMteVj0h7',
+  authorizationBaseUrl: 'https://dev-737523.oktapreview.com/oauth2/default/v1/authorize',
+  accessTokenEndpoint: 'https://dev-737523.oktapreview.com/oauth2/default/v1/token',
+  scope: 'email openid profile',
+  resourceUrl: 'https://dev-737523.oktapreview.com/oauth2/default/v1/userinfo',
+  web: {
+    redirectUrl: 'http://localhost:8100',
+    windowOptions: 'height=600,left=0,top=0'
+  },
+  ios: {
+    customScheme: 'healthpoints:/authorize'
+  }
+};
 
 @Component({
   selector: 'app-tab1',
   templateUrl: 'tab1.page.html',
   styleUrls: ['tab1.page.scss']
 })
-export class Tab1Page {}
+export class Tab1Page {
+  isAuthenticated: boolean = false;
+  user: any;
+
+  login() {
+    Plugins.OAuth2Client.authenticate(oauth2Options).then(resourceUrlResponse => {
+      const accessToken = resourceUrlResponse['access_token'];
+      const oauthUserId = resourceUrlResponse['id'];
+      const name = resourceUrlResponse['name'];
+      // go to backend
+      this.isAuthenticated = true;
+      this.user = resourceUrlResponse;
+      console.log('response', resourceUrlResponse);
+    }).catch(reason => {
+        console.error('OAuth rejected', reason);
+    });
+  }
+
+  logout() {
+    Plugins.OAuth2Client.logout(oauth2Options).then((response) => {
+      // do something
+      console.log('logout worked');
+      this.isAuthenticated = false;
+      this.user = null;
+    }).catch(reason => {
+        console.error('OAuth logout failed', reason);
+    });
+  }
+}

from generic-oauth2.

moberwasserlechner commented on August 10, 2024

I'm happy to add the feature but for testing I need the help of the community because right now I only need the lib for Google and FB. Thx

from generic-oauth2.

mraible commented on August 10, 2024

I’d be happy to test with Keycloak and Okta!

from generic-oauth2.

moberwasserlechner commented on August 10, 2024

@mraible thank you :)

from generic-oauth2.

moberwasserlechner commented on August 10, 2024

Test config

{
    appId: "id",
    authorizationBaseUrl: "https://accounts.google.com/o/oauth2/auth",
    accessTokenEndpoint: "https://www.googleapis.com/oauth2/v4/token",
    scope: "email profile",
    resourceUrl: "https://www.googleapis.com/userinfo/v2/me",
    additionalParameters: {
      "include_granted_scopes": "true"
    },
    web: {
      redirectUrl: environment.redirectUrl,
        windowOptions: this.OAUTH_WINDOW_OPTIONS,
        additionalParameters: {
          "access_type": "offline",
          "include_granted_scopes": "true"
       }
    },
    android: {
        appId: environment.oauthAppId.google.android,
        responseType: "code",
        customScheme: "com.company.app:/",
        additionalParameters: {
          "access_type": "offline",
          "include_granted_scopes": "true"
        }
      },
      ios: {
        appId: environment.oauthAppId.google.ios,
        responseType: "code",
        customScheme: "com.company.app:/",
        additionalParameters: {
          "access_type": "offline",
          "include_granted_scopes": "true",
          "": "invalidkey_is_removed",
          "invalidvalue_is_removed": ""
        }
      },
}

Web: ok
The specific config with

"access_type": "offline",

is not supported for implicit flow by Google. There is an error but the feature works ;)

Android: ok
Additional parameters are correctly extracted and overwritten and passed to the AppAuth lib. The lib prevents usage of core openid params like 'display', 'prompt', 'login_hint',... in additional parameters. I'm going to extract them.

IOS: ok
Additional parameters are correctly extracted and overwritten. Only non empty String values are allowed.

from generic-oauth2.

Allow additional parameters about generic-oauth2 HOT 7 CLOSED

Comments (7)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent