Comments (7)
I tried to use this plugin today with Okta and I get an error that a nonce
parameter is not sent. Will solving this issue help that problem?
from generic-oauth2.
Currently the master is not really usable because I started rewriting the Android part and was interruped by other work.
I hope to get a usable version by the end of the upcoming week.
It would be nice if you could post your config for okta (excl. secrets and appId) so I might test as soon I start this task.
from generic-oauth2.
I was able to solve this issue in the browser by adding a nonce
parameter in src/web-utils.ts
:
Index: src/web-utils.ts
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/web-utils.ts (revision 9e08eb1f19fc6b6b01a42afa7166b06618f61c9a)
+++ src/web-utils.ts (date 1549148684000)
@@ -44,6 +44,9 @@
}
url += "&state=" + options.state;
}
+
+ url += "&nonce=" + this.randomString(10);
+
return encodeURI(url);
}
My Okta config is as follows:
export const oauth2Options: OAuth2AuthenticateOptions = {
appId: '0oaj77t71ilKMteVj0h7',
authorizationBaseUrl: 'https://dev-737523.oktapreview.com/oauth2/default/v1/authorize',
accessTokenEndpoint: 'https://dev-737523.oktapreview.com/oauth2/default/v1/token',
scope: 'email openid profile',
resourceUrl: 'https://dev-737523.oktapreview.com/oauth2/default/v1/userinfo',
web: {
redirectUrl: 'http://localhost:8100',
windowOptions: 'height=600,left=0,top=0'
},
ios: {
customScheme: 'healthpoints:/authorize'
}
};
You should be able to create your own Okta account at http://developer.okta.com/signup. Then create a new SPA with http://localhost:8100
as a login (and logout) redirect URI. I created a new Ionic app with tabs, then modified src/app.component.ts
to register this plugin.
Index: src/app/app.component.ts
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/app/app.component.ts (date 1549152470000)
+++ src/app/app.component.ts (date 1549152577000)
@@ -1,14 +1,16 @@
-import { Component } from '@angular/core';
+import { Component, OnInit } from '@angular/core';
import { Platform } from '@ionic/angular';
import { SplashScreen } from '@ionic-native/splash-screen/ngx';
import { StatusBar } from '@ionic-native/status-bar/ngx';
+import { registerWebPlugin } from '@capacitor/core';
+import { OAuth2Client } from '@byteowls/capacitor-oauth2';
@Component({
selector: 'app-root',
templateUrl: 'app.component.html'
})
-export class AppComponent {
+export class AppComponent implements OnInit {
constructor(
private platform: Platform,
private splashScreen: SplashScreen,
@@ -23,4 +25,10 @@
this.splashScreen.hide();
});
}
+
+ ngOnInit() {
+ console.log('Register custom capacitor plugins');
+ registerWebPlugin(OAuth2Client);
+ // other stuff
+ }
}
Then I modified tab1.page.html
to contain login and logout buttons.
Index: src/app/tab1/tab1.page.html
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/app/tab1/tab1.page.html (date 1549152470000)
+++ src/app/tab1/tab1.page.html (date 1549152744000)
@@ -14,10 +14,15 @@
<ion-card-title>Welcome to Ionic</ion-card-title>
</ion-card-header>
<ion-card-content>
- <p>Now that your app has been created, you'll want to start building out features and components. Check out some of the resources below for next steps.</p>
+ <p>Now that your app has been created, you'll want to start building out features and components. Log in to seem some resources for next steps.</p>
+ <ion-button *ngIf="!isAuthenticated" (click)="login()"> Login </ion-button>
+ <div *ngIf="isAuthenticated">
+ <p>Hi, {{ user?.email }}</p>
+ <ion-button (click)="logout()"> Logout </ion-button>
+ </div>
</ion-card-content>
</ion-card>
- <ion-list lines="none">
+ <ion-list lines="none" *ngIf="isAuthenticated">
<ion-list-header>
<ion-label>Resources</ion-label>
</ion-list-header>
And I changed tab1.page.ts
to have login()
and logout()
methods.
Index: src/app/tab1/tab1.page.ts
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/app/tab1/tab1.page.ts (date 1549152470000)
+++ src/app/tab1/tab1.page.ts (date 1549304856000)
@@ -1,8 +1,53 @@
import { Component } from '@angular/core';
+import { Plugins } from '@capacitor/core';
+import { OAuth2AuthenticateOptions } from '@byteowls/capacitor-oauth2';
+
+export const oauth2Options: OAuth2AuthenticateOptions = {
+ appId: '0oaj77t71ilKMteVj0h7',
+ authorizationBaseUrl: 'https://dev-737523.oktapreview.com/oauth2/default/v1/authorize',
+ accessTokenEndpoint: 'https://dev-737523.oktapreview.com/oauth2/default/v1/token',
+ scope: 'email openid profile',
+ resourceUrl: 'https://dev-737523.oktapreview.com/oauth2/default/v1/userinfo',
+ web: {
+ redirectUrl: 'http://localhost:8100',
+ windowOptions: 'height=600,left=0,top=0'
+ },
+ ios: {
+ customScheme: 'healthpoints:/authorize'
+ }
+};
@Component({
selector: 'app-tab1',
templateUrl: 'tab1.page.html',
styleUrls: ['tab1.page.scss']
})
-export class Tab1Page {}
+export class Tab1Page {
+ isAuthenticated: boolean = false;
+ user: any;
+
+ login() {
+ Plugins.OAuth2Client.authenticate(oauth2Options).then(resourceUrlResponse => {
+ const accessToken = resourceUrlResponse['access_token'];
+ const oauthUserId = resourceUrlResponse['id'];
+ const name = resourceUrlResponse['name'];
+ // go to backend
+ this.isAuthenticated = true;
+ this.user = resourceUrlResponse;
+ console.log('response', resourceUrlResponse);
+ }).catch(reason => {
+ console.error('OAuth rejected', reason);
+ });
+ }
+
+ logout() {
+ Plugins.OAuth2Client.logout(oauth2Options).then((response) => {
+ // do something
+ console.log('logout worked');
+ this.isAuthenticated = false;
+ this.user = null;
+ }).catch(reason => {
+ console.error('OAuth logout failed', reason);
+ });
+ }
+}
from generic-oauth2.
I'm happy to add the feature but for testing I need the help of the community because right now I only need the lib for Google and FB. Thx
from generic-oauth2.
Iād be happy to test with Keycloak and Okta!
from generic-oauth2.
@mraible thank you :)
from generic-oauth2.
Test config
{
appId: "id",
authorizationBaseUrl: "https://accounts.google.com/o/oauth2/auth",
accessTokenEndpoint: "https://www.googleapis.com/oauth2/v4/token",
scope: "email profile",
resourceUrl: "https://www.googleapis.com/userinfo/v2/me",
additionalParameters: {
"include_granted_scopes": "true"
},
web: {
redirectUrl: environment.redirectUrl,
windowOptions: this.OAUTH_WINDOW_OPTIONS,
additionalParameters: {
"access_type": "offline",
"include_granted_scopes": "true"
}
},
android: {
appId: environment.oauthAppId.google.android,
responseType: "code",
customScheme: "com.company.app:/",
additionalParameters: {
"access_type": "offline",
"include_granted_scopes": "true"
}
},
ios: {
appId: environment.oauthAppId.google.ios,
responseType: "code",
customScheme: "com.company.app:/",
additionalParameters: {
"access_type": "offline",
"include_granted_scopes": "true",
"": "invalidkey_is_removed",
"invalidvalue_is_removed": ""
}
},
}
Web: ok
The specific config with
"access_type": "offline",
is not supported for implicit flow by Google. There is an error but the feature works ;)
Android: ok
Additional parameters are correctly extracted and overwritten and passed to the AppAuth lib. The lib prevents usage of core openid params like 'display', 'prompt', 'login_hint',... in additional parameters. I'm going to extract them.
IOS: ok
Additional parameters are correctly extracted and overwritten. Only non empty String values are allowed.
from generic-oauth2.
Related Issues (20)
- Feat: Integration with trapeze to improve configuration
- Auth0 HOT 1
- Bug: Intent filter not working for redirection after login HOT 2
- Feat: Support Android 13 HOT 2
- Support for Capacitor 5 HOT 10
- Is there a way to get a login prompt? HOT 1
- Azure B2C ui_locales is directly supported via the auth request builder exception HOT 2
- I am not able to hide URL bar HOT 2
- accessTokenEndpoint quirk with django backend HOT 1
- Google with android says "Custom scheme URIs are not allowed for 'WEB' client type" HOT 3
- App Store Connect Issue
- Hide navigation bar and footer on iOS HOT 5
- Evidence of the use of safari
- Question: What kind of browser is used for login? HOT 1
- Feat: support universal links on iOS HOT 3
- Azure SSO; Response comes from azure, but does not come to authenticate
- capacitor-oauth2 - Azure SSO is not working in android and ios.Bug:
- Feat: Electron
- IOS 17 keyclock login not working
- Bug: Jest not working when using the plugin
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from generic-oauth2.