Thanks for putting together this package!

Question for you, is there a way to disable the logging? I see that it's set to debug in the .js file, but I don't see a way to override that.

Thanks!

When a user is signed in and wants to sign out while currently still being on a route which needs authentication, the redirect to the sso app does not work if SignInType equals SignInType.Window. The sign out request is cancelled and immediately afterwards the vue app tries to sign in again (since the user is currently on a route with necessary authentication) but this request also gets cancelled.

Code to replicate issue

Repository: vue-oidc-client_signout-issue#3c0cf90

Screenshots (when trying to sign out while being on the secured route)

我使用SignInType.Popup弹框授权，登录后主窗体报错

Thanks for creating this library!

When using this library (transpiled) in IE, the callback-uri might be mounted to an incorrect route. In the getUrlPath(url) method there is already some code to help coping with the fact that IE omits the leading / in the path name. This is also where the bug seems to be, as when the path does not start with a /, a trailing / will be added. Will open a PR for this.

Hey,

really great plugin! Thanks for you effort.

I have issues when using the events with the Pinia store in Vue3.
I cannot update the store based on the events, because the Pinia store is not created yet (it gets created in the createApp function call).

Do you have any idea on how to work around this?

Thanks and best regards

Would be great if this library provide vuex integration/support. Welcome any ideas on how you would do this currently.

Hi,

Thanks for your work on this library.
Would it be possible to override the template for the redirect page?

Currently it just renders an empty div but I would like to show some layout, for example a spinner.

Thanks

Hi
I need to prevent page reloading, when I have done oidc.signIn()
is there some way to achieve this?

你好 ，请问支持vue3吗。要怎么适配呢

I'm not really an oidc pro, so this might be a simple to answer question.

I got a frontend application and only users associated with a specific role - role-a - shall be allowed to login. Some users got the role, others don't.

My current implementation:

mainOidc.events.addUserLoaded(() => {
  if (mainOidc.userProfile.roles === undefined || !mainOidc.userProfile.roles.includes('rola-a')) {
    window.alert('Not Allowed')
    mainOidc.signOut()
    return
  }
  // successfull login path ...
})

Problem with this approach: I can leave the current browser tab in a pending state and open another one with a protected route - I'm displayed as successfully logged in and got access. I guess the issue comes from a user entry in the userStore.

How can I prevent someone without a specific role to being added to the useStore or logged in at all?

This would be perfect if you exposed some functions to allow stop and starting silent renew for offline mode scenarios.

For reference this is what we need to be able to do.

IdentityModel/oidc-client-js#589 (comment)

If the stored state ends up containing an object with a circular reference, an error occurs during the _signinStart of the oidc-client.
This results in the signin process not succeeding.

The error comes from the oidc-client trying to store the state json in localStorage here.

Error:
TypeError: Converting circular structure to JSON
--> starting at object with constructor 'Or'
| property '$options' -> object with constructor 'Object'
| property 'router' -> object with constructor 'we'
--- property 'app' closes the circle
at JSON.stringify ()
at e.toStorageString (chunk-vendors.08958c8f.js:formatted:26453:30)
at chunk-vendors.08958c8f.js:formatted:26078:73

I am not exactly sure under what circumstances the circular reference is created in the Vue router that causes it, but I wonder if it is necessary to use the entire object for the state snapshots:
https://github.com/soukoku/vue-oidc-client/blob/master/vue3/src/vue-oidc-client.ts#L332
https://github.com/soukoku/vue-oidc-client/blob/master/vue3/src/vue-oidc-client.ts#L276

I think ultimately the full path of the route should already be enough to store here, making it more robust to what the vue-router does with the currentRoute object.

When I try to run "Yarn Start" after having downloaded this library in conjunction with vue-ssr, I get the following error:

Which seems to be Yarn having an issue with the ellipsis in VueOidcAuth.js in my node_modules directory.

Can you help identify why the library might be throwing this error?

Thanks!

Hello 👋 I was looking at using this repo for a project but noticed that the OIDC dependency (oidc-client-js) appears to have become unmaintained starting in the middle of 2021 (reference). I was wondering if there were any plans to move to a maintained OIDC dependency? I know that (AppAuth-JS) is maintained as the official TS/JS OIDC client, so I would assume that may be a strong contender? Thanks -- @codeape

Had this implemented and working for our clients with signInType.Popup. Changed it to signInType.Window since our clients didn't like popups and now after the user is authenticated I'm getting an infinite redirect loop. Why?

Hi there,
I want to logout from app but not from issuer
and the only way that I know for logout is "this.$oidc.signOut();"
would you help me out
thanks

WebStorageStateStore
Whether it can be replaced with a different caching policy

Why should these be hardcoded and not configurable?
${appUrl}auth/signinsilent/${authName};
${appUrl}auth/signinwin/${authName};
${appUrl}auth/signinpop/${authName};

What happens if/when we want to use a provider that doesn't allow us to configure these endpoints?

Hi. I did all by documentation, but now I have few problems

1. UserManager.getUser: user not found in storage.

Storage like this:

length: 278
loglevel:webpack-dev-server: "SILENT"
oidc.0a6184cef9694f76aa314a2cb87d5738: "{"id":"0a6184cef9694f76aa314a2cb87d5738","data":{"to":{"meta":{"authName":"main"},"path":"/ru/profile","hash":"","query":{"state":"741fdf769fdd42a3b6ad63fc0f60a49e","session_state":"f48204f8....

2. then i have this message
   UserManager.signinRedirect: successful

and infinite redirect

I want to try the sample vue app to use with identity server. When I run npm install, I get the following error. How to I get around with this? Thanks

C:\Users\foo\source\repos\vue-oidc-client>npm install
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/eslint
npm ERR! dev eslint@"^7.2.0" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer eslint@"^5.0.0 || ^6.0.0" from [email protected]
npm ERR! node_modules/eslint-plugin-vue
npm ERR! dev eslint-plugin-vue@"^6.2.2" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR!
npm ERR! See C:\Users\foo\AppData\Local\npm-cache\eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\foo\AppData\Local\npm-cache_logs\2021-04-04T18_19_51_495Z-debug.log

I have incorporated the vue-oidc-client into my Vue SPA. I can see in the Chrome network trace a successful flow (i.e. authorize?client_id, auth/signinwin/main?code, /connect/checksession, /connect/token, etc.) that results in a proper user session. The user session information, ala {{ $oidc.userProfile }}, even renders on the page in the Vue components -- very briefly.

But instantly afterwards, a new flow is being initiated. I can see two attempts in the Chrome network trace for another authorize?client_id, these with redirect_uri, the scope, and the prompt all being different than what was specified in my createOidcAuth object and my original flow. The "prompt: none", the auth/signinsilent redirect_uri, and my Google investigations indicates to me this some kind of "silent refresh". These silent refreshes are being rejected by the identity server, with error: login_required. This causes the session info to get blown away, and disappear off the screen.

(FWIW, the identity server is an existing, internal, deployed identity server our company created and used by several teams. It does some handover process to Microsoft Azure AD on the backend, and for that reason, I can see some extra redirects bouncing around, versus what might be normal for a trace, but the end result is good. I've used it for other web apps in other programming languages. My configuration of the client secret might be in doubt, but the correctness of the identity server shouldn't be.)

Do I need to add more code to handle these silent refreshes? Is it normal for them to occur so quickly, given the response to the /connect/token call includes an "expires_in":3600 with the JWT? Can I turn them off?

I noticed you added this commit Missed exporting LogLevel definition. 26 days ago but there has not been a release since. I just tried to use the library today using typescript and it complained about the LogLevel. Do you need to do another release to fix this or should should I be doing something my end?

P.S. Thanks for a great lib

Uncaught TypeError: r.addRoute is not a function at Vue.useRouter (vue-oidc-client.umd.min.js?66a5:1) at eval (index.js?a18c:57) at Module../src/router/index.js (app.js:2812) at __webpack_require__ (app.js:849) at fn (app.js:151) at eval (main.js:12) at Module../src/main.js (app.js:2776) at __webpack_require__ (app.js:849) at fn (app.js:151) at Object.1 (app.js:3029)
What's causing this?

In order to access an API a need to add the current token to API client's default headers for Axios. How can I?

Hello, first of all great project, very easy to set up.

This morning when I started my app my cookie had expired.
I received an error "Frame window timed out" I had to manually refresh my app to let it redirect to identity server login page, also when I manually delete the cookie nothing happend.

Also is it possible to handle a situation when the authority server is down?

Now I just receive:

JsonService.getJson: network error
SessionMonitor._start: Error from getCheckSessionIframe: Network Error

Thanks in advance

Problem

npm pulled package does not have full typescript bindings

Cause

There's a full typescript binding written in src/VueOidcAuth.d.ts however, itis being stripped out of the distributed package due to package.json settings

• The package.json references the "typings" at L10 - ts files are excluded from src at L13.

Suggested fix

The .ts extension should be allowed in L13 of package.json

Workaround

In the interim I took the file and added it to my own src/ dir. I then wrapped the contents in declare module "vue-oidc-client" {}.

Hi

I think it would be a nice addition to be able to hook into the stages of the authentication, so that state can be set when the authentication has succeeded. For that probably some of the methods of oidc-client would have to be exposed.

What do you think?

Hi there,

how do I switch off the automaticSilenetRenew? Or at least: How can I reduce the interval of the renew calls?
I added it as 'false' in the createOIDCAuth in auth.js, but to no effect...
It runs every second, I would expect it to run once only when the token is about to expire.

Any help appreciated!
Thank you very much :-)
Nils