Comments (9)
The user object returned after successful authentication has its claims stored in the profile
.
Try this:
var sub = userManager.signinRedirectCallback()
.then(function(user) { return user.profile.sub });
from oidc-client-js.
No, I'm afraid the profile
property is always undefined
.
from oidc-client-js.
That is strange - this method works for me. Are there any errors being thrown during redirection? Could it be that your separate installation of jsrsassign is crashing the build of the oidc-client
and preventing it from executing correctly?
Note: even though this library is not explicitly exposing jsrsassign you can still access it like this:
var jsrsassign = require('jsrsassign');
or
import jsrsassign from 'jsrsassign';
(ES6)
Since it is a dependency of this library, you don't ever need to install it separately.
from oidc-client-js.
No. As I already said in my OP: The code is very explicit in not setting the profile when there is no openid scope requested:
oidc-client-js/src/ResponseValidator.js
Lines 127 to 149 in 178d19f
from oidc-client-js.
I see - I didn't get that from your OP. Sorry, I can't help you there I'm afraid.
from oidc-client-js.
Okay, to work around this I now tried to also request an id_token
with the openid
scope.
However, now the call to
userManager.signinRedirectCallback()
.then(function(user) { return user.profile.sub });
neither resolves nor rejects, as in the code in then
never gets called at all.
This is my log output in the browser console:
oidc-client.min.js:3 UserManager.signinRedirectCallback
oidc-client.min.js:3 RedirectNavigator.url
oidc-client.min.js:3 _signinEnd
oidc-client.min.js:3 OidcClient.processSigninResponse
oidc-client.min.js:3 UrlUtility.parseUrlFragment
oidc-client.min.js:3 WebStorageStateStore.remove 654ea5e7e0684fb4afe45e5fb91bbab4
and then nothing happens anymore.
from oidc-client-js.
Hard to tell from afar what could be causing this. I can only make a few wild guesses here:
- What is the
response_type
of your settings? - tryid_token token
to make sure you get the access token as well as the ID token. - What browser are you using? - It could be that older browsers are not handling promises correctly. You might need the es6-promise-polyfill for this to work.
- Did you assign the call to
userManager.signinRedirectCallback()
to a variable (see my example)?
This is what I can come up with from the top of my head. I suppose @brockallen needs to have a look at this.
from oidc-client-js.
I get back the access_token and need to get a value from it's payload, specifically the "sub" / "subject" value.
This is not how the protocols are designed. The access_token is only meant to be used at an API, and not inspected by the client. If you don't request the openid scope, then you're not doing authentication and thus there's no proof of user identity to the client. So as you discovered, you need to include openid scope and also request an id_token.
As for this:
userManager.signinRedirectCallback()
.then(function(user) { return user.profile.sub });
Are you then putting this into another promise somewhere that you're resolving? My comment is that the return
in here is suspect given that I don't see the rest of the code/context.
from oidc-client-js.
Any update?
from oidc-client-js.
Related Issues (20)
- Add usePkce flag to allow authorization_code flow without PKCE HOT 4
- Redirect the user back after a signout followed by a signin? HOT 1
- Support for Code Flow PKCE with Refresh tokens HOT 12
- UserManager.signinRedirect() returns a resolved promise even when the redirection isn't finalized HOT 2
- Latest version appears vulnerable to CVE-2021-30246 HOT 8
- Default storage mechanism not working HOT 2
- Call oauth token endpoint with http GET instead of POST HOT 1
- Claims with uri as a key returned as array HOT 3
- index.d.ts - Type definitions fΓΌr Global class are missing HOT 1
- Metadata: How to handle key rotation by AD admin HOT 3
- Possibility to use with SAML 2.0 Bearer Profile HOT 1
- Issue with B2C when an accessToken AND idToken is present - accessToken does not contain userinfo_endpoint
- Cookies deleted but the tokens are still in Local Storage HOT 4
- Logout with POST method instead of GET HOT 2
- Path `id_token_hint` is longer than the maximum allowed length (50). HOT 3
- Slient renew openid-configuration is being canceled
- Help needed on , STS logout then silent renew force to sign in
- Looking for a new maintainer HOT 3
- Bearer token type casing? HOT 2
- login_required error in web browser console when calling `signinRedirectCallback`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oidc-client-js.