GithubHelp home page GithubHelp logo

Comments (9)

maxmantz avatar maxmantz commented on July 30, 2024

The user object returned after successful authentication has its claims stored in the profile.

Try this:

var sub = userManager.signinRedirectCallback()
                .then(function(user) { return user.profile.sub });

from oidc-client-js.

gingters avatar gingters commented on July 30, 2024

No, I'm afraid the profile property is always undefined.

from oidc-client-js.

maxmantz avatar maxmantz commented on July 30, 2024

That is strange - this method works for me. Are there any errors being thrown during redirection? Could it be that your separate installation of jsrsassign is crashing the build of the oidc-client and preventing it from executing correctly?

Note: even though this library is not explicitly exposing jsrsassign you can still access it like this:

var jsrsassign = require('jsrsassign');
or
import jsrsassign from 'jsrsassign'; (ES6)

Since it is a dependency of this library, you don't ever need to install it separately.

from oidc-client-js.

gingters avatar gingters commented on July 30, 2024

No. As I already said in my OP: The code is very explicit in not setting the profile when there is no openid scope requested:

oidc-client-js/src/ResponseValidator.js

Lines 127 to 149 in 178d19f

if (response.isOpenIdConnect) {
Log.info("response is OIDC, processing claims");
response.profile = this._filterProtocolClaims(response.profile);
if (this._settings.loadUserInfo && response.access_token) {
Log.info("loading user info");
return this._userInfoService.getClaims(response.access_token).then(claims => {
response.profile = this._mergeClaims(response.profile, claims);
Log.info("user info claims received, updated profile:", response.profile);
return response;
});
}
else {
Log.info("not loading user info");
}
}
else {
Log.info("response is not OIDC, not processing claims");
}

from oidc-client-js.

maxmantz avatar maxmantz commented on July 30, 2024

I see - I didn't get that from your OP. Sorry, I can't help you there I'm afraid.

from oidc-client-js.

gingters avatar gingters commented on July 30, 2024

Okay, to work around this I now tried to also request an id_token with the openid scope.

However, now the call to

userManager.signinRedirectCallback()
            .then(function(user) { return user.profile.sub });

neither resolves nor rejects, as in the code in thennever gets called at all.

This is my log output in the browser console:

oidc-client.min.js:3 UserManager.signinRedirectCallback
oidc-client.min.js:3 RedirectNavigator.url
oidc-client.min.js:3 _signinEnd
oidc-client.min.js:3 OidcClient.processSigninResponse
oidc-client.min.js:3 UrlUtility.parseUrlFragment
oidc-client.min.js:3 WebStorageStateStore.remove 654ea5e7e0684fb4afe45e5fb91bbab4

and then nothing happens anymore.

from oidc-client-js.

maxmantz avatar maxmantz commented on July 30, 2024

Hard to tell from afar what could be causing this. I can only make a few wild guesses here:

  1. What is the response_type of your settings? - try id_token token to make sure you get the access token as well as the ID token.
  2. What browser are you using? - It could be that older browsers are not handling promises correctly. You might need the es6-promise-polyfill for this to work.
  3. Did you assign the call to userManager.signinRedirectCallback() to a variable (see my example)?

This is what I can come up with from the top of my head. I suppose @brockallen needs to have a look at this.

from oidc-client-js.

brockallen avatar brockallen commented on July 30, 2024

I get back the access_token and need to get a value from it's payload, specifically the "sub" / "subject" value.

This is not how the protocols are designed. The access_token is only meant to be used at an API, and not inspected by the client. If you don't request the openid scope, then you're not doing authentication and thus there's no proof of user identity to the client. So as you discovered, you need to include openid scope and also request an id_token.

As for this:

userManager.signinRedirectCallback()
.then(function(user) { return user.profile.sub });

Are you then putting this into another promise somewhere that you're resolving? My comment is that the return in here is suspect given that I don't see the rest of the code/context.

from oidc-client-js.

brockallen avatar brockallen commented on July 30, 2024

Any update?

from oidc-client-js.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    πŸ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. πŸ“ŠπŸ“ˆπŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❀️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.