projects/lib/src/auth.config.ts
Properties |
|
constructor(json?: Partial
|
||||||
Defined in projects/lib/src/auth.config.ts:211
|
||||||
Parameters :
|
Public Optional clearHashAfterLogin |
clearHashAfterLogin:
|
Default value : true
|
Defined in projects/lib/src/auth.config.ts:60
|
Defines whether to clear the hash fragment after logging in. |
Public Optional clientId |
clientId:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:5
|
The client's id as registered with the auth server |
Public Optional customQueryParams |
customQueryParams:
|
Type : object
|
Default value : null
|
Defined in projects/lib/src/auth.config.ts:141
|
Map with additional query parameter that are appended to the request when initializing implicit flow. |
Public Optional disableAtHashCheck |
disableAtHashCheck:
|
Default value : false
|
Defined in projects/lib/src/auth.config.ts:182
|
This property has been introduced to disable at_hash checks and is indented for Identity Provider that does not deliver an at_hash EVEN THOUGH its recommended by the OIDC specs. Of course, when disabling these checks the we are bypassing a security check which means we are more vulnerable. |
Public Optional dummyClientSecret |
dummyClientSecret:
|
Type : string
|
Default value : null
|
Defined in projects/lib/src/auth.config.ts:114
|
Some auth servers don't allow using password flow w/o a client secreat while the standards do not demand for it. In this case, you can set a password here. As this passwort is exposed to the public it does not bring additional security and is therefore as good as using no password. |
Public Optional fallbackAccessTokenExpirationTimeInSec |
fallbackAccessTokenExpirationTimeInSec:
|
Type : number
|
Defined in projects/lib/src/auth.config.ts:203
|
According to rfc6749 it is recommended (but not required) that the auth server exposes the access_token's life time in seconds. This is a fallback value for the case this value is not exposed. |
Public Optional issuer |
issuer:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:50
|
The issuer's uri. |
Public Optional jwks |
jwks:
|
Type : object
|
Default value : null
|
Defined in projects/lib/src/auth.config.ts:135
|
JSON Web Key Set (https://tools.ietf.org/html/rfc7517) with keys used to validate received id_tokens. This is taken out of the disovery document. Can be set manually too. |
Public Optional loginUrl |
loginUrl:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:22
|
The auth server's endpoint that allows to log the user in when using implicit flow. |
Public Optional logoutUrl |
logoutUrl:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:55
|
The logout url. |
Public Optional nonceStateSeparator |
nonceStateSeparator:
|
Type : string
|
Default value : ';'
|
Defined in projects/lib/src/auth.config.ts:211
|
Public Optional oidc |
oidc:
|
Default value : true
|
Defined in projects/lib/src/auth.config.ts:37
|
Defines whether to use OpenId Connect during implicit flow. |
Public Optional openUri |
openUri:
|
Default value : uri => {
location.href = uri;
}
|
Defined in projects/lib/src/auth.config.ts:224
|
This property allows you to override the method that is used to open the login url, allowing a way for implementations to specify their own method of routing to new urls. |
Public Optional options |
options:
|
Type : any
|
Default value : null
|
Defined in projects/lib/src/auth.config.ts:45
|
Public Optional postLogoutRedirectUri |
postLogoutRedirectUri:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:16
|
An optional second redirectUri where the auth server redirects the user to after logging out. |
Public Optional redirectUri |
redirectUri:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:10
|
The client's redirectUri as registered with the auth server |
Public Optional requestAccessToken |
requestAccessToken:
|
Default value : true
|
Defined in projects/lib/src/auth.config.ts:43
|
Defines whether to request a access token during implicit flow. |
Public Optional requireHttps |
requireHttps:
|
Type : boolean | "remoteOnly"
|
Default value : 'remoteOnly'
|
Defined in projects/lib/src/auth.config.ts:122
|
Defines whether https is required. The default value is remoteOnly which only allows http for localhost, while every other domains need to be used with https. |
Public Optional resource |
resource:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:29
|
Public Optional responseType |
responseType:
|
Type : string
|
Default value : 'token'
|
Defined in projects/lib/src/auth.config.ts:73
|
Public Optional rngUrl |
rngUrl:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:31
|
Public Optional scope |
scope:
|
Type : string
|
Default value : 'openid profile'
|
Defined in projects/lib/src/auth.config.ts:27
|
The requested scopes |
Public Optional sessionCheckIFrameName |
sessionCheckIFrameName:
|
Type : string
|
Default value : 'angular-oauth-oidc-check-session-iframe'
|
Defined in projects/lib/src/auth.config.ts:173
|
Name of the iframe to use for session checks |
Public Optional sessionCheckIFrameUrl |
sessionCheckIFrameUrl:
|
Type : string
|
Default value : null
|
Defined in projects/lib/src/auth.config.ts:168
|
Url for the iframe used for session checks |
Public Optional sessionCheckIntervall |
sessionCheckIntervall:
|
Default value : 3 * 1000
|
Defined in projects/lib/src/auth.config.ts:163
|
Intervall in msec for checking the session according to http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification |
Public Optional sessionChecksEnabled |
sessionChecksEnabled:
|
Default value : false
|
Defined in projects/lib/src/auth.config.ts:157
|
If true, the lib will try to check whether the user is still logged in on a regular basis as described in http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification |
Public Optional showDebugInformation |
showDebugInformation:
|
Default value : false
|
Defined in projects/lib/src/auth.config.ts:79
|
Defines whether additional debug information should be shown at the console. |
Public Optional silentRefreshIFrameName |
silentRefreshIFrameName:
|
Type : string
|
Default value : 'angular-oauth-oidc-silent-refresh-iframe'
|
Defined in projects/lib/src/auth.config.ts:143
|
Public Optional silentRefreshMessagePrefix |
silentRefreshMessagePrefix:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:86
|
Public Optional silentRefreshRedirectUri |
silentRefreshRedirectUri:
|
Type : string
|
Default value : ''
|
Defined in projects/lib/src/auth.config.ts:84
|
The redirect uri used when doing silent refresh. |
Public Optional silentRefreshShowIFrame |
silentRefreshShowIFrame:
|
Default value : false
|
Defined in projects/lib/src/auth.config.ts:92
|
Set this to true to display the iframe used for silent refresh for debugging. |
Public Optional silentRefreshTimeout |
silentRefreshTimeout:
|
Type : number
|
Default value : 1000 * 20
|
Defined in projects/lib/src/auth.config.ts:104
|
Timeout for silent refresh. |
Public Optional skipIssuerCheck |
skipIssuerCheck:
|
Default value : false
|
Defined in projects/lib/src/auth.config.ts:196
|
Public Optional skipSubjectCheck |
skipSubjectCheck:
|
Default value : false
|
Defined in projects/lib/src/auth.config.ts:188
|
Public Optional strictDiscoveryDocumentValidation |
strictDiscoveryDocumentValidation:
|
Default value : true
|
Defined in projects/lib/src/auth.config.ts:128
|
Defines whether every url provided by the discovery document has to start with the issuer's url. |
Public Optional timeoutFactor |
timeoutFactor:
|
Type : number
|
Default value : 0.75
|
Defined in projects/lib/src/auth.config.ts:150
|
Defines when the token_timeout event should be raised. If you set this to the default value 0.75, the event is triggered after 75% of the token's life time. |
Public Optional tokenEndpoint |
tokenEndpoint:
|
Type : string
|
Default value : null
|
Defined in projects/lib/src/auth.config.ts:65
|
Url of the token endpoint as defined by OpenId Connect and OAuth 2. |
Public Optional useIdTokenHintForSilentRefresh |
useIdTokenHintForSilentRefresh:
|
Default value : false
|
Defined in projects/lib/src/auth.config.ts:190
|
Public Optional userinfoEndpoint |
userinfoEndpoint:
|
Type : string
|
Default value : null
|
Defined in projects/lib/src/auth.config.ts:71
|
Url of the userinfo endpoint as defined by OpenId Connect. |
export class AuthConfig {
/**
* The client's id as registered with the auth server
*/
public clientId? = '';
/**
* The client's redirectUri as registered with the auth server
*/
public redirectUri? = '';
/**
* An optional second redirectUri where the auth server
* redirects the user to after logging out.
*/
public postLogoutRedirectUri? = '';
/**
* The auth server's endpoint that allows to log
* the user in when using implicit flow.
*/
public loginUrl? = '';
/**
* The requested scopes
*/
public scope? = 'openid profile';
public resource? = '';
public rngUrl? = '';
/**
* Defines whether to use OpenId Connect during
* implicit flow.
*/
public oidc? = true;
/**
* Defines whether to request a access token during
* implicit flow.
*/
public requestAccessToken? = true;
public options?: any = null;
/**
* The issuer's uri.
*/
public issuer? = '';
/**
* The logout url.
*/
public logoutUrl? = '';
/**
* Defines whether to clear the hash fragment after logging in.
*/
public clearHashAfterLogin? = true;
/**
* Url of the token endpoint as defined by OpenId Connect and OAuth 2.
*/
public tokenEndpoint?: string = null;
/**
* Url of the userinfo endpoint as defined by OpenId Connect.
*
*/
public userinfoEndpoint?: string = null;
public responseType? = 'token';
/**
* Defines whether additional debug information should
* be shown at the console.
*/
public showDebugInformation? = false;
/**
* The redirect uri used when doing silent refresh.
*/
public silentRefreshRedirectUri? = '';
public silentRefreshMessagePrefix? = '';
/**
* Set this to true to display the iframe used for
* silent refresh for debugging.
*/
public silentRefreshShowIFrame? = false;
/**
* Timeout for silent refresh.
* @internal
* depreacted b/c of typo, see silentRefreshTimeout
*/
public siletRefreshTimeout?: number = 1000 * 20;
/**
* Timeout for silent refresh.
*/
public silentRefreshTimeout?: number = 1000 * 20;
/**
* Some auth servers don't allow using password flow
* w/o a client secreat while the standards do not
* demand for it. In this case, you can set a password
* here. As this passwort is exposed to the public
* it does not bring additional security and is therefore
* as good as using no password.
*/
public dummyClientSecret?: string = null;
/**
* Defines whether https is required.
* The default value is remoteOnly which only allows
* http for localhost, while every other domains need
* to be used with https.
*/
public requireHttps?: boolean | 'remoteOnly' = 'remoteOnly';
/**
* Defines whether every url provided by the discovery
* document has to start with the issuer's url.
*/
public strictDiscoveryDocumentValidation? = true;
/**
* JSON Web Key Set (https://tools.ietf.org/html/rfc7517)
* with keys used to validate received id_tokens.
* This is taken out of the disovery document. Can be set manually too.
*/
public jwks?: object = null;
/**
* Map with additional query parameter that are appended to
* the request when initializing implicit flow.
*/
public customQueryParams?: object = null;
public silentRefreshIFrameName? = 'angular-oauth-oidc-silent-refresh-iframe';
/**
* Defines when the token_timeout event should be raised.
* If you set this to the default value 0.75, the event
* is triggered after 75% of the token's life time.
*/
public timeoutFactor? = 0.75;
/**
* If true, the lib will try to check whether the user
* is still logged in on a regular basis as described
* in http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
*/
public sessionChecksEnabled? = false;
/**
* Intervall in msec for checking the session
* according to http://openid.net/specs/openid-connect-session-1_0.html#ChangeNotification
*/
public sessionCheckIntervall? = 3 * 1000;
/**
* Url for the iframe used for session checks
*/
public sessionCheckIFrameUrl?: string = null;
/**
* Name of the iframe to use for session checks
*/
public sessionCheckIFrameName? = 'angular-oauth-oidc-check-session-iframe';
/**
* This property has been introduced to disable at_hash checks
* and is indented for Identity Provider that does not deliver
* an at_hash EVEN THOUGH its recommended by the OIDC specs.
* Of course, when disabling these checks the we are bypassing
* a security check which means we are more vulnerable.
*/
public disableAtHashCheck? = false;
/*
* Defines wether to check the subject of a refreshed token after silent refresh.
* Normally, it should be the same as before.
*/
public skipSubjectCheck? = false;
public useIdTokenHintForSilentRefresh? = false;
/*
* Defined whether to skip the validation of the issuer in the discovery document.
* Normally, the discovey document's url starts with the url of the issuer.
*/
public skipIssuerCheck? = false;
/**
* According to rfc6749 it is recommended (but not required) that the auth
* server exposes the access_token's life time in seconds.
* This is a fallback value for the case this value is not exposed.
*/
public fallbackAccessTokenExpirationTimeInSec?: number;
/*
* final state sent to issuer is built as follows:
* state = nonce + nonceStateSeparator + additional state
* Default separator is ';' (encoded %3B).
* In rare cases, this character might be forbidden or inconvenient to use by the issuer so it can be customized.
*/
public nonceStateSeparator? = ';';
constructor(json?: Partial<AuthConfig>) {
if (json) {
Object.assign(this, json);
}
}
/**
* This property allows you to override the method that is used to open the login url,
* allowing a way for implementations to specify their own method of routing to new
* urls.
*/
public openUri?: ((uri: string) => void) = uri => {
location.href = uri;
};
}