Pra*_*era 6 local-storage openid-connect oidc-client-js angular oidc-client
我正在使用oidc-client 库在我的 Angular(9) 应用程序中与 Azure AD 集成。signinRedirect()&signinSilent()功能按预期工作。但是对于signinPopup(),它在浏览器 url 片段中成功获取了访问令牌,但它引发了下面提到的错误:
app.component.ts:83 错误:在 oidc-client.min.js:1 的存储中找不到匹配的状态
令人惊讶的是,在 signin-callback.html 中,当我将 response_type 作为 query 传递时var userManager = new Oidc.UserManager({response_mode: "query"});,登录弹出成功但登录重定向失败抱怨
错误:无状态响应
我最初关注了这篇文章。
这是我的服务代码:
import { Injectable } from '@angular/core';
import { UserManager, UserManagerSettings, User } from 'oidc-client';
import { environment } from 'src/environments/environment';
@Injectable({
providedIn: 'root'
})
export class AuthService {
private userManager: UserManager;
constructor() {
this.instantiate();
}
private instantiate() {
this.userManager = new UserManager(this.getOidcSettings());
}
public async signinRedirect(): Promise<any> {
return this.userManager.signinRedirect();
}
public async signinSilent(): Promise<User> {
return this.userManager.signinSilent();
}
public async signinPopup(): Promise<User> {
return this.userManager.signinPopup();
}
public async signoutRedirect(): Promise<any> {
this.userManager.signoutRedirect();
this.userManager.clearStaleState();
}
OIDC 设置:
const userManagerSettings: UserManagerSettings = {
client_id: 'my clientid',
authority: 'my authority',
redirect_uri: 'http://localhost:4200/assets/oidc/signin-callback.html',
silent_redirect_uri: 'http://localhost:4200/assets/oidc/silent-refresh-callback.html',
post_logout_redirect_uri: 'https://localhost:4200/',
response_type: 'token',
response_mode: 'fragment',
scope: 'my api scope',
loadUserInfo:false
};
登录回调.html
<!DOCTYPE html>
<html lang="en">
<head>
<script src="https://cdnjs.cloudflare.com/ajax/libs/oidc-client/1.10.1/oidc-client.min.js"></script>
<script>
var userManager = new Oidc.UserManager();
userManager.signinRedirectCallback().then(
(user) => {
alert('signin redirect successful.');
window.history.replaceState(
{},
window.document.title,
window.location.origin
);
window.location = '/';
},
(err) => {
alert('Error caught in signinRedirectCallback()');
console.log('Error caught in signinRedirectCallback().');
console.error(err);
}
);
userManager.signinPopupCallback().then(
(user) => {
alert('signin pop up successful.');
window.history.replaceState(
{},
window.document.title,
window.location.origin
);
window.location = '/';
},
(err) => {
alert('Error caught in signinPopupCallback()');
console.log('Error caught in signinPopupCallback().');
console.error(err);
}
);
</script>
</head>
<body></body>
</html>
静音刷新回调.html
<!DOCTYPE html>
<html lang="en">
<head>
<script src="https://cdnjs.cloudflare.com/ajax/libs/oidc-client/1.10.1/oidc-client.min.js"></script>
<script>
var userManager = new Oidc.UserManager();
userManager.signinSilentCallback().catch((err) => {
console.log('Error caught in signinSilentCallback().');
console.error(err);
});
</script>
</head>
<body></body>
</html>
我们遇到了类似的问题,部分用户间歇性地出现此错误。到目前为止,我们已经了解了发生这种情况的两个具体原因:
某些用户的系统时钟设置与当前实际时间相差超过 5 分钟(在 oidc-client-js 中,clockSkew 默认为 5 分钟)
一些用户共享并重复使用由 Identity Server 生成的唯一生成的登录 URL 和安全参数。可以使用身份服务器登录,但像随机数这样的安全变量不匹配(最终在 oidc-signin 回调中抛出“在存储中找不到匹配状态”错误)
| 归档时间: |
|
| 查看次数: |
5024 次 |
| 最近记录: |