Angular 2 integration for Oauth 2 popup authorization

Question

Angular 2 integration for Oauth 2 popup authorization

I am in the process of updating an existing Angular application to utilize Angular 2. One challenge I am facing is opening an OAuth flow in a new pop-up window and then using window.postMessage to send a signal back to the Angular 2 app once the OAuth process is successfully completed.

The current setup in my Angular 2 service looks like this:

export class ApiService { 
    constructor(private _loggedInService: LoggedInService) {
        window.addEventListener('message', this.onPostMessage, false);
     }

    startOAuthFlow() {
       var options = 'left=100,top=10,width=400,height=500';
       window.open('http://site/connect-auth', , options);
    }

    onPostMessage(event) {
      if(event.data.status === "200") {
          // Use an EventEmitter to notify other components that user has logged in
          this._loggedInService.Stream.emit(null);
      }
    }

}

This is the template that is displayed at the end of the OAuth flow:

<html>
  <head>
    <title>OAuth callback</title>
    <script>
      var POST_ORIGIN_URI = 'localhost:8000';
      var message = {"status": "200", "jwt":"2"};
      window.opener.postMessage(message, POST_ORIGIN_URI);
      window.close();
    </script>
  </head>
</html>

Using window.addEventListener in this manner seems to disrupt the functionality of the Angular 2 app by losing reference to this.

So my question is whether it is appropriate to use window.addEventListener or if there is a better alternative than postMessage for communicating back to the Angular 2 app?

** I am relatively new to Angular 2 so any guidance would be greatly appreciated

javascript oauth typescript angular

Answer 1

Answer №1

If you're looking for a solid Angular2 OAuth2 skeleton application, I've got one available on Github that you might find helpful.

This application utilizes an Auth service for OAuth2 Implicit grants, which relies on a Window service to handle the popup window creation. It then keeps track of that window to retrieve the access token from the URL.

You can check out the demo OAuth2 Angular code (with Webpack) here.

Below is a snippet from the login routine in the Auth service, providing insights into the process without diving into the entire project. I've included some extra comments to guide you through it.

public doLogin() {
    var loopCount = this.loopCount;
    this.windowHandle = this.windows.createWindow(this.oAuthTokenUrl, 'OAuth2 Login');

    this.intervalId = setInterval(() => {
        if (loopCount-- < 0) { 
            clearInterval(this.intervalId);
            this.emitAuthStatus(false);
            this.windowHandle.close();
        } else { 
            var href:string;
            try {
                href = this.windowHandle.location.href;
            } catch (e) {
              
            }
            if (href != null) { 
                var re = /access_token=(.*)/;
                var found = href.match(re);
                if (found) { 
                    console.log("Callback URL:", href);
                    clearInterval(this.intervalId);
                    var parsed = this.parse(href.substr(this.oAuthCallbackUrl.length + 1));
                    var expiresSeconds = Number(parsed.expires_in) || 1800;

                    this.token = parsed.access_token;
                    if (this.token) {
                        this.authenticated = true;
                    }

                    this.startExpiresTimer(expiresSeconds);
                    this.expires = new Date();
                    this.expires = this.expires.setSeconds(this.expires.getSeconds() + expiresSeconds);

                    this.windowHandle.close();
                    this.emitAuthStatus(true);
                    this.fetchUserInfo();
                }
            }
        }
    }, this.intervalLength);
}

If you encounter any issues or need assistance setting up the application, feel free to reach out with your questions.

Answer 2

If you're looking for a solid Angular2 OAuth2 skeleton application, I've got one available on Github that you might find helpful.

This application utilizes an Auth service for OAuth2 Implicit grants, which relies on a Window service to handle the popup window creation. It then keeps track of that window to retrieve the access token from the URL.

You can check out the demo OAuth2 Angular code (with Webpack) here.

Below is a snippet from the login routine in the Auth service, providing insights into the process without diving into the entire project. I've included some extra comments to guide you through it.

public doLogin() {
    var loopCount = this.loopCount;
    this.windowHandle = this.windows.createWindow(this.oAuthTokenUrl, 'OAuth2 Login');

    this.intervalId = setInterval(() => {
        if (loopCount-- < 0) { 
            clearInterval(this.intervalId);
            this.emitAuthStatus(false);
            this.windowHandle.close();
        } else { 
            var href:string;
            try {
                href = this.windowHandle.location.href;
            } catch (e) {
              
            }
            if (href != null) { 
                var re = /access_token=(.*)/;
                var found = href.match(re);
                if (found) { 
                    console.log("Callback URL:", href);
                    clearInterval(this.intervalId);
                    var parsed = this.parse(href.substr(this.oAuthCallbackUrl.length + 1));
                    var expiresSeconds = Number(parsed.expires_in) || 1800;

                    this.token = parsed.access_token;
                    if (this.token) {
                        this.authenticated = true;
                    }

                    this.startExpiresTimer(expiresSeconds);
                    this.expires = new Date();
                    this.expires = this.expires.setSeconds(this.expires.getSeconds() + expiresSeconds);

                    this.windowHandle.close();
                    this.emitAuthStatus(true);
                    this.fetchUserInfo();
                }
            }
        }
    }, this.intervalLength);
}

If you encounter any issues or need assistance setting up the application, feel free to reach out with your questions.

Answer 3

Answer №2

After some investigation, I discovered the root of the problem. It turned out that I was de-referencing this. Consulting this informative GitHub wiki page helped clarify things for me.

To resolve the issue in my specific case, I needed to take a few steps. First, I created a service that handled the addition of an event listener:

import {BrowserDomAdapter} from 'angular2/platform/browser';

export class PostMessageService {
   dom = new BrowserDomAdapter();
   addPostMessageListener(fn: EventListener): void {
     this.dom.getGlobalEventTarget('window').addEventListener('message', fn,false)
   }
}

By utilizing the addPostMessageListener method from this service, I could implement a function in another service to trigger accordingly:

constructor(public _postMessageService: PostMessageService,
    public _router: Router) {
    // Set up a Post Message Listener
    this._postMessageService.addPostMessageListener((event) => 
          this.onPostMessage(event)); // This is crucial as it allows me to maintain the reference to this

}

Subsequently, everything functioned as intended by preserving the reference to this.

Answer 4

After some investigation, I discovered the root of the problem. It turned out that I was de-referencing this. Consulting this informative GitHub wiki page helped clarify things for me.

To resolve the issue in my specific case, I needed to take a few steps. First, I created a service that handled the addition of an event listener:

import {BrowserDomAdapter} from 'angular2/platform/browser';

export class PostMessageService {
   dom = new BrowserDomAdapter();
   addPostMessageListener(fn: EventListener): void {
     this.dom.getGlobalEventTarget('window').addEventListener('message', fn,false)
   }
}

By utilizing the addPostMessageListener method from this service, I could implement a function in another service to trigger accordingly:

constructor(public _postMessageService: PostMessageService,
    public _router: Router) {
    // Set up a Post Message Listener
    this._postMessageService.addPostMessageListener((event) => 
          this.onPostMessage(event)); // This is crucial as it allows me to maintain the reference to this

}

Subsequently, everything functioned as intended by preserving the reference to this.

Answer 5

Answer №3

In my opinion, this approach is commonly used in Angular 2:

(This code snippet is written in Dart but TypeScript should have a similar syntax)

@Injectable()
class SomeService {
  DomAdapter dom;
  SomeService(this.dom) {
    dom.getGlobalEventTarget('window').addEventListener("message", fn, false);
  }
}

Answer 6

In my opinion, this approach is commonly used in Angular 2:

(This code snippet is written in Dart but TypeScript should have a similar syntax)

@Injectable()
class SomeService {
  DomAdapter dom;
  SomeService(this.dom) {
    dom.getGlobalEventTarget('window').addEventListener("message", fn, false);
  }
}

Answer 7

Answer №4

After experimenting with different approaches, I found that the most reliable method for me was to direct the user to the authentication page.

window.location.href = '/auth/logintwitter';

I handled the authentication process in the backend (using express) and then redirected back to a designated front end page.

res.redirect(`/#/account/twitterReturn?userName=${userName}&token=${token}`);

My solution has some unique aspects, such as using only JsonWebToken on the client side regardless of login type. If you're curious, you can view the entire solution here.

Answer 8

After experimenting with different approaches, I found that the most reliable method for me was to direct the user to the authentication page.

window.location.href = '/auth/logintwitter';

I handled the authentication process in the backend (using express) and then redirected back to a designated front end page.

res.redirect(`/#/account/twitterReturn?userName=${userName}&token=${token}`);

My solution has some unique aspects, such as using only JsonWebToken on the client side regardless of login type. If you're curious, you can view the entire solution here.

Angular 2 integration for Oauth 2 popup authorization

Answer №1

Answer №2

Answer №3

Answer №4

Similar questions

Error compiling SCSS in Angular 6 due to a util.js issue

Is there a way to receive notifications on an Android device when the real-time data updates through Firebase Cloud Messaging (FC

What is the process for setting up a subrouter using React Router v6?

Executing asynchronous JavaScript calls within a loop

PHP - Unable to verify session during script execution

Tips for showing various tooltip text when iterating through a list?

Utilize a Material UI GridList to transform images into a captivating background display

In the realm of Laravel, Vue, and Javascript, one may question: what is the best approach to omitting a key

Disguising the Navigation Bar when choosing from various databases

Tips on conducting a statistical analysis without having to wait for the completion of an AJAX response

Using jQuery to create dynamic elements that fade out with timers

Using backslashes to escape JSON values within a value in Angular

Ways to invoke a controller function from a window listener function

Explore visuals in the component repository

Declaring scoped runtime interfaces with Typescript

Having trouble locating the module for my custom TypeScript module

Using JavaScript to pre-select a radio button without any user interaction

Ways to make the input field appear invalid without the use of forms, causing the bottom outline to turn red when a specific condition is met

Redirecting with React Router outside of a route component

The Material UI button shifts to a different row