Response Type about angular-oauth2-oidc HOT 9 CLOSED

Hey @manfredsteyer,

The issue is that the library seems hardcode the response type to 'token or 'token id_token' - whereas what I think @amouly and I required is the url to response_type=code.

It has to be like this to work with Strava for me, not sure what service @amouly was trying to auth against. I figured it's just an alias, rather than a different flow.

from angular-oauth2-oidc.

I have the same issue. I'm using Cognito to request the tokens which only accepts the response type of 'token' or 'code' [1].

By default this lib hard codes the type to 'id_token token' which is not correct. The response type for implicit is 'token', 'id_token' or 'id_token token' [2].

Regardless, it would be good to be able to override the response_type to cater for differences between ID providers. Currently, in order to work with Cognito, we have to set oidc: false which stops the parsing of identity token (which is returned by the IDP anyway).

https://github.com/darbio/angular-oauth2-oidc/blob/master/angular-oauth2-oidc/src/oauth-service.ts#L955-L957

[1] https://docs.aws.amazon.com/cognito/latest/developerguide/authorization-endpoint.html
[2] http://oauthlib.readthedocs.io/en/latest/oauth2/grants/implicit.html

from angular-oauth2-oidc.

code flow isn't supported by the library. The reason is that is is not indented for SPA. Please consider using implicit flow instead.

from angular-oauth2-oidc.

Apparently, ADFS does not support implicit flow (or simplified flow).

That's why I need the responseType to be code.

from angular-oauth2-oidc.

AFAIK it supports it meanwhile [1]. The Problem is that code flow isn't really suited for single page apps.

[1] https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/development/single-page-application-with-ad-fs

from angular-oauth2-oidc.

@darbio +1 for the issue. So does that mean that I will have to process id token myself or not use this library at all for cognito? Thanks
@manfredsteyer any recommendation for workaround for using library with cognito?

from angular-oauth2-oidc.

Hi, was anyone able to solve this issue, as I am also facing the same issue while integrating ADFS with Angular 5.
Providing response_type = 'code'
Error: error=unsupported_response_type. The+authorization+server+does+not+support+obtaining+an+authorization+code+using+the+requested+'response_type'.+The+authorization+server+only+supports+'code'+as+the+response+type.

from angular-oauth2-oidc.

I think the author doesn’t want to include support for code flow (see: #52 (comment)). You can add in support as discussed above.

from angular-oauth2-oidc.

Hi, was anyone able to solve this issue, as I am also facing the same issue while integrating ADFS with Angular 5.
Providing response_type = 'code'
Error: error=unsupported_response_type. The+authorization+server+does+not+support+obtaining+an+authorization+code+using+the+requested+'response_type'.+The+authorization+server+only+supports+'code'+as+the+response+type.

Hi Nisha... were you able to resolve this issue later??

from angular-oauth2-oidc.