Feat/Auth : Playground Sample : automatic refresh token #658
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Now : If existing, NbAuthResult contains backend error description other Changes requested by Dmitry (first review)
Now : If existing, NbAuthResult contains backend error description other Changes requested by Dmitry (first review) +tslint missing trailing comma arghhh
…strategy used to create the token (future use)
The token now contains ownerStrategyName, with is a back link to the strategy used to create the token (future use). BREAKING CHANGE : NbAuthCreateToken (token.ts) now takes a third parameter, which is the ownerStrategyName Tokens are created by strategies that are called from services, so it is *potentially* a breaking change.
The token now contains ownerStrategyName, with is a back link to the strategy used to create the token (future use). updated unit tests files and oauth2-password-login.component (breaking change below) BREAKING CHANGE : NbAuthCreateToken (token.ts) now takes a third parameter, which is the ownerStrategyName Tokens are created by strategies that are called from services, so it is *potentially* a breaking change.
removed useless code and cleaned one unit test file BREAKING CHANGE : NbAuthCreateToken (token.ts) now takes a third parameter, which is the ownerStrategyName Tokens are created by strategies that are called from services, so it is *potentially* a breaking change.
# Conflicts: # src/framework/auth/services/token/token.ts Optimized token.ts code
…uth-automaticRefreshToken # Conflicts: # src/framework/auth/services/token/token.spec.ts # src/framework/auth/services/token/token.ts
In cas of invalid token, the interceptor & authService now try *automatically* to refresh the token. Redirection to the login page is now made only if refreshToken fails to get a valid access-token. playground : new Url ''/auth/api-calls.component' to play the above functionality. backend : updated with necessary stuff to respond to the api-calls.component.
…cture This version implements a filter function for any urls the client code wants to exclude from NbAuthJWTInterceptor. Auths url base endpoints must be added in filters so that the interceptor does not run into infinite loop. NOT TO BE MERGED since another possible version is commented out in this code.
… into feat/auth-automaticRefreshToken
Automatic refreshToken Call example in the playground.
nnixaa
requested changes
Aug 22, 2018
src/backend/app.js
Outdated
| var token = req.body.refresh_token; | ||
|
|
||
| // token issued via email strategy | ||
| if (token === 'eb4e15840117437cbfd7343f257c4aae') { |
There was a problem hiding this comment.
let's move this 'eb4e15840117437cbfd7343f257c4aae' into a variable
| @@ -3,7 +3,7 @@ | |||
| * Copyright Akveo. All Rights Reserved. | |||
| * Licensed under the MIT License. See License.txt in the project root for license information. | |||
| */ | |||
| import { Inject, Injectable } from '@angular/core'; | |||
| import {Inject, Injectable } from '@angular/core'; | |||
There was a problem hiding this comment.
we really need that style checker!
| @@ -23,7 +23,7 @@ import { | |||
| auth2StrategyOptions, | |||
| NbOAuth2GrantType, NbOAuth2ClientAuthMethod, | |||
| } from './oauth2-strategy.options'; | |||
| import { NbAuthStrategyClass } from '../../auth.options'; | |||
| import { NbAuthStrategyClass} from '../../auth.options'; | |||
| * Licensed under the MIT License. See License.txt in the project root for license information. | ||
| */ | ||
|
|
||
| import {Component, Inject} from '@angular/core'; |
| @Component({ | ||
| selector: 'nb-playground-api-calls', | ||
| styles: [` | ||
| .rTable { |
There was a problem hiding this comment.
what is rTable? is this some kind of 3rd party styles? naming convention looks strange
| } | ||
| `], | ||
| template: ` | ||
| <router-outlet></router-outlet> |
There was a problem hiding this comment.
do we need the outlet here?
| <nb-layout> | ||
| <nb-layout-column> | ||
| <nb-card> | ||
| <nb-card-body class="col-xl-4 col-lg-6 col-md-8 col-sm-12" style="margin:auto;"> |
There was a problem hiding this comment.
also would be really great if we can get rid of bootstrap as we are keen to remove it at some step
| }) | ||
|
|
||
|
|
||
|
|
There was a problem hiding this comment.
no need in these new lines
src/playground/auth/auth.module.ts
Outdated
| NbOAuth2GrantType, | ||
| NbOAuth2AuthStrategy, | ||
| NbAuthOAuth2Token, | ||
| NB_AUTH_TOKEN_INTERCEPTOR_FILTER } from '@nebular/auth'; |
There was a problem hiding this comment.
} from '@nebular/auth'; should go on a new line
src/playground/auth/auth.module.ts
Outdated
| ], | ||
| providers: [ | ||
| NbAuthGuard, | ||
| { provide: HTTP_INTERCEPTORS, useClass: NbAuthJWTInterceptor, multi: true }, | ||
| { provide: NB_AUTH_TOKEN_INTERCEPTOR_FILTER, useValue: filterInterceptorRequest}, |
…sted with NbAuthPasswordStrategy as well as with NbOauth2AuthStrategy nnixaa's review.
Corrected impots for ci:docs to pass
… into feat/auth-automaticRefreshToken
|
@alain-charles can you check my PR please https://github.com/alain-charles/nebular/pull/3? |
…t/auth-automaticRefreshToken
…freshToken nnixaa refactoring of the component
nnixaa
approved these changes
Aug 23, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Feat/Auth : Playground / Backend sample : automatic refreshToken
This pull requests implements in both backend and playground an example of Oauth2 authentication with automatic refreshtoken requests sent to the backend when the local stored accesstoken has expired.
This allows the user not to type his login/password as long as his refresh-token is valid.
The refreshtoken requests are sent transparently.
You can easily test the code by calling the url http://localhost:4200/#/auth/api-calls.component
Then the AuthGuard service redirects you to the login page.
The strategy used to log in is Oauth2 with password grant-type, so you can use [email protected].
You are then logged with an access token whose ttl is 60 seconds and a refresh token whose ttl is 120 seconds.
These values can be modified in the configuration of the backend (config.js).
Call of the secured api
Once logged, go immediately to http://localhost:4200/#/auth/api-calls.component and click the call API button.
The XHR request is send with the authorization header containing Bearer + the access-token.
You can see that Alain's got good wines in his cellar.
Automatic refresh-token request
Wait a minute, and click once again on the call-api button.
Observe the network logs of you browser : the acces-token was expired, so the framework sent automatically a refresh request to the backend
with the next content :
and it got a new access-token:
then it called with success the protected api.
Redirect to login or anything else when refresh_token has expired
If you wait once a minute, and if you click the call-api button, the framework sends a new refreshToken request
The component responsible for the API call intercepts the backend 401 error and you are redirected to the login page
Hope you will like this work.
PS: this can be played in the playground with NbAuthPasswordStrategy as well, just replace in the ** playground**
auth-module.ts:by