Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Angular 13 support #712

Closed
igorosabel opened this issue Nov 12, 2021 · 28 comments
Closed

Angular 13 support #712

igorosabel opened this issue Nov 12, 2021 · 28 comments

Comments

@igorosabel
Copy link

Angular 13 was released last week and yesterday another update was published (13.0.1). When I build the application I get this warning/message:

ng build --configuration production
⠙ Generating browser application bundles (phase: setup)...Processing legacy "View Engine" libraries:
- @auth0/angular-jwt [es2015/esm2015] (git+https://github.com/auth0/angular2-jwt.git)
Encourage the library authors to publish an Ivy distribution.

Despite the warning, everything still works fine.

Thanks!
@muuvmuuv
Copy link

We really depend on this before we can go to ng13, where can we help?

Also, we get this when upgraded to ng13:

Type JwtModule does not have 'ɵmod' property

@greetclock
Copy link

@muuvmuuv this most probably can be solved by running ngcc directly. I had similar problem, and adding this to scripts of package.json helped me:
"postinstall": "ngcc --properties es2015 browser module main"

Usually it will run the postinstall scrip automatically each time you do npm install, but you can also run it directly npm run postinstall.

At the same time, I still would like to Encourage the library authors to publish an Ivy distribution..

@muuvmuuv
Copy link

@cherurg Ok, thanks, but unfortunately that does not work in NX environments due to another bug. NG13 anyway does not depend on ngcc anymore, so it shouldn't be necessary. For the time being we will use the core lib, which works just fine. https://github.com/auth0/jwt-decode

@Rlcolli4
Copy link

Would really appreciate this update as well, fortunately we have had no issues with the upgrade or running it in our applications, however we get the same warning as @igorosabel when we run. Looking at Angular's roadmap, I'm worried about items not compiled in Ivy may not work in future versions going forward.

@onclave
Copy link

onclave commented Dec 29, 2021

Would request the library authors to look into this. Got the same warning while upgrading to angular 13.

@celian-garcia celian-garcia mentioned this issue Jan 5, 2022
Closed
4 tasks
@DaviAlvesAWSD
Copy link

DaviAlvesAWSD commented Feb 2, 2022
edited
Loading

hello, I'm a Brazilian user and I had problems using the new angular ng13 updates

the token part works but I have a second method to retrieve the refresh token that is passed in the cookie

code:

 getNewAccessToken(): Promise<void> {
    const headers = new HttpHeaders()
      .append('Content-Type', 'application/x-www-form-urlencoded')
      .append('Authorization', 'Basic YW5ndWxhcjpAbmd1bEByMA==');


    const body = 'grant_type=refresh_token';

    return this.http.post<any>(this.oauthTokenUrl, body,
        { headers, withCredentials: true })
      .toPromise()
      .then((response:any) => {
        this.storeToken(response['access_token']);

        console.log('New access token created!');

        return Promise.resolve();
      })
      .catch(response => {
        console.error('Error renewing token.', response);
        return Promise.resolve();
      });
  }

passing withCredentials to true should make the application get the refresh token automatically and pass it to the body, no? at least that's what I read, but he's not passing the refreshToken in the body along with the grant_type = refresh_token

sorry my english it is not good

@sysmat
Copy link

sysmat commented May 9, 2022

any progress?

@edbzn
Copy link

edbzn commented May 11, 2022

Almost no commits in 2 years, this project seems not maintained.

@Arthur-Neto
Copy link

Any news or alternatives?

@danwoda
Copy link

danwoda commented May 11, 2022

Hi all, I apologize for the delayed response. This issue is on our radar and we are actively working to find new support for the repo. I don’t have any specific updates at the moment, but we will let you know when we have more info.

@edbzn
Copy link

edbzn commented Jun 3, 2022

@danwoda I can raise a PR if you need support.

@Rlcolli4 Rlcolli4 mentioned this issue Jun 3, 2022
Closed
4 tasks
@igorosabel
Copy link
Author

Angular14 Upgrade #725

Since Angular 14 was released last week... this issue should be renamed to "Angular 14 support" 😜

@TheParad0X
Copy link

Bump 🔥 We need Angular 13 support.

@kevinch3-shoutly
Copy link

Hope will be a release from auth0 soon!

@digeomel
Copy link

This fork claims to be Ivy compatible, but not complete:
https://github.com/avatsaev/angular2-jwt

@kpaaro
Copy link

kpaaro commented Aug 25, 2022

Bump

1 similar comment
@tomstolarczuk
Copy link

Bump

@dylanvdmerwe
Copy link

Note that Angular 15 will not support non-Ivy view engines and as such this package in it's current state will not work.

@sysmat
Copy link

sysmat commented Sep 15, 2022

is this repo dead, still on ng10, now is ng14, and ja on ng15 will not work

@MumiaIrrequieta
Copy link

I made my attempt and forked this repo and updated it. I'm using ng14 and it's working fine. Here it is:
https://github.com/MumiaIrrequieta/angular2-jwt

@sysmat
Copy link

sysmat commented Sep 15, 2022

@MumiaIrrequieta thx, but this version: 5.99.0 is not published in central npm

@MumiaIrrequieta
Copy link

@sysmat , here it is https://www.npmjs.com/package/@mumiairrequieta/angular-jwt

@igorosabel
Copy link
Author

It's been almost a year since I opened this issue. I would like to use auth0's library as I have been using for a lot of time, but if they don't update it by the time Angular 15 comes out... I am going to drop it and start using that fork, thanks @MumiaIrrequieta

@sysmat
Copy link

sysmat commented Sep 15, 2022

@MumiaIrrequieta thx

@frederikprijck
Copy link
Member

frederikprijck commented Sep 20, 2022
edited
Loading

Hello, and our apologies for the radio silence here.

This repository has recently switched teams inside the company, and we will be following up on this SDK to ensure it stays compatible when Angular 15 is released as non-beta.

The warning is a known warning and the same we have with auth0-angular, our recommended SDK for Angular.
In order to drop this warning, we need to stop supporting certain Angular versions (Anything below Angular 12, IIRC).
Even though these versions are not supported by Google anymore, we do have customers using it and we didn't want to leave them in the dark only because of this warning.

Having said that, we are aware of the benefits of compiling using Ivy. We are also aware that it probably won't work with Angular 15 anymore. With v15 being released in beta, compiling with Ivy is on our radar and we are considering doing the update in a minor release on both this SDK as well as auth0-angular. The reason for a minor is that we believe toggling Ivy is a non-breaking change for any by google supported version of Angular, but we do want to avoid using a patch, to give our users that are still on Angular <12 some wiggle room for security fixes, while the main guidance will be to upgrade Angular to >12.

@frederikprijck frederikprijck mentioned this issue Sep 21, 2022
Closed
@rubiesonthesky
Copy link

Dropping major Angular version support is not "minor" version update, IMO. :) While those dropped versions are not supported by Google anymore, it is good practice to do that in major version. In Angular ecosystem most libraries will do new major release even if they just add new Angular version support to indicate that. Though I understand that you may need to keep version ranges similar with another SDKs, I would urge you to consider is this really minor or major release.

@frederikprijck
Copy link
Member

frederikprijck commented Oct 3, 2022
edited
Loading

It's a grey zone, adding support that breaks only those that are using an unsupported version sounds fine in a non-major as we do not support versions that aren't supported by their own vendor in the first place. From that perspective, I would argue it even gets close to just being a patch release. However, we do want to give some wiggle room for security patches if needed.

In Angular ecosystem most libraries will do new major release even if they just add new Angular version support to indicate that.

I believe that's not worth it for our SDK as all we have is a service and an interceptor. Starting to maintain all kinds of versions just for the sake of not breaking users using an unsupported version sounds like not ideal.
We will also not break anyone at run-time, but at compile time. So anyone can still rollback and lock our dependency.

A new major also increases support we should be giving, and it's a bit of a weird situation to be explicitly cutting a new major and supporting an old major only for versions of Angular that aren't supported. Being a security company, we always want you to use supported versions, as any version that doesnt have any LTS support can be vulnerable. We are doing best effort here to leave room for security patches on our end, but realy we shouldnt.

This should be fixed with #735 which we will be part of the next minor release.

This was referenced Oct 3, 2022
Merged
Closed
@huajian123 huajian123 mentioned this issue Oct 7, 2022
Closed
@MumiaIrrequieta
Copy link

MumiaIrrequieta commented Oct 11, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests