Login & Logout
Login
For logging in a user you can call the authorize()
method:
private readonly oidcSecurityService = inject(OidcSecurityService);
// ...
this.oidcSecurityService.authorize();
The supplied configuration will be used and the user will be redirected to the Security Token Service to log into your app.
The configuration on server and client side has to be valid to finish the login successfully!
ConfigId
Parameter
In case you have multiple configs you can pass the configId
parameter as the first argument to select a specific config:
login() {
this.oidcSecurityService.authorize('configId');
}
AuthOptions
You can pass in AuthOptions following optional parameters:
urlHandler
- to manipulate the behavior of the login with a customurlHandler
customParams
- to send custom parameters to OIDC ProviderredirectUrl
- to override the redirectUrl defined in the configuration
login() {
const authOptions = {
customParams: {
some: 'params',
},
urlHandler: () => {
// ...
},
redirectUrl: "/assets/login-popup-page.html"
};
const configIdOrNull = // ...
this.oidcSecurityService.authorize(configIdOrNull, authOptions);
}
Login using a Popup
You can authenticate with any OpenID Connect identity provider using a popup.
This allows you to have the provider's consent prompt display in a popup window to avoid unloading and reloading the app.
Sample
loginWithPopup() {
this.oidcSecurityService.authorizeWithPopUp()
.subscribe(({ isAuthenticated, userData, accessToken, errorMessage }) => {
/* use data */
});
}
PopupOptions
You can pass options to control the dimension of the popup with the PopupOptions
interface as a second parameter.
loginWithPopup() {
const somePopupOptions = { width: 500, height: 500, left: 50, top: 50 };
const authOptionsOrNull = /* ... */
this.oidcSecurityService.authorizeWithPopUp(authOptions, somePopupOptions)
.subscribe(({ isAuthenticated, userData, accessToken, errorMessage }) => {
/* ... */
});
}
ConfigId
Parameter
In case you have multiple configs you can pass the configId
parameter as the last argument.
loginWithPopup() {
const somePopupOptionsOrNull = /* ... */;
const authOptionsOrNull = /* ... */
this.oidcSecurityService.authorizeWithPopUp(authOptions, somePopupOptions, 'configId')
.subscribe(({ isAuthenticated, userData, accessToken, errorMessage }) => {
/* ... */
});
}
Using custom popup login page
You can pass a custom login page in AuthOptions (authOptions.redirectUrl).
A simplified page (instead of the application url) can be used. Here's an example:
<html>
<head>
<script>
function sendMessage() {
// post url containing oidc response (redirected from OP)
const urlWithOidcResp = window.location.href;
window.opener.postMessage(urlWithOidcResp, window.opener.location.href);
}
</script>
</head>
<body onload="sendMessage()">
Transmitting authentication result ... (this popup will be closed
automatically).
</body>
</html>
Popup Sample
Logout
The logoff()
method sends an end session request to the OIDC server, if it is available, or the check session has not sent a changed event.
logout() {
this.oidcSecurityService.logoff().subscribe((result) => console.log(result));
}
Parameters
configId
logoff()
also accepts a configId
paramater to select a specific config:
logout() {
this.oidcSecurityService.logoff('configId')
.subscribe(({ isAuthenticated, userData, idToken, accessToken, errorMessage }) => {
/* ... */
});
}
LogoutAuthOptions
You can pass in LogoutAuthOptions following optional parameters:
urlHandler
- to manipulate the behavior of the logout with a customurlHandler
customParams
- to send custom parameters to OIDC ProviderlogoffMethod
- Which can beGET
orPOST
.GET
is default here.
According to the OIDC Standard only the customParams state
, logout_hint
and ui_locales
are configurable. Other values are being created, being read from storage or taken from your config.
You can pass an logoutAuthOptions
parameter if you want to control the behavior more.
logout() {
const logoutAuthOptions: LogoutAuthOptions = {
customParams: {
logout_hint: 'some-logout-hint',
/* other params */
}
};
// Use an empty string for the configId if this is not a multiple client
// subscribe to the result if you expect the function to return.
// => .subscribe((result) => console.log(result));
this.oidcSecurityService.logoff('configId', logoutAuthOptions);
}
If you prefer to send a POST logout request:
logout() {
// logoffMethod` - Which can be `GET` or `POST
const logoutAuthOptions: LogoutAuthOptions = {
customParams: {
logout_hint: 'some-logout-hint',
},
logoffMethod: 'POST',
};
this.oidcSecurityService.logoff('', logoutAuthOptions)
.subscribe((result) => console.log(result));
}
logoffAndRevokeTokens()
The logoffAndRevokeTokens()
method revokes the access token and the refresh token if using a refresh flow, and then logoff like above.
logoffAndRevokeTokens() {
this.oidcSecurityService.logoffAndRevokeTokens()
.subscribe((result) => console.log(result));
}
or an example using the LogoutAuthOptions parameters:
logoffAndRevokeTokens() {
const logoutAuthOptions: LogoutAuthOptions = {
customParams: {
logout_hint: 'some-logout-hint',
},
};
this.oidcSecurityService.logoffAndRevokeTokens('', logoutAuthOptions)
.subscribe((result) => console.log(result));
}
The method also takes configId
and logoutAuthOptions
parameters if needed.
logoffLocal()
The logoffLocal()
method is used to reset your local session in the browser, but does not send anything to the server. It also accepts the configId
parameter.
logoffLocal() {
this.oidcSecurityService.logoffLocal();
}