TechQA.

How to disable refresh token using angular-auth-oidc-client and openiddict?

772 views Asked by At

I am using angular-auth-oidc-client lib with openiddict as identity server:

openiddict config:

.AddServer(options =>
   {
       // Enable the authorization, logout, token and userinfo endpoints.
       options.SetAuthorizationEndpointUris(
                 openIddictConfig.AuthorizationEndpointUris)
               .SetLogoutEndpointUris(openIddictConfig.LogoutEndpointUris)
               .SetTokenEndpointUris(openIddictConfig.TokenEndpointUris)
               .SetAccessTokenLifetime(TimeSpan.FromSeconds(10))
               .SetIdentityTokenLifetime(TimeSpan.FromSeconds(10))
               .SetUserinfoEndpointUris(openIddictConfig.UserinfoEndpointUris);

       // Mark the "email", "profile" and "roles" scopes as supported scopes.
       options.RegisterScopes(Scopes.Email, Scopes.Profile, Scopes.Roles);
       options.SetAccessTokenLifetime(TimeSpan.FromSeconds(10))
               .SetIdentityTokenLifetime(TimeSpan.FromSeconds(10));
       // Note: this sample only uses the authorization code flow but you can enable
       // the other flows if you need to support implicit, password or client credentials.
       options.AllowAuthorizationCodeFlow().RequireProofKeyForCodeExchange();
       //options.AllowRefreshTokenFlow();

       // Register the signing and encryption credentials.
       options.AddDevelopmentEncryptionCertificate()
               .AddDevelopmentSigningCertificate();

       // Register the ASP.NET Core host and configure the ASP.NET Core-specific options.
       options.UseAspNetCore()
               .DisableTransportSecurityRequirement()
               .EnableAuthorizationEndpointPassthrough()
               .EnableLogoutEndpointPassthrough()
               .EnableTokenEndpointPassthrough()
               .EnableUserinfoEndpointPassthrough()
               .EnableStatusCodePagesIntegration();

       // Encryption and signing of tokens
       options
       //    .AddEphemeralEncryptionKey()
       //    .AddEphemeralSigningKey()
           .DisableAccessTokenEncryption();
   })

Angular config:

getOpenIDConfiguration(): OpenIdConfiguration {
  return {
   authority: this.oidcConfig.authority,
   clientId: this.oidcConfig.clientId,
   redirectUrl: this.oidcConfig.redirectUrl,
   postLogoutRedirectUri: this.oidcConfig.postLogoutRedirectUri,
   scope: 'openid profile email ',
   responseType: 'code',
   silentRenew: false,
   useRefreshToken: false,
   logLevel: LogLevel.Debug,
  }
}

NB: with this configuration when the token lifetime is expired there is a refresh token.

All I need is to disable the refresh token and set the expired lifetime to the token finally how to implement an expired token handler and log out? Thank you guys for your help.

example screenshot

angular openiddict angular-auth-oidc-client
Original Q&A
0

There are 0 answers

Related Questions in ANGULAR

Related Questions in OPENIDDICT

Related Questions in ANGULAR-AUTH-OIDC-CLIENT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions