1

I am building an ASP.NET Core Angular app, which comes with an api-authorization.module that relies on angular-oauth2-oidc library for authorization logic. This module is used to connect the Angular app with ASP.NET Identity.

It works as expected on a single tab, but it requires a new login action whenever a new tab is opened.

I've found these resources on the subject, but can't find the imports they are talking about:

https://github.com/manfredsteyer/angular-oauth2-oidc/issues/321 https://manfredsteyer.github.io/angular-oauth2-oidc/docs/additional-documentation/configure-custom-oauthstorage.html

Specifically, I cannot find the OAuthModule that is mentioned both in Github thread jeroenheijmans, who is a collaborator on the library, and in official docs. For that reason, I cannot apply what seems the recommended fix for this issue, which is adding this to app.module.

providers: [
    { provide: OAuthStorage, useFactory: storageFactory }
]

Can anyone tell me how to solve this, or point me in the right direction?

dzenesiz
  • 1,388
  • 4
  • 27
  • 58
  • Are you working with the scaffolded Identity Pages by ASP.NET Core? If so have you opted for persisting the auth cookie? – David Eggenberger Aug 25 '21 at 10:38
  • @DavidEggenberger I will definitely look into it and let you know to move your comment to answer if you're right. – dzenesiz Aug 25 '21 at 11:50
  • @DavidEggenberger if you were referring to `SignInManager.PasswordSignInAsync` method (https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.identity.signinmanager-1.passwordsigninasync?view=aspnetcore-5.0), `bool isPersistent` parameter gets set to true if user checks the *Remember me* checkbox. Even with that, opening a new tab still requires a new login, albeit it skips the login form (because of the cookie, I guess). I really hope I'm missing a point here :) – dzenesiz Aug 25 '21 at 17:32
  • Are you using the ApiAuthorization Package on top of Identity Server? I think it gets delivered when creating a new ASP.NET Core App with individual user accounts. The registration of IdentityServer would then look like: services.AddIdentityServer().AddApiAuthorization<,>(). If so what is the Route of your Login page? If it doesnt start with /Identity I think this fix will do: https://stackoverflow.com/questions/61435229/authentication-for-net-core-razor-pages-application-doesnt-work-for-views-with – David Eggenberger Aug 25 '21 at 21:52
  • @DavidEggenberger I am calling `services.AddIdentityServer(options => { if(!Env.IsDevelopment()) options.IssuerUri = $"{Configuration["ISSUER_URI"]}"; }).AddAspNetIdentity().AddOperationalStore().AddIdentityResources().AddApiResources().AddClients();` And my login page URL definitely starts with */Identity*. Also, `ApplicationUser` inherits `IdentityUser`. – dzenesiz Aug 26 '21 at 11:16

1 Answers1

0

The provider for a OAuthStorage should go in your module, the module in your application that bootstraps things, for example in your core.module.ts. If you use localStorage then, new tabs will pick up the state from other tabs:

function storageFactory(): OAuthStorage {
  return localStorage;
}

As an aside, you can also get this behavior by using silent logins at the bootstrapping of your application but you have to be aware of browser issues with iframe based silent refreshes.

Jeroen
  • 60,696
  • 40
  • 206
  • 339