OAuthService config is null after the page is reloaded

[axell9641]

I'm trying to logout using the logOut method provided by OAuthService.
Everything works fine, but if for some reason the user reloads the page (e.g. by pressing F5) before they try to log out, I get this message:

ERROR TypeError: Cannot read property 'customTokenParameters' of null at OAuthService.logOut (angular-oauth2-oidc.js:2128)

I double-checked and all the information stored in "Session Storage" is removed, but the user is not redirected to the logoutUrl because of the error described above.
I also did a little bit of debugging in the logOut method and that's when I found that the config property is null as it is shown in the following image:

Is this the expected behavior? Should I call the configure method again if the config is null ?

[jeroenheijmans]

I don't believe this should happen, or that it does happen in e.g. in my own sample application. I'd suspect something specific to your application. Could you create a minimized version (reproducible scenario) from your, for a community member to look at?

[artu-ole]

@axell9641 Same issue here, seems like password flow has been broken.
Putting an empty object into configuration fixes it for me:

this.oauthService.configure({});

[jeroenheijmans]

password flow has been broken

Ah yeah, I don't ever use Password Flow. However, OP doesn't mention it, so we might be looking at two different issues. @axell9641 did you use Password Flow too?

[axell9641]

@jeroenheijmans no. I'm using the implicit flow

[manfredsteyer]

Thanks for this info and for the workaround. I'll look into this asap.

[axell9641]

I don't believe this should happen, or that it does happen in e.g. in my own sample application. I'd suspect something specific to your application. Could you create a minimized version (reproducible scenario) from your, for a community member to look at?

I don't think I can provide an example since the url generated by stackblitz will have to be registered on my adfs server.
The thing is that I think I needed to call this method this.oauthService.configure(ADSF_AUTH_CONFIG); in the app-component , because it is called every time the application is loaded, or reloaded. I was only calling that method before calling the loadDiscoveryDocumentAndTryLogin() method. And since that method call is inside a component that is only loaded if the user is not logged in, if the user has a token and refreshes the page all the config data is lost and you get the error I initially described.

Now I don't get any error and the user is correctly redirected to the logoutUrl and then redirected back to the postLogoutRedirectUri, but if I reloaded the page when the user still has a valid token and later try to logout, the user is successfully redirected to the logoutUrl , BUT this time is not redirected back to he url specified with postLogoutRedirectUri.

This is my AuthConfig

const adsfUrl = 'https://adfs.dddd.ddd/adfs';

export const ADSF_AUTH_CONFIG: AuthConfig = {
    redirectUri: window.location.origin,
    clientId: 'ddddddddddddddddddddd',
    requireHttps: false,
    loginUrl: adsfUrl + '/oauth2/authorize',
    issuer: adsfUrl,
    scope: 'openid profile email',
    responseType: 'id_token token',
    oidc: true,
    logoutUrl: adsfUrl +
      '/ls/?wa=wsignoutcleanup1.0&wreply=' + location.protocol +
      '//' + location.hostname + (location.port ? ':' + location.port : ''),
    postLogoutRedirectUri: location.protocol + '//' +
      location.hostname + (location.port ? ':' + location.port : '')
};

Do you have any idea what could be causing this ?

[axell9641]

@manfredsteyer , @jeroenheijmans Could anyone please confirm to me whether it is normal that If I refresh the page(By pressing F5) and then logout, the postLogoutRedirectUri url has no longer any effect. As if it was never specified.

postLogoutRedirectUri only works for me if I never reload the page. Even If I call this.oauthService.configure(ADSF_AUTH_CONFIG); in the app-component.

[jeroenheijmans]

See my initial comment: this is unexpected, and as far as I know this does not happen in my own applications.

[axell9641]

See my initial comment: this is unexpected, and as far as I know this does not happen in my own applications.

OK, thank you. I'm going to take a look this branch in your example and then try to create an example with my own configuration , but using your indentity server and see if I can reproduce the error.

[axell9641]

See my initial comment: this is unexpected, and as far as I know this does not happen in my own applications.

I cloned the repo corresponding to the implicit flow, installed the required packages, and run the application, but when I try to login I get this error:

I'm not sure if the configuration that is place is correct, or if I have to change something.

I'd really appreciate if you could shed some light on this.

[axell9641]

Another thing I noticed is that you never called the configure method with the above AuthConfig parameters

[jeroenheijmans]

I prefer to provide configuration via Angular's dependency injection.

[axell9641]

I prefer to provide configuration via Angular's dependency injection.

I cannot find where you inject that dependency,but I guess that's a matter of preference.
What I really need to do is to be able to run your example to see if I get the same problem I described above. Could you please help me figure out what's wrong with the code in the branch for the implicit flow : https://github.com/jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards/tree/implicit-flow

[jeroenheijmans]

They get injected into the library's OAuthService class.

I wasn't aware that my sample's implicit flow was broken, I that seems to be because the demo.identityserver.io instance removed that client recently. You could try to use this config instead though your mileage may vary.

[axell9641]

@jeroenheijmans I changed the previous configuration for the one you recommended.
Now I can log in, but when I log out I am not redirected to the url specified using postLogoutRedirectUri. I remain in the logout page.

This is the property I added to the config you mentioned in your last comment:

postLogoutRedirectUri: location.protocol + '//' + location.hostname + (location.port ? ':' + location.port : '')

Is there anything else I need to add so that the user can be redirected back once they have been logged out?

P.S. I thought that to use the implicit flow you needed to add this to the config : responseType: 'id_token token',

[jeroenheijmans]

Your screenshot does say "Click here to return to the client...", non? If you want your Identity Server to automatically redirect users back, I think you must configure that in your IDS.

[axell9641]

Your screenshot does say "Click here to return to the client...", non? If you want your Identity Server to automatically redirect users back, I think you must configure that in your IDS.

Yeah I know it says that, but among the example servers you have, is there any that has that option already configured? The ADFS server I'm using already does. That's why I'm trying to recreate the issue I described above with a server that supports the logout redirection. That's why I was talking about the postLogoutRedirectUri not working the way it is expected to. :(

[jeroenheijmans]

Original Poster, did you ever figure this out?

I'm going back over the thread above, but can't see much else the community here could do to help at this point...

[pyronlaboratory]

Any updates on this issue?

[jeroenheijmans]

I think the Original Poster @axell9641 abandoned this issue, or maybe worked around it.

I will close this issue since interaction died down. @pyronlaboratory if you were pinging because you had similar symptoms, I recommend opening up a fresh issue with your specific scenario and steps to reproduce the error, so the community can give it a fresh look.