-
Notifications
You must be signed in to change notification settings - Fork 689
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PKCE Code verifier is incorrect for Angular 12 production build #1120
Comments
Thanks for this info. Will look into it asap. |
We currently use version 10.0.3 of this library and after the Angular upgrade from 12.1.1 to 12.2.1, we also have this problem. I approve, that everything works when build optimization is turned off. I noticed that the code challenge (which is appended to the authorization URL query) has always the same value, although the code verifier is different each time. This computation of the hash returns always agnmZ7tnroU8bvNypU_1OlEOUn-bBWiMH4PZq1vgzRk , but I do not know why:
|
Hi, thanks for this issue. I have a hard time reproducing this issue.
[1] https://github.com/manfredsteyer/auth-demo.git |
We have Angular 12.2.2 and angular-oauth2-oidc: 12.0.2, and it does not work. |
While I cannot reproduce it, I did an "educated guess". Can you install the temp. version 12.0.2-issue.1120 and try it again?
|
The version you provided didn't fix the issue in my projects. I debugged this a bit already when angular 12.2 was released since I was convinced at the time that the problem was to be found in my projects. Here are some of my notes and findings:
For anyone looking for a workaround, you can implement your own HashHandler:
I looked through older issues of this library and saw that the reason you are no longer using the code above is, that PS: Are you aware that you published "12.0.2-issue.1120" as the latest version to npm? |
I can confirm that the version 12.0.2-issue.1120 did not fix the issue. |
Thanks for your analysis. Can you please retry with version 12.0.2-issue.1120.1 |
12.0.2-issue.1120.1 does not work unfortunately. |
12.0.2-issue.1120.1 doesn't work for me either. |
Thank you for this issue! I recently updated to angular 11 and am currently checking against different versions of this library |
Seems like the optimizer used by the CLI is destroying this. The lib for calculating sha256 is still using plain javascript and commonjs. Seems like the optimizer has issues with it. I've completely switched it out now. Can you please give this version a try: 12.0.2-issue.1120.2 Best wishes, |
"12.0.2-issue.1120.2" seems to fix the issue. All of my projects work with that version. |
I can confirm that 12.0.2-issue.1120.2 and Angular 12.2.2 worked for me also. Thanks for your effort to fix it. |
Awesome. Thanks for your help with this. Will release it as 12.1 very soon. |
@manfredsteyer original cause seems like be already fixed angular/angular-cli#21654 (comment) |
Description
The bug was found in version
angular-oauth2-oidc:12.0.2
in combination with Angular12.2.1
. It has only beenreported since the update of angular version from
12.0.5 -> 12.2.1
.(It is probably duplicate of #1117 )
ERROR
We are unable to login with PKCE Code.
Context & Approach
If we run the project with
ng serve
the SPA is able to connect to our Azure AD, also if we build the applicationwith
--configuration development
. Only if we build the application in production mode, we are not able to loginanymore. To further narrow down the problem, we turned off the optimization flags:
With this setting you can log in again!
System information
Full system information
The text was updated successfully, but these errors were encountered: