Not redirecting after login and Authorization somehow not set

[WalterEbbers]

Hi,
I have been working on a aurelia with webpack implementation for aurelia-auth so i can use it within projects but found two things that did not work.
I took https://github.com/paulvanbladel/aurelia-identityserver-aspnetcore from @paulvanbladel as a example.

1. Issue How to enable CORS ? #1 Not redirecting to redirectpage.
   Steps:

• I login using the identyserver4 popup.
• After the popup closes the console prints out the following error and it will not redirect:

bluebird.js?f684:1564 Warning: a promise was rejected with a non-error: [object Object] at eval (webpack-internal:///./node_modules/aurelia-auth/dist/commonjs/popup.js:123:11).

popup,js line 123:

      reject({
        data: 'Problem poll popup'
      });

Log-in-component.ts authenticate code:

public authenticate()
{
return this.auth.authenticate('identSrv', true, null)

  .then((response) =>
  {
    console.log('auth response: ' + response);
    console.log(response);
  });

}

Using chrome developer tools i do see in the application page dat aurelia_token, aurelia_id_token, identSrv_nonce and identSrv have values so i assume the login did succeed.

2. issue Added profileUrl as a configurable url; allow to pass an object to signup endpoint #2
   when trying to manually go to the api after the login i somehow get a 401 unauthorized:

aurelia-fetch-client.js?a909:287 GET http://localhost:5001/Identity 401 (Unauthorized)
(anonymous) @ aurelia-fetch-client.js?a909:287
tryCatcher @ bluebird.js?f684:5276
bluebird.js?f684:1564 Warning: a promise was rejected with a non-error: [object Response]

Looking at how the example is implemented, and my project, the redirect url ports and clientname are the only difference.
In the example i see to identity requests are being made:

Request 1
Request URL: http://localhost:5001/Identity
Request Method: OPTIONS
Status Code: 204 No Content
Remote Address: [::1]:5001
Referrer Policy: no-referrer-when-downgrade
Access-Control-Allow-Headers: authorization
Access-Control-Allow-Origin: http://localhost:5002
Date: Mon, 10 Dec 2018 08:05:30 GMT
Server: Kestrel
Vary: Origin
Accept: /
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,nl;q=0.8
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
Connection: keep-alive
Host: localhost:5001
Origin: http://localhost:5002
Referer: http://localhost:5002/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36

Request 2
Request URL: http://localhost:5001/Identity
Request Method: GET
Status Code: 200 OK
Remote Address: [::1]:5001
Referrer Policy: no-referrer-when-downgrade
Access-Control-Allow-Origin: http://localhost:5002
Content-Type: application/json; charset=utf-8
Date: Mon, 10 Dec 2018 08:05:31 GMT
Server: Kestrel
Transfer-Encoding: chunked
Vary: Origin
Accept: application/json
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,nl;q=0.8
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjJmNWMwOGFhYzdiN2Q1ZGIwNjkzZmI1YjA0MTA4ZDQ0IiwidHlwIjoiSldUIn0.eyJuYmYiOjE1NDQ0MjkxMTgsImV4cCI6MTU0NDQzMjcxOCwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo1MDAwIiwiYXVkIjpbImh0dHA6Ly9sb2NhbGhvc3Q6NTAwMC9yZXNvdXJjZXMiLCJ3YXBpIl0sImNsaWVudF9pZCI6ImpzMyIsInN1YiI6IjIiLCJhdXRoX3RpbWUiOjE1NDQ0Mjc3NTYsImlkcCI6ImxvY2FsIiwic2NvcGUiOlsicHJvZmlsZSIsIm9wZW5pZCIsIndhcGkiXSwiYW1yIjpbInB3ZCJdfQ.ZuzRSb8qDs-WWmwcJrCtl8aYyc_Zw8mzvEk6Y0QDb28lOe14DJDfQKC1KSvHTnLrb4y-09H-NVeVuAuiD0F3qj4SDkQe3F7KSY7hLXp3IsOyfdhod9Rzw2vwK0L343zeg9h-gdflPcpCa6P6rK2TS2ber6KKw9YrKUVQQMtqNPM_R87UJIu_F-pgnO8puqwhcthwt3Fh9qC0S3HK5lZUJ5w7nzaGbWpKNU0s2730s3ogrCuwHIDEnzZ46x7nfE4aBE0cpCbCAqHL0sIQzNl3CgzD8xMEFG28VOIsRFbFGgii9bAXucpGDQzUMxm72HknLf-lMXV7E_4__l54mJ_ymQ
Connection: keep-alive
Host: localhost:5001
Origin: http://localhost:5002
Referer: http://localhost:5002/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36

Looking at my implementation, which in code matches the fetch call that the example has, i only see one:

Request URL: http://localhost:5001/Identity
Request Method: GET
Status Code: 401 Unauthorized
Remote Address: [::1]:5001
Referrer Policy: no-referrer-when-downgrade
Access-Control-Allow-Origin: http://localhost:5004
Content-Length: 0
Date: Mon, 10 Dec 2018 07:59:36 GMT
Server: Kestrel
Vary: Origin
WWW-Authenticate: Bearer
Accept: /
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,nl;q=0.8
Connection: keep-alive
Host: localhost:5001
Origin: http://localhost:5004
Referer: http://localhost:5004/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36

My auth-config.ts:

var configForDevelopment = {
apiServerBaseAddress: 'http://localhost',
profileUrl: 'http://localhost:5000/connect/userinfo',
providers: {
identSrv: {
name: 'identSrv',
url: 'Token/Exchange',
authorizationEndpoint: 'http://localhost:5000/connect/authorize',
redirectUri: "http://localhost:5004/",
post_logout_redirect_uri: "http://localhost:5004",
scope: ['profile', 'openid', 'wapi'],
responseType: 'id_token token',
scopePrefix: '',
scopeDelimiter: ' ',
requiredUrlParams: ['scope', 'nonce'],
optionalUrlParams: ['display', 'state'],
state: function () {
var val = ((Date.now() + Math.random()) * Math.random()).toString().replace(".", "");
return encodeURIComponent(val);
},
display: 'popup',
type: '2.0',
clientId: 'js2',
nonce: function () {
var val = ((Date.now() + Math.random()) * Math.random()).toString().replace(".", "");
return encodeURIComponent(val);
},
popupOptions: { width: 452, height: 633 }
}
}
};

export default configForDevelopment;

client config within my identityserver4 Config.cs:

            // Aurelia Client identity server
            new Client
            {
                ClientId = "js2",
                ClientName = "aurelia Client",
                AllowedGrantTypes = GrantTypes.Implicit,
                AllowAccessTokensViaBrowser = true,

                RedirectUris =           { "http://localhost:5004/","http://localhost:5004" },
                PostLogoutRedirectUris = { "http://localhost:5004/" },
                AllowedCorsOrigins =     { "http://localhost:5004","http://localhost:5004/" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "wapi"
                }
            },

package.json from the aurelia client:

{
"name": "identityserveraureliaclient",
"description": "An Aurelia client application.",
"version": "0.1.0",
"repository": {
"type": "???",
"url": "???"
},
"license": "MIT",
"dependencies": {
"aurelia-animator-css": "^1.0.4",
"aurelia-bootstrapper": "^2.3.0",
"aurelia-polyfills": "^1.3.0",
"bluebird": "^3.5.2",
"aurelia-fetch-client": "^1.0.0-beta.1.1.0"
},
"peerDependencies": {},
"devDependencies": {
"@types/bluebird": "^3.5.24",
"@types/lodash": "^4.14.117",
"@types/node": "^10.11.6",
"@types/webpack": "^4.4.15",
"aurelia-cli": "^1.0.0-beta.7",
"aurelia-testing": "^1.0.0",
"aurelia-tools": "^2.0.0",
"aurelia-webpack-plugin": "^3.0.0",
"aurelia-auth": "^3.0.5",
"aurelia-authentication": "^3.8.2",
"copy-webpack-plugin": "^4.5.2",
"css-loader": "^1.0.0",
"del": "^3.0.0",
"duplicate-package-checker-webpack-plugin": "^3.0.0",
"expose-loader": "^0.7.5",
"file-loader": "^2.0.0",
"gulp": "^4.0.0",
"gulp-rename": "^1.4.0",
"html-loader": "^0.5.5",
"html-webpack-plugin": "^3.2.0",
"istanbul-instrumenter-loader": "^3.0.1",
"json-loader": "^0.5.7",
"mini-css-extract-plugin": "^0.4.3",
"minimatch": "^3.0.4",
"node-sass": "^4.9.3",
"nps": "^5.9.3",
"nps-utils": "^1.7.0",
"opn": "^5.4.0",
"sass-loader": "^7.1.0",
"style-loader": "^0.23.1",
"through2": "^2.0.3",
"ts-loader": "^5.2.1",
"ts-node": "^7.0.1",
"url-loader": "^1.1.1",
"vinyl-fs": "^3.0.3",
"webpack": "^4.20.2",
"webpack-bundle-analyzer": "latest",
"webpack-cli": "^3.1.2",
"webpack-dev-server": "^3.1.9"
},
"engines": {
"node": ">= 6.0.0"
},
"scripts": {
"start": "nps",
"test": "nps test"
},
"main": "dist/app.bundle.js",
"aurelia": {
"build": {
"resources": [
"aurelia-auth/auth-filter"
]
}
}
}

Kind regards,

Walter