refactor(auth): clean up login and logout logic
Some checks failed
Some checks failed
This commit is contained in:
parent
9de08ab233
commit
0e1946d190
GPG key ID:
B9F475106B20F144
2 changed files with 19 additions and 19 deletions
|
|
@ -17,13 +17,7 @@ export default class LoginSuccessComponent implements OnInit {
|
|||
private router: Router = inject(Router);
|
||||
|
||||
async ngOnInit() {
|
||||
|
||||
try {
|
||||
// Handle code flow without throwing errors
|
||||
const success = await this.oauthService.loadDiscoveryDocumentAndTryLogin();
|
||||
|
||||
// If we have a valid access token, the user should be loaded in AuthService
|
||||
const user = this.authService.getUser();
|
||||
|
||||
// Check if we're authenticated
|
||||
if (this.oauthService.hasValidAccessToken()) {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import { UserService } from './user.service';
|
|||
import { User } from '../model/User';
|
||||
import { Router } from '@angular/router';
|
||||
import { environment } from '../../environments/environment';
|
||||
import { catchError, from, of, tap } from 'rxjs';
|
||||
import { catchError, from, of } from 'rxjs';
|
||||
|
||||
@Injectable({
|
||||
providedIn: 'root',
|
||||
|
|
@ -17,6 +17,10 @@ export class AuthService {
|
|||
scope: `openid email profile ${environment.OAUTH_CLIENT_ID}`,
|
||||
responseType: 'code',
|
||||
redirectUri: window.location.origin + '/auth/callback',
|
||||
// Important - use empty post logout redirect URI to prevent auto-redirect
|
||||
postLogoutRedirectUri: '',
|
||||
// Don't use redirect URI as fallback for post logout
|
||||
redirectUriAsPostLogoutRedirectUriFallback: false,
|
||||
oidc: true,
|
||||
requestAccessToken: true,
|
||||
// Explicitly set token endpoint since discovery is failing
|
||||
|
|
@ -60,7 +64,7 @@ export class AuthService {
|
|||
// Try to exchange the authorization code for tokens
|
||||
this.oauthService
|
||||
.tryLogin({
|
||||
onTokenReceived: (context) => {
|
||||
onTokenReceived: () => {
|
||||
// Manually create a token_received event
|
||||
this.handleSuccessfulLogin();
|
||||
},
|
||||
|
|
@ -75,7 +79,6 @@ export class AuthService {
|
|||
this.oauthService
|
||||
.loadDiscoveryDocumentAndTryLogin()
|
||||
.then((isLoggedIn) => {
|
||||
|
||||
if (isLoggedIn && !this.user) {
|
||||
this.handleSuccessfulLogin();
|
||||
}
|
||||
|
|
@ -87,16 +90,13 @@ export class AuthService {
|
|||
|
||||
private setupEventHandling() {
|
||||
this.oauthService.events.subscribe((event: OAuthEvent) => {
|
||||
|
||||
if (event.type === 'token_received') {
|
||||
this.handleSuccessfulLogin();
|
||||
} else if (event.type === 'token_refresh_error' || event.type === 'token_expires') {
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private handleSuccessfulLogin() {
|
||||
|
||||
// Extract claims from id token if available
|
||||
const claims = this.oauthService.getIdentityClaims();
|
||||
|
||||
|
|
@ -110,7 +110,6 @@ export class AuthService {
|
|||
try {
|
||||
from(this.oauthService.loadUserProfile())
|
||||
.pipe(
|
||||
tap((profile) => {}),
|
||||
catchError((error) => {
|
||||
console.error('Error loading user profile:', error);
|
||||
// If we can't load the profile but have a token, create a minimal profile
|
||||
|
|
@ -188,13 +187,20 @@ export class AuthService {
|
|||
logout() {
|
||||
try {
|
||||
this.user = null;
|
||||
|
||||
|
||||
// Prevent redirect to Authentik by doing a local logout only
|
||||
// Instead of using oauthService.logOut() which redirects to the provider
|
||||
|
||||
// Clear tokens from storage
|
||||
this.oauthService.logOut(false); // logOut(false) prevents redirect
|
||||
|
||||
|
||||
// Clear tokens from storage without redirecting
|
||||
// The parameter noRedirectToLogoutUrl=true prevents redirect to the identity provider
|
||||
this.oauthService.logOut(true); // true means: don't redirect to Authentik logout page
|
||||
|
||||
// Override any post-logout redirect URI that might be configured
|
||||
if (window.location.href.includes('id_token') || window.location.href.includes('logout')) {
|
||||
// If we somehow ended up at a logout URL, redirect back to the app
|
||||
window.location.href = window.location.origin;
|
||||
}
|
||||
|
||||
// Clear any lingering tokens manually
|
||||
localStorage.removeItem('access_token');
|
||||
localStorage.removeItem('id_token');
|
||||
|
|
@ -202,7 +208,7 @@ export class AuthService {
|
|||
sessionStorage.removeItem('access_token');
|
||||
sessionStorage.removeItem('id_token');
|
||||
sessionStorage.removeItem('refresh_token');
|
||||
|
||||
|
||||
// Navigate to landing page
|
||||
this.router.navigate(['/']);
|
||||
} catch (err) {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue