Setting custom domain using Angular oAuthservice and Identity server 4

2
votes

We have Angular portal which communicates with identity server 4 and it works well with our own domain. We want to add support for custom domain and for that we are storing domain name in our database and whenever any angular portal link is opened, we grab the domain name from database and assign to authConfig as shown below:

Object.assign(authConfig, { issuer: domainNam });

this.oauthService.configure(authConfig);
this.oauthService.tokenValidationHandler = new JwksValidationHandler();
this.oauthService.loadDiscoveryDocumentAndTryLogin().then(() => {
  // .... rest of the code
});

It sets the domain name currently for issuer but it does not redirect to login page but instead it is showing me below error:

enter image description here

The link is made like this:

https://account.ourDomainName.io/connect/authorize?response_type=id_token%20token&client_id=WebApiImplicitClientId&state=OcTztAVWhhgJtfQYwXvJO3B9RD6rGkeKpQxM99ki&redirect_uri=https%3A%2F%2Fportal.ourDomainName.io%2Fauth-callback&scope=openid%20profile%20email%20aitapi&nonce=OcTztAVWhhgJtfQYwXvJO3B9RD6rGkeKpQxM99ki

What is going wrong here?

If issuer is not set then it works fine but when I dynamically set issuer, it is creating this problem.

authConfig is as below:

export const authConfig: AuthConfig = {  
  // Url of the Identity Provider
  issuer: environment.identityServer.authority,    
  // URL of the SPA to redirect the user to after login
  redirectUri: window.location.origin + "/auth-callback",
  // The SPA's id. The SPA is registerd with this id at the auth-server
  clientId: environment.identityServer.client_id,
  // set the scope for the permissions the client should request
  // The first three are defined by OIDC. The 4th is a usecase-specific one
  scope: environment.identityServer.scope,
  logoutUrl: environment.identityServer.authority + '/Account/Logout',
}
1
angularasp.net-web-apioauthidentityserver4
Perhaps the answer here may help you.user4864425
Hi thanks but this is not something I am looking for :|Neel
What error do you get, if any, from identity server 4?cheesemacfly
@cheesemacfly - Error says: Sorry, there was an error : unauthorized_clientNeel
@Neel you need to figure out why you're getting this error and it should help with your problem.cheesemacfly

1 Answers

2
votes

Here are few points which you can take care to resolve :

1) issuer -> The authorization server's issuer identifier // Should not create any issue even if read from the current environment file, make sure appropriate key is set in respective environment

2) redirectUri -> Your redirect url // make sure this callback is configured in the Identity Manager, this could be one of the reason

3) Authorization headers -> I believe you are already passing the secret key from web server, headsup for good practice

Now finally,

Object.assign(authConfig, { issuer: domainNam }); // step 1

this.oauthService.configure(authConfig); // step 2

For the above code, make sure you are awaiting at step 1 if reading domain name from server, and then feeding to step 2

I believe as stated by you it doesn't work only when set dynamically, with above considerations your auth should work.