当前位置: 文江博客 话题详情

OIDC客户端中的iframe会话问题

发布于 2025-02-05 05:10:09 字数 1720 浏览 2 评论 0 原文

我在我的Angular应用程序中使用OIDC客户端和WSO2 API Manager 3.2.0。一切正常,直到我登录。

首先,我从一个选项卡中登录应用程序,然后在成功登录后重复该选项卡。 之后,当我从一个选项卡上注销时,其他选项卡也应登录,但不会发生。我已经创建了一个iframe,并不断检查下面的会话。

.ts文件:

  baseUrl = new URL(window.location.href);
  callbackURI = this.baseUrl.origin + '/slate/dashboard';

  checkSessionURL = this.sanitizer.bypassSecurityTrustResourceUrl('https://localhost:9443/oidc/checksession' + '?client_id='
            + localStorage.getItem('client_id') + '&redirect_uri=' + this.callbackURI);

  constructor(private sanitizer: DomSanitizer, private authService: AuthService) {
  }

  ngOnInit(): void {
  }

  ngAfterViewInit(): void {
    if (this.authService.isLoggedUser()) {
      this.checkSession();
    }
  }

  isIFrame = (input: HTMLElement | null): input is HTMLIFrameElement =>
    input !== null && input.tagName === 'IFRAME'

  /**
   * Invoke check session OIDC endpoint.
   */
  checkSession(): void {
    setInterval(() => {
      const msg = localStorage.getItem('client_id') + ' ' + localStorage.getItem('sessionState');
      const frame = document.getElementById('iframeOP');
      if (this.isIFrame(frame) && frame.contentWindow) {
        frame.contentWindow.postMessage(msg, 'https://localhost:9443/oidc/checksession');
      }
    }, 3000);
  }

.html文件:

<iframe
  title='iframeOP'
  id='iframeOP'
  [src]="checkSessionURL"
></iframe>

刷新重复选项卡后,我得到了。

https:// localhost:9443/authenticationEndpoint/oauth2_error.do?oautherrorcode = access_denied&amp; oautherRormsg = error+error+发生++从+id+doken中提取+data+data+data+data+dogken。

但是,重复的选项卡中的登录应自动发生。如果有人能提供帮助,我很感激。

原文

I'm using OIDC Client and WSO2 API Manager 3.2.0 in my angular application for authentication. Everything works fine until I hit log out.

First, I log into the application from one tab and then duplicate that tab after a successful login. After that, when I log out from one tab, other tabs also should be logged out, but it does not happen. I have created an iframe and constantly check the session as below.

.ts file:

  baseUrl = new URL(window.location.href);
  callbackURI = this.baseUrl.origin + '/slate/dashboard';

  checkSessionURL = this.sanitizer.bypassSecurityTrustResourceUrl('https://localhost:9443/oidc/checksession' + '?client_id='
            + localStorage.getItem('client_id') + '&redirect_uri=' + this.callbackURI);

  constructor(private sanitizer: DomSanitizer, private authService: AuthService) {
  }

  ngOnInit(): void {
  }

  ngAfterViewInit(): void {
    if (this.authService.isLoggedUser()) {
      this.checkSession();
    }
  }

  isIFrame = (input: HTMLElement | null): input is HTMLIFrameElement =>
    input !== null && input.tagName === 'IFRAME'

  /**
   * Invoke check session OIDC endpoint.
   */
  checkSession(): void {
    setInterval(() => {
      const msg = localStorage.getItem('client_id') + ' ' + localStorage.getItem('sessionState');
      const frame = document.getElementById('iframeOP');
      if (this.isIFrame(frame) && frame.contentWindow) {
        frame.contentWindow.postMessage(msg, 'https://localhost:9443/oidc/checksession');
      }
    }, 3000);
  }

.HTML file:

<iframe
  title='iframeOP'
  id='iframeOP'
  [src]="checkSessionURL"
></iframe>

After refreshing the duplicate tab, I'm getting this.

https://localhost:9443/authenticationendpoint/oauth2_error.do?oauthErrorCode=access_denied&oauthErrorMsg=Error+occurred+while+extracting+data+from+id+token.

But, the log out in duplicated tabs should happen automatically. I appreciate if anyone could help.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

后知后觉 2025-02-12 05:10:09

您需要在选项卡之间共享 logout event(并调用注销功能)。建议的实现:您的水疗中心(每个选项卡)需要使用浏览器外部logout 布尔值设置/docs/web/api/web_storage_api“ rel =“ nofollow noreferrer”>存储api 参考)。更现代的实现可以使用

You need to share logout event (and invoke logout function) between tabs. Suggested implementation: your SPA (each tab) needs to watch an external-logout boolean setting in local storage, using the browser Storage API (reference). More modern implementation may use Broadcast Channel API to broadcast logout event between tabs.

回复 原文
木緿 2025-02-12 05:10:09

从您共享的代码中,您的单个注销逻辑似乎不完整。您已经实现了逻辑,仅向iframe发布消息。但是,如果您还听过iframe对您的消息的响应,最好是最好的。

您可能会收到“更改”,“不变”或“错误”作为响应。如果收到“错误”,则需要将用户签名。

如果您获得“更改”,则需要在另一个带有附加查询参数 stript = none 的IFRAME内发送授权调用。

如果您在响应中获取授权代码,则意味着用户已登录。因此,您需要更新响应中存储的会话状态参数。

如果您没有获得授权代码,则意味着用户已登录,因此您必须将用户登录。

如果消息显示“不变”,那么您无需做任何事情。

为了简化事情,您可以使用我们的 angular sdk 开箱即用的东西。

From the code you have shared, it seems like your single logout logic is incomplete. You have implemented the logic only to post a message to the iframe. However, it would be best if you also listened to the iframe for its response to your message.

You may receive "changed", "unchanged", or "error" as a response. If you receive "error", then you need to sign the user out.

If you get "changed", then you need to send an authorization call within another iframe with an additional query parameter prompt=none.

If you get an authorization code in response, then that means the user is logged in. So, you need to update the session state parameter that you have stored with the one in the response.

If you don't get an authorization code, then that means the user is logged out, so you will have to log the user out.

If the message says "unchanged", then you need not do anything.

To simplify things, you can use our Angular SDK, which takes care of these things for you right out of the box.

回复 原文
~没有更多了~

关于作者

や莫失莫忘

暂无简介

文章
评论
29 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

十二

文章 0 评论 0

飞烟轻若梦

文章 0 评论 0

OPleyuhuo

文章 0 评论 0

wxb0109

文章 0 评论 0

旧城空念

文章 0 评论 0

-小熊_

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文