Description

We used the oidc-client-ts and would like to switch to this library. We have some custom eventargs (SigninRedirectArgs) we send with the oidc-client-ts -> userManager.signinRedirect().

currently our code looks like that:

    public async parameterizedLogin(state: any, value1:string, value2:string) {
            let extraParams: any = {
                myExtraParam1: value1,
                myExtraParam2: value2
            };
            let args: SigninRedirectArgs = <SigninRedirectArgs>{
                state: state,
                extraQueryParams: extraParams
            }
            await this.userManager.signinRedirect(args);
            return this.redirect();
    }

Proposed solution

Can we provide the SigninRedirectArgs paramater to the login method of the auth.service.ts?

Alternatives considered

No response

Can you please give me more details about your use case ?

Because this is something I was planning to do but got hold on to as there are edge cases I don't know how to manage.

The exposed login, logout, renew methods are the easiest to modify.
I've started a WIP PR for that, by adding new arguments to these methods.

But the following use cases are managed internally by the lib and I have no idea if I should also deal with possible arguments there:

auth-js

1. On desktop, when your application starts, the lib will check if an auth session already exists at the OP and retrieve it (ie. it will do a signinSilent) if retrieveUserSession: true was set. (This is by design as no tokens are stored on desktop for security reason).
   

   auth-js/projects/auth-js/oidc/oidc-auth-manager.ts

   Line 145 in f814bde

   await this.runSyncOrAsync(() => this.signinSilent()

2. If no session were found and loginRequired: true was set, then the lib will start a login process.
   

   auth-js/projects/auth-js/oidc/oidc-auth-manager.ts

   Line 151 in f814bde

   await this.login();

3. On mobile, when your application starts, the lib will start a login process if no user was found and loginRequired: true was set.
   

   auth-js/projects/auth-js/oidc/oidc-auth-manager.ts

   Line 168 in f814bde

   await this.login();

ngx-auth

4. With Angular, the lib will start a login process if you navigate to a route that has an AuthGuard and the user is not authenticated.
   

   auth-js/projects/ngx-auth/core/auth.guard.ts

   Line 86 in f814bde

   return from(this.authService.login({ redirectUrl }))

5. With Angular, the lib will start a login process if a 401 error is received and loginOn401: true was set.
   

   auth-js/projects/ngx-auth/core/auth.interceptor.ts

   Line 30 in f814bde

   void this.authService.login();

We have two use cases for this feature:

1. Confirm Account -> direct SignIn
   When a user creates a new account, we give them a confirm token and a link to a page, where they create a password. When they confirm that page, we send the ConfirmToken together with the new password into the manager.signinredirect() method. Our Authentication server handles theses parameters and automatically signs in the user -> redirects to the root of our application. It feels a little bit nasty but in the end it was a huge enhancement in our UX.

2. Switch User
   Our application handles groups of users in the style of Netflix or Spotifiy Family Accounts. We let users switch identities if they do have a valid token. We send the new UserID in manager.signinredirect() and our authentication server validates the token and checks if the current identity has access to the the new requested identity. Also this process seems a little nasty, but of all solutions we had by the time of the feature request, this was the most elegant.

I had a quick look at the commit and it looks like it would solve the cases I mentioned.

Thanks for the explanation.
The PR should get you covered.
I'll try to release it in the next 2 days.

🎉 Released in @badisi/ngx-auth@2.0.0-beta.17 📦🚀

🎉 Released in @badisi/auth-js@1.0.0-beta.13 📦🚀