Open
Description
What Version of the library are you using?
18.0.2
...
Question
After calling authorize(), page reload, but not redirect on login page (which stands on https://login.singlepageappdomain.app). In browser network inspect I see only that network call to https://login.singlepageappdomain.app/.well-known/openid-configuration is canceled. And page back to previous page on main domain (angular app stands on https://singlepageappdomain.app).
In console i see only:
[DEBUG] 0-parkme-client - BEGIN Authorize OIDC Flow with popup, no auth data
XHR failed loading: GET "https://login.singlepageappdomain.app/.well-known/openid-configuration".
Navigated to https://singlepageappdomain.app/
My config:
config: {
authority: "https://login.singlepageappdomain.app",
redirectUrl: window.location.origin + "/home",
postLogoutRedirectUri: window.location.origin + "/",
clientId: 'singlepage-client',
scope: 'openid',
responseType: 'code',
customParamsCodeRequest: {
client_secret: 'secret'
},
silentRenew: true,
// silentRenewUrl:
useRefreshToken: false,
ignoreNonceAfterRefresh: false,
triggerRefreshWhenIdTokenExpired: true,
renewTimeBeforeTokenExpiresInSeconds: 10,
silentRenewUrl: window.location.origin + "/silentrenew",
autoUserInfo: false,
logLevel: LogLevel.Debug
}
CORS should also should be ok, I try it with:
curl 'https://login.singlepageappdomain.app/.well-known/openid-configuration' \
-H 'cache-control: no-cache' \
-H 'origin: https://singlepageappdomain.app' \
-H 'pragma: no-cache' \
-H "Access-Control-Request-Method: GET" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-H "Access-Control-Request-Headers: X-Requested-With" \
-H 'sec-gpc: 1' \
-X OPTIONS --verbose
and get:
* Host login.singlepageappdomain.app:443 was resolved.
* IPv6: (none)
* IPv4: 55.55.555.55
* Trying 55.55.555.55:443...
* Connected to login.singlepageappdomain.app (55.55.555.55) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256 / [blank] / UNDEF
* ALPN: server accepted h2
* Server certificate:
* subject: CN=singlepageappdomain.app
* start date: Jan 16 07:58:26 2025 GMT
* expire date: Apr 16 07:58:25 2025 GMT
* subjectAltName: host "login.singlepageappdomain.app" matched cert's "login.singlepageappdomain.app"
* issuer: C=US; O=Let's Encrypt; CN=R11
* SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://login.singlepageappdomain.app/.well-known/openid-configuration
* [HTTP/2] [1] [:method: OPTIONS]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: login.singlepageappdomain.app]
* [HTTP/2] [1] [:path: /.well-known/openid-configuration]
* [HTTP/2] [1] [user-agent: curl/8.7.1]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [cache-control: no-cache]
* [HTTP/2] [1] [origin: https://singlepageappdomain.app]
* [HTTP/2] [1] [pragma: no-cache]
* [HTTP/2] [1] [access-control-request-method: GET]
* [HTTP/2] [1] [access-control-request-headers: X-Requested-With]
* [HTTP/2] [1] [access-control-request-headers: X-Requested-With]
* [HTTP/2] [1] [sec-gpc: 1]
> OPTIONS /.well-known/openid-configuration HTTP/2
> Host: login.singlepageappdomain.app
> User-Agent: curl/8.7.1
> Accept: */*
> cache-control: no-cache
> origin: https://singlepageappdomain.app
> pragma: no-cache
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
> Access-Control-Request-Headers: X-Requested-With
> sec-gpc: 1
>
* Request completely sent off
< HTTP/2 200
< vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
< access-control-allow-origin: https://singlepageappdomain.app
< access-control-allow-methods: GET,POST,PUT,DELETE
< access-control-allow-headers: X-Requested-With, X-Requested-With
< access-control-allow-credentials: true
< x-content-type-options: nosniff
< x-xss-protection: 0
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< pragma: no-cache
< expires: 0
< strict-transport-security: max-age=31536000 ; includeSubDomains
< x-frame-options: DENY
< content-security-policy: *
< content-length: 0
< date: Thu, 23 Jan 2025 20:54:06 GMT
< x-envoy-upstream-service-time: 3
< server: istio-envoy
<
* Connection #0 to host login.singlepageappdomain.app left intact