"Mehmet" 'in aktiviteleri

Hi,

In Angular side, we've used the angular-oauth2-oidc package to manage authorization code flow. As I know, there is no such package for the React Native. I do not know how can you achieve that but I can briefly explain the how code flow works:

1. We execute initCodeFlow method of the OAuthService to navigate user to login page.
2. OAuthService redirects to the IDS's page (url is like this: https://localhost:44305/connect/authorize?response_type=code&client_id=MyProjectName_App&state=R0xMQzR-NnkwbVgxMm8tOHozNVNLN2J5ZzBNfmN0eWxKQnloSUtIR2guWFFn&redirect_uri=https://commercial-demo.abp.io/index.html&scope=openid%20AbpCommercialDemo&code_challenge=coxrGgGtjvVVsX-ZrC3UU8nh9i1iUaUNKUXmcbKy3Yg&code_challenge_method=S256&nonce=R0xMQzR-NnkwbVgxMm8tOHozNVNLN2J5ZzBNfmN0eWxKQnloSUtIR2guWFFn)
3. IDS redirects to login page (url is like this: https://localhost:44305/Account/Login?ReturnUrl=/connect/authorize/callback?response_type=code&client_id=MyProjectName_App&state=R0xMQzR-NnkwbVgxMm8tOHozNVNLN2J5ZzBNfmN0eWxKQnloSUtIR2guWFFn&redirect_uri=https%3A%2F%2Fcommercial-demo.abp.io%2Findex.html&scope=openid%20AbpCommercialDemo&code_challenge=coxrGgGtjvVVsX-ZrC3UU8nh9i1iUaUNKUXmcbKy3Yg&code_challenge_method=S256&nonce=R0xMQzR-NnkwbVgxMm8tOHozNVNLN2J5ZzBNfmN0eWxKQnloSUtIR2guWFFn)
4. If login is successfull, IDS redirects to Angular app back (redirection url: http://localhost:4200?code=94DFAD919F8645959A13EC08E79636DEE658ECB11D3D654F8D0DEAC7BC14E605&scope=openid%20MyProjectName&state=R0xMQzR-NnkwbVgxMm8tOHozNVNLN2J5ZzBNfmN0eWxKQnloSUtIR2guWFFn&session_state=Hp45_ZHnuI2DJvBHfiqDilY-900FQmYAchPNm08yJ4o.6689B8D57ADA3BA44B02B792137710FA)
5. angular-oauth2-oidc package performs a POST request: URL: https://localhost:44305/connect/token Body (form data): grant_type=authorization_code&code=94DFAD919F8645959A13EC08E79636DEE658ECB11D3D654F8D0DEAC7BC14E605&redirect_uri=https://commercial-demo.abp.io/index.html&code_verifier=U2Q1eExVY2I2ODVkQXZSY2VmeGFIZ3FxUXlfeFRRaU0ubFloRmFPSFdYTWFR&client_id=MyProjectName_App Response: {"id_token":"id token shortened for brevity","access_token":"access token shortened for brevity","expires_in":31536000,"token_type":"Bearer","scope":"openid AbpCommercialDemo"}

You should examine the angular-oauth2-oidc package's source code for the details.

Hello,

The problem is related to @ng-bootstrap/ng-bootstrap package. We're working on this. You can follow this issue: https://github.com/abpframework/abp/issues/10743

I'll notify you when the problem is resolved. Thanks!

Please see the comment below to fix problem temporarily: https://github.com/abpframework/abp/issues/10743#issuecomment-981394068

Hello @talhazengin

We've created an internal issue. We'll let you know when it is resolved. Thanks for the repoting!

Hello,

It is already done: https://github.com/abpframework/abp/commit/86b8f952eecfc6a109ab91e1bf39983b50e7c9f6#diff-835f2b3fd6817076674e0a6599617b07b015b34849235b20017ee0601206a3b8

You need to update your project to v4.4.4 at least. Thanks!

Here is the guide for custom login & register pages for v4.4+: https://gist.github.com/mehmet-erim/dac82931935a465a48802447de501032

Hi,

For some technical reasons, we have used innerHtml for the columns of the extensible table component. No vulnerability in this case. You cannot inject any script. Angular sanitizes it by default.

Thanks!

Hello,

It seems a problem. Can you share the access token and refresh token response?

We use theangular-ouath2-oidc package for the authentication. So this problem is related to this package. Downgrading the RxJS version to v6 may be fixed the problem if you use RxJS 7. If the problem will not resolve, please provide the steps to reproduce in detail.

can we expect a fix for this problem in the upcoming update?

I don't know, you can report that by creating an issue to angular-ouath2-oidc repo. The problem should be fixed by the package authors.

Thanks!