MSAL Angular 7:密码重置实现
MSAL Angular 7: Password Reset Implementation
我正在使用此 MSAL 库 (https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angular) 进行身份验证。
密码重置我的代码如下:
// app.component.ts
constructor(private authService: MsalService)
{
if (this.forgotPassword()) {
this.navigateToForgotPassword();
} else {
this.authService
.acquireTokenSilent(MsalHelperService.getMsalConfigurationSettingValue('consentScopes'))
.then(token => {
if (this.authService.getUser()) {
this.userService.setLoggedIn(true);
this.navigateToLandingPage();
} else {
this.userService.setLoggedIn(false);
this.login();
}
})
.catch(error => {
this.userService.setLoggedIn(false);
this.login();
});
}
...
}
// Determine if user clicked "Forgot Password"
forgotPassword() {
const storage = this.authService.getCacheStorage();
const authError: string = storage.getItem('msal.login.error') ? storage.getItem('msal.login.error') : null;
if (authError && authError.indexOf('AADB2C90118') > -1) {
return true;
}
return false;
}
navigateToForgotPassword() {
this.authService.authority = this.authService.authority.replace('b2c_1a_signupsignin', 'b2c_1a_passwordreset');
this.authService.loginRedirect(MsalHelperService.getMsalConfigurationSettingValue('consentScopes'));
}
到目前为止一切正常。
密码重置后,用户被引导回 app.component,然后调用 loginRedirect() 以显示登录表单。
在 return 到 app.component 上记录了以下错误:
"Refused to display 'https://...signupsignin/' in a frame because it set 'X-Frame-Options' to 'deny'".
理想情况下,我希望用户在密码重置后自动登录。
请告知这是否完全可行,或者至少告诉我如何在不修改 MSAL 库的情况下消除上述错误。
自动登录仍然是一个问题,但我通过在 loginSuccess 上注销解决了这个错误。
this.loginSuccessSubscription = this.broadcastService.subscribe('msal:loginSuccess', payload => {
// Temporary solution to avoid 'X-Frame-Options' error on password reset. MSAL not yet supporting auto-login after password reset.
if (this.resetPassword()) {
this.logout();
}
...
});
// Check claim
resetPassword() {
return document.referrer.toLowerCase().indexOf('b2c_1a_passwordreset') > -1;
}
我根据你的回答做了类似的事情:
if (payload._errorDesc && payload._errorDesc.indexOf('AADB2C90118') !== -1) {
console.log('Set recovery flow to true');
console.log('Redirecting to password recovery page');
localStorage.setItem('custom.recovery.password.flow', 'true');
msalService.authority = `https://login.microsoftonline.com/tfp/${environment.tenant}/b2c_1_reset_password/v2.0/`;
msalService.loginRedirect();
}
});
this.broadcastService.subscribe('msal:loginSuccess', payload => {
if(localStorage.getItem('custom.recovery.password.flow') === 'true'){
console.log('Set recovery to false');
console.log('Redirecting to login page');
localStorage.setItem('custom.recovery.password.flow', 'false');
msalService.logout();
}
});
我正在使用此 MSAL 库 (https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/lib/msal-angular) 进行身份验证。
密码重置我的代码如下:
// app.component.ts
constructor(private authService: MsalService)
{
if (this.forgotPassword()) {
this.navigateToForgotPassword();
} else {
this.authService
.acquireTokenSilent(MsalHelperService.getMsalConfigurationSettingValue('consentScopes'))
.then(token => {
if (this.authService.getUser()) {
this.userService.setLoggedIn(true);
this.navigateToLandingPage();
} else {
this.userService.setLoggedIn(false);
this.login();
}
})
.catch(error => {
this.userService.setLoggedIn(false);
this.login();
});
}
...
}
// Determine if user clicked "Forgot Password"
forgotPassword() {
const storage = this.authService.getCacheStorage();
const authError: string = storage.getItem('msal.login.error') ? storage.getItem('msal.login.error') : null;
if (authError && authError.indexOf('AADB2C90118') > -1) {
return true;
}
return false;
}
navigateToForgotPassword() {
this.authService.authority = this.authService.authority.replace('b2c_1a_signupsignin', 'b2c_1a_passwordreset');
this.authService.loginRedirect(MsalHelperService.getMsalConfigurationSettingValue('consentScopes'));
}
到目前为止一切正常。
密码重置后,用户被引导回 app.component,然后调用 loginRedirect() 以显示登录表单。
在 return 到 app.component 上记录了以下错误:
"Refused to display 'https://...signupsignin/' in a frame because it set 'X-Frame-Options' to 'deny'".
理想情况下,我希望用户在密码重置后自动登录。
请告知这是否完全可行,或者至少告诉我如何在不修改 MSAL 库的情况下消除上述错误。
自动登录仍然是一个问题,但我通过在 loginSuccess 上注销解决了这个错误。
this.loginSuccessSubscription = this.broadcastService.subscribe('msal:loginSuccess', payload => {
// Temporary solution to avoid 'X-Frame-Options' error on password reset. MSAL not yet supporting auto-login after password reset.
if (this.resetPassword()) {
this.logout();
}
...
});
// Check claim
resetPassword() {
return document.referrer.toLowerCase().indexOf('b2c_1a_passwordreset') > -1;
}
我根据你的回答做了类似的事情:
if (payload._errorDesc && payload._errorDesc.indexOf('AADB2C90118') !== -1) {
console.log('Set recovery flow to true');
console.log('Redirecting to password recovery page');
localStorage.setItem('custom.recovery.password.flow', 'true');
msalService.authority = `https://login.microsoftonline.com/tfp/${environment.tenant}/b2c_1_reset_password/v2.0/`;
msalService.loginRedirect();
}
});
this.broadcastService.subscribe('msal:loginSuccess', payload => {
if(localStorage.getItem('custom.recovery.password.flow') === 'true'){
console.log('Set recovery to false');
console.log('Redirecting to login page');
localStorage.setItem('custom.recovery.password.flow', 'false');
msalService.logout();
}
});