diff --git a/npm/ng-packs/packages/core/src/lib/core.module.ts b/npm/ng-packs/packages/core/src/lib/core.module.ts index c74591d204..597e114d4a 100644 --- a/npm/ng-packs/packages/core/src/lib/core.module.ts +++ b/npm/ng-packs/packages/core/src/lib/core.module.ts @@ -43,9 +43,10 @@ import { coreOptionsFactory, CORE_OPTIONS } from './tokens/options.token'; import { noop } from './utils/common-utils'; import './utils/date-extensions'; import { getInitialData, localeInitializer } from './utils/initial-utils'; +import { oAuthStorage } from './strategies/auth-flow.strategy'; export function storageFactory(): OAuthStorage { - return localStorage; + return oAuthStorage; } /** diff --git a/npm/ng-packs/packages/core/src/lib/strategies/auth-flow.strategy.ts b/npm/ng-packs/packages/core/src/lib/strategies/auth-flow.strategy.ts index eb8dd5b3a2..2c10ba4c99 100644 --- a/npm/ng-packs/packages/core/src/lib/strategies/auth-flow.strategy.ts +++ b/npm/ng-packs/packages/core/src/lib/strategies/auth-flow.strategy.ts @@ -1,7 +1,7 @@ import { Injector } from '@angular/core'; import { Router } from '@angular/router'; import { Store } from '@ngxs/store'; -import { AuthConfig, OAuthService } from 'angular-oauth2-oidc'; +import { AuthConfig, OAuthService, OAuthStorage } from 'angular-oauth2-oidc'; import { Observable, of } from 'rxjs'; import { switchMap, tap } from 'rxjs/operators'; import { GetAppConfiguration } from '../actions/config.actions'; @@ -9,6 +9,8 @@ import { RestOccurError } from '../actions/rest.actions'; import { RestService } from '../services/rest.service'; import { ConfigState } from '../states/config.state'; +export const oAuthStorage = localStorage; + export abstract class AuthFlowStrategy { abstract readonly isInternalAuth: boolean; @@ -29,6 +31,12 @@ export abstract class AuthFlowStrategy { } async init(): Promise { + const shouldClear = shouldStorageClear( + this.store.selectSnapshot(ConfigState.getDeep('environment.oAuthConfig.clientId')), + oAuthStorage, + ); + if (shouldClear) clearOAuthStorage(oAuthStorage); + this.oAuthService.configure(this.oAuthConfig); return this.oAuthService.loadDiscoveryDocument().catch(this.catchError); } @@ -110,3 +118,34 @@ export const AUTH_FLOW_STRATEGY = { return new AuthPasswordFlowStrategy(injector); }, }; + +function clearOAuthStorage(storage: OAuthStorage) { + const keys = [ + 'access_token', + 'id_token', + 'refresh_token', + 'nonce', + 'PKCE_verifier', + 'expires_at', + 'id_token_claims_obj', + 'id_token_expires_at', + 'id_token_stored_at', + 'access_token_stored_at', + 'granted_scopes', + 'session_state', + ]; + + keys.forEach(key => storage.removeItem(key)); +} + +function shouldStorageClear(clientId: string, storage: OAuthStorage): boolean { + const key = 'abpOAuthClientId'; + if (!storage.getItem(key)) { + storage.setItem(key, clientId); + return false; + } + + const shouldClear = storage.getItem(key) !== clientId; + if (shouldClear) storage.setItem(key, clientId); + return shouldClear; +}