chore: prepare 9.1 release

CHANGELOG.md

@@ -1,7 +1,5 @@
 # Changelog
 
-All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
-
 ## 9.1.0 (2020-03-23)
 
 
@@ -26,4 +24,8 @@ All notable changes to this project will be documented in this file. See [standa
 * run tokensetup outside ngzone ([07bb62d](https://github.com/manfredsteyer/angular-oauth2-oidc/commit/07bb62d06abb84ef2da010977d07bfd2a3805b16))
 * typo ([3d331f2](https://github.com/manfredsteyer/angular-oauth2-oidc/commit/3d331f2166340db43f0aaca42ce8abc4913cd027))
 
-### [9.0.2](https://github.com/manfredsteyer/angular-oauth2-oidc/compare/v9.0.1...v9.0.2) (2020-03-23)
+### Thanks
+
+Big Thanks to all contributers: Brecht Carlier, Daniel Moos, Jie Lin, Manfred Steyer, Phil McCloghry-Laing, robin labat, vdveer
+
+Also, big thanks to jeroenheijmans for doing an awesome job with moderating and analyzing the issues!

docs/additional-documentation/popup-based-login.html

@@ -55,6 +55,9 @@ <h1 id="logging-in-with-a-popup">Logging in With a Popup</h1>
 <li>Create and configure a <code>silent-refresh.html</code> as described <a href="./silent-refresh.html">here</a> *.</li>
 </ul>
 <p>* Please note this does not mean that you have to use silent refresh too.</p>
+<p>Also, for your <code>silent-regfesh.html</code>, make sure you are also targeting
+<code>window.opener</code> and fall back to <code>window.parent</code>:</p>
+<p><strong>Please note</strong>: IE sets opener to null under specific security settings. This prevents making this work.</p>
 
                    </div><div class="search-results">
     <div class="has-results">

docs/additional-documentation/session-checks.html

@@ -69,7 +69,10 @@ <h2 id="configuration">Configuration</h2>
 
   // Activate Session Checks:
   sessionChecksEnabled: true,
-}</code></pre></div><h2 id="events">Events</h2>
+}</code></pre></div><h2 id="refresh">Refresh</h2>
+<p>Please note that the lib performs a token refresh when the session changes to get the newest information about the current session. When using implicit flow, this means you have to configure <a href="./silent-refresh.html">silent refresh</a>; when using code flow you either need silent refresh or a <a href="./refreshing-a-token.html">refresh token</a>.</p>
+<p>If using refresh tokens, your Auth Server needs to bind them to the current session&#39;s lifetime. Unfortunately, the used version of Identity Server 4, shown in the docs and in the example applications, does not support this at the moment.</p>
+<h2 id="events">Events</h2>
 <p>To get notified, you can hook up for the event <code>session_terminated</code>:</p>
 <div><pre class="line-numbers"><code class="language-TypeScript">this.oauthService.events.pipe(filter(e =&gt; e.type === &#39;session_terminated&#39;)).subscribe(e =&gt; {
   console.debug(&#39;Your session has been terminated!&#39;);

docs/additional-documentation/silent-refresh.html

@@ -88,6 +88,26 @@ <h2 id="refreshing-when-using-implicit-flow-implicit-flow-and-code-flow">Refresh
         (window.opener || window.parent).postMessage(location.hash || (&#39;#&#39; + location.search), location.origin);
     &lt;/script&gt;
 &lt;/body&gt;
+&lt;/html&gt;</code></pre></div><p>This simple implementation within silent-refresh.html is sufficient in most cases. It takes care of the hash fragment as well as of the query string (property search). For <strong>edge cases</strong> you need to check if the received hash fragment is a token response. For this, please go with the following <strong>more advanced implementation</strong>:</p>
+<div><pre class="line-numbers"><code class="language-html">&lt;html&gt;
+    &lt;body&gt;
+        &lt;script&gt;
+            var checks = [/[\?|&amp;|#]code=/, /[\?|&amp;|#]error=/, /[\?|&amp;|#]token=/, /[\?|&amp;|#]id_token=/];
+
+            function isResponse(str) {
+                var count = 0;
+                if (!str) return false;
+                for(var i=0; i&lt;checks.length; i++) {
+                    if (str.match(checks[i])) return true;
+                }
+                return false;
+            }
+
+            var message = isResponse(location.hash) ? location.hash : &#39;#&#39; + location.search;
+
+            (window.opener || window.parent).postMessage(message, location.origin);
+        &lt;/script&gt;
+    &lt;/body&gt;
 &lt;/html&gt;</code></pre></div><p>Please make sure that this file is copied to your output directory by your build task. When using the CLI you can define it as an asset for this. For this, you have to add the following line to the file <code>.angular-cli.json</code>:</p>
 <div><pre class="line-numbers"><code class="language-JSON">&quot;assets&quot;: [
     [...],

docs/changelog.html

@@ -30,15 +30,31 @@
                <div class="content getting-started">
                    <div class="content-data">
 
-<h1 id="change-log">Change Log</h1>
-<h2 id="lates-features">Lates features</h2>
-<p>See <a href="https://github.com/manfredsteyer/angular-oauth2-oidc/releases">Release Notes</a> for details on each release.</p>
-<h2 id="older-versions">Older versions</h2>
-<p>Since Angular 5, versions of this library matched up with the Angular version.
-So versions 5.x were released while Angular 5 was out, the 6.x versions during Angular 6, etc.
-If you need to support a specific old version of Angular, you can consider using a version of the library that lines up.</p>
-<p>For older release notes check the repository version history, or above-linked release notes.
-For even older versions, check out <a href="https://github.com/manfredsteyer/angular-oauth2-oidc/blob/5d676101c6118d6fa01bfa05b17fb4a58490eaf7/CHANGELOG.md">the old change log</a>.</p>
+<h1 id="changelog">Changelog</h1>
+<h2 id="910-2020-03-23">9.1.0 (2020-03-23)</h2>
+<h3 id="features">Features</h3>
+<ul>
+<li>remove jsrsasign dependancy (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/77cb37abfd08762a59b221257ed8d5d5b7c795d4">77cb37a</a>)</li>
+<li>Upgrade to angular 8 (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/31c6273b388af7e796a9ad663e346f1e33ff331c">31c6273</a>)</li>
+<li><strong>automatic silent refresh:</strong> stopAutomaticRefresh stops all timers. (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/8ab853bf38dd162060d7b6cbd18f7b4fd5a84f18">8ab853b</a>)</li>
+<li><strong>code-flow:</strong> allow using implicit flow by setting useSilentRefresh to true (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/93902a5808bb9b75a41d4bde44c6ab763bcfa9f6">93902a5</a>)</li>
+<li><strong>sample:</strong> also use new idsvr 4 for implicit flow demo to prevent issues with same site cookies (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/58c63541bc7d83d72c30577da2b68ac2d1dc35b7">58c6354</a>)</li>
+<li><strong>session checks:</strong> Session checks work now for code flow too. Pls see Docs for details. (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/4bf89014d8cc5d50ed716500e3f3ad265b4ae2db">4bf8901</a>)</li>
+</ul>
+<h3 id="bug-fixes">Bug Fixes</h3>
+<ul>
+<li><strong>code flow:</strong> Fixed code flow for IE 11 (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/0f03d393aac9fe4e26444a73884dd154318d530f">0f03d39</a>)</li>
+<li><strong>sample:</strong> use hash-based routing (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/3f44ecae157305c56ae377fcd6d2df8dfde8adf5">3f44eca</a>)</li>
+<li><strong>session state:</strong> save session_state also when using code flow (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/8fa99ff721ea2b08f28bc5e9fa3e48a459e2a59a">8fa99ff</a>)</li>
+<li><strong>state:</strong> passing an url with a querystring as the state, e. g. url?x=1 (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/71b705cb5105f6dfb49aabc55607745b881c5dc3">71b705c</a>)</li>
+<li><a href="https://github.com/manfredsteyer/angular-oauth2-oidc/issues/687">#687</a> (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/e2599e071307ae1efe1592c83bb3b7a01642a61d">e2599e0</a>)</li>
+<li>missing HttpModule dependency (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/7eac8ae5cd1fd549f3933c30790f4b802c2c09f0">7eac8ae</a>)</li>
+<li>run tokensetup outside ngzone (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/07bb62d06abb84ef2da010977d07bfd2a3805b16">07bb62d</a>)</li>
+<li>typo (<a href="https://github.com/manfredsteyer/angular-oauth2-oidc/commit/3d331f2166340db43f0aaca42ce8abc4913cd027">3d331f2</a>)</li>
+</ul>
+<h3 id="thanks">Thanks</h3>
+<p>Big Thanks to all contributers: Brecht Carlier, Daniel Moos, Jie Lin, Manfred Steyer, Phil McCloghry-Laing, robin labat, vdveer</p>
+<p>Also, big thanks to jeroenheijmans for doing an awesome job with moderating and analyzing the issues!</p>
 
 
 

docs/classes/AbstractValidationHandler.html

@@ -156,8 +156,8 @@ <h3 id="methods">
 
             <tr>
                 <td class="col-md-4">
-                    <div class="io-line">Defined in <a href="" data-line="86"
-                            class="link-to-prism">projects/lib/src/token-validation/validation-handler.ts:86</a></div>
+                    <div class="io-line">Defined in <a href="" data-line="88"
+                            class="link-to-prism">projects/lib/src/token-validation/validation-handler.ts:88</a></div>
                 </td>
             </tr>
 
@@ -243,8 +243,8 @@ <h3 id="methods">
 
             <tr>
                 <td class="col-md-4">
-                    <div class="io-line">Defined in <a href="" data-line="69"
-                            class="link-to-prism">projects/lib/src/token-validation/validation-handler.ts:69</a></div>
+                    <div class="io-line">Defined in <a href="" data-line="71"
+                            class="link-to-prism">projects/lib/src/token-validation/validation-handler.ts:71</a></div>
                 </td>
             </tr>
 
@@ -323,8 +323,8 @@ <h3 id="methods">
 
             <tr>
                 <td class="col-md-4">
-                    <div class="io-line">Defined in <a href="" data-line="44"
-                            class="link-to-prism">projects/lib/src/token-validation/validation-handler.ts:44</a></div>
+                    <div class="io-line">Defined in <a href="" data-line="46"
+                            class="link-to-prism">projects/lib/src/token-validation/validation-handler.ts:46</a></div>
                 </td>
             </tr>
 
@@ -397,8 +397,8 @@ <h3 id="methods">
 
             <tr>
                 <td class="col-md-4">
-                    <div class="io-line">Defined in <a href="" data-line="39"
-                            class="link-to-prism">projects/lib/src/token-validation/validation-handler.ts:39</a></div>
+                    <div class="io-line">Defined in <a href="" data-line="41"
+                            class="link-to-prism">projects/lib/src/token-validation/validation-handler.ts:41</a></div>
                 </td>
             </tr>
 
@@ -483,7 +483,9 @@ <h3 id="methods">
   /**
    * Validates the at_hash in an id_token against the received access_token.
    */
-  public abstract validateAtHash(validationParams: ValidationParams): Promise&lt;boolean&gt;;
+  public abstract validateAtHash(
+    validationParams: ValidationParams
+  ): Promise&lt;boolean&gt;;
 }
 
 /**
@@ -542,7 +544,10 @@ <h3 id="methods">
    * @param valueToHash
    * @param algorithm
    */
-  protected abstract calcHash(valueToHash: string, algorithm: string): Promise&lt;string&gt;;
+  protected abstract calcHash(
+    valueToHash: string,
+    algorithm: string
+  ): Promise&lt;string&gt;;
 }
 </code></pre>
     </div>

docs/classes/AuthConfig.html

@@ -972,6 +972,12 @@ <h3 id="inputs">
                         </span>
                     </td>
                 </tr>
+                    <tr>
+                        <td class="col-md-4">
+                            <i>Type : </i>        <code><a href="https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/function" target="_blank" >function</a></code>
+
+                        </td>
+                    </tr>
                     <tr>
                         <td class="col-md-4">
                             <i>Default value : </i><code>() &#x3D;&gt; {...}</code>
@@ -1914,7 +1920,7 @@ <h3 id="inputs">
 
                 <tr>
                     <td class="col-md-4">
-                        <div class="io-description"><p>Set this to true to use HTTP BASIC auth for password flow</p>
+                        <div class="io-description"><p>Set this to true to use HTTP BASIC auth for AJAX calls</p>
 </div>
                     </td>
                 </tr>
@@ -2157,7 +2163,7 @@ <h3 id="inputs">
    * the verbosity of the console needs to be explicitly set
    * to include Debug level messages.
    */
-   public showDebugInformation? &#x3D; false;
+  public showDebugInformation? &#x3D; false;
 
   /**
    * The redirect uri used when doing silent refresh.
@@ -2292,7 +2298,7 @@ <h3 id="inputs">
   public nonceStateSeparator? &#x3D; &#x27;;&#x27;;
 
   /**
-   * Set this to true to use HTTP BASIC auth for password flow
+   * Set this to true to use HTTP BASIC auth for AJAX calls
    */
   public useHttpBasicAuth? &#x3D; false;
 
@@ -2303,7 +2309,7 @@ <h3 id="inputs">
 
   /**
    * The interceptors waits this time span if there is no token
-  */
+   */
   public waitForTokenInMsec? &#x3D; 0;
 
   /**
@@ -2332,11 +2338,9 @@ <h3 id="inputs">
    * allowing a way for implementations to specify their own method of routing to new
    * urls.
    */
-  public openUri?: ((uri: string) &#x3D;&gt; void) &#x3D; uri &#x3D;&gt; {
+  public openUri?: (uri: string) &#x3D;&gt; void &#x3D; uri &#x3D;&gt; {
     location.href &#x3D; uri;
-  }
-
-
+  };
 }
 </code></pre>
     </div>

docs/classes/HashHandler.html

@@ -134,8 +134,8 @@ <h3 id="methods">
 
             <tr>
                 <td class="col-md-4">
-                    <div class="io-line">Defined in <a href="" data-line="7"
-                            class="link-to-prism">projects/lib/src/token-validation/hash-handler.ts:7</a></div>
+                    <div class="io-line">Defined in <a href="" data-line="9"
+                            class="link-to-prism">projects/lib/src/token-validation/hash-handler.ts:9</a></div>
                 </td>
             </tr>
 
@@ -206,54 +206,68 @@ <h3 id="methods">
     <div class="tab-pane fade  tab-source-code" id="c-source">
         <pre class="line-numbers compodoc-sourcecode"><code class="language-typescript">import { Injectable } from &#x27;@angular/core&#x27;;
 
+import { sha256 } from &#x27;js-sha256&#x27;;
+
 /**
  * Abstraction for crypto algorithms
-*/
+ */
 export abstract class HashHandler {
-    abstract calcHash(valueToHash: string, algorithm: string): Promise&lt;string&gt;;
+  abstract calcHash(valueToHash: string, algorithm: string): Promise&lt;string&gt;;
 }
 
 @Injectable()
 export class DefaultHashHandler implements HashHandler {
-
-    async calcHash(valueToHash: string, algorithm: string): Promise&lt;string&gt; {
-        const encoder &#x3D; new TextEncoder();
-        const data &#x3D; encoder.encode(valueToHash);
-        const hashArray &#x3D; await window.crypto.subtle.digest(algorithm, data);
-        return this.toHashString(hashArray);
+  async calcHash(valueToHash: string, algorithm: string): Promise&lt;string&gt; {
+    // const encoder &#x3D; new TextEncoder();
+    // const hashArray &#x3D; await window.crypto.subtle.digest(algorithm, data);
+    // const data &#x3D; encoder.encode(valueToHash);
+
+    const hashArray &#x3D; sha256.array(valueToHash);
+    // const hashString &#x3D; this.toHashString(hashArray);
+    const hashString &#x3D; this.toHashString2(hashArray);
+
+    return hashString;
+  }
+
+  toHashString2(byteArray: number[]) {
+    let result &#x3D; &#x27;&#x27;;
+    for (let e of byteArray) {
+      result +&#x3D; String.fromCharCode(e);
     }
-
-    toHashString(buffer: ArrayBuffer) {
-      const byteArray &#x3D; new Uint8Array(buffer);
-      let result &#x3D; &#x27;&#x27;;
-      for (let e of byteArray) {
-        result +&#x3D; String.fromCharCode(e);
-      }
-      return result;
+    return result;
+  }
+
+  toHashString(buffer: ArrayBuffer) {
+    const byteArray &#x3D; new Uint8Array(buffer);
+    let result &#x3D; &#x27;&#x27;;
+    for (let e of byteArray) {
+      result +&#x3D; String.fromCharCode(e);
     }
-
-    // hexString(buffer) {
-    //     const byteArray &#x3D; new Uint8Array(buffer);
-    //     const hexCodes &#x3D; [...byteArray].map(value &#x3D;&gt; {
-    //       const hexCode &#x3D; value.toString(16);
-    //       const paddedHexCode &#x3D; hexCode.padStart(2, &#x27;0&#x27;);
-    //       return paddedHexCode;
-    //     });
-
-    //     return hexCodes.join(&#x27;&#x27;);
-    //   }
-
-      // toHashString(hexString: string) {
-      //   let result &#x3D; &#x27;&#x27;;
-      //   for (let i &#x3D; 0; i &lt; hexString.length; i +&#x3D; 2) {
-      //     let hexDigit &#x3D; hexString.charAt(i) + hexString.charAt(i + 1);
-      //     let num &#x3D; parseInt(hexDigit, 16);
-      //     result +&#x3D; String.fromCharCode(num);
-      //   }
-      //   return result;
-      // }
-
-}</code></pre>
+    return result;
+  }
+
+  // hexString(buffer) {
+  //     const byteArray &#x3D; new Uint8Array(buffer);
+  //     const hexCodes &#x3D; [...byteArray].map(value &#x3D;&gt; {
+  //       const hexCode &#x3D; value.toString(16);
+  //       const paddedHexCode &#x3D; hexCode.padStart(2, &#x27;0&#x27;);
+  //       return paddedHexCode;
+  //     });
+
+  //     return hexCodes.join(&#x27;&#x27;);
+  //   }
+
+  // toHashString(hexString: string) {
+  //   let result &#x3D; &#x27;&#x27;;
+  //   for (let i &#x3D; 0; i &lt; hexString.length; i +&#x3D; 2) {
+  //     let hexDigit &#x3D; hexString.charAt(i) + hexString.charAt(i + 1);
+  //     let num &#x3D; parseInt(hexDigit, 16);
+  //     result +&#x3D; String.fromCharCode(num);
+  //   }
+  //   return result;
+  // }
+}
+</code></pre>
     </div>
 </div>
 

docs/classes/JwksValidationHandler.html

@@ -325,13 +325,12 @@ <h3 id="methods">
  * to an library of its own, namely angular-oauth2-oidc-utils
  */
 export class JwksValidationHandler extends NullValidationHandler {
-
   constructor() {
     super();
     console.error(err);
   }
-
-}</code></pre>
+}
+</code></pre>
     </div>
 </div>
 

docs/classes/LoginOptions.html

@@ -404,7 +404,7 @@ <h3 id="inputs">
 
 
     <div class="tab-pane fade  tab-source-code" id="c-source">
-        <pre class="line-numbers compodoc-sourcecode"><code class="language-typescript">import { Injectable } from &quot;@angular/core&quot;;
+        <pre class="line-numbers compodoc-sourcecode"><code class="language-typescript">import { Injectable } from &#x27;@angular/core&#x27;;
 
 /**
  * Additional options that can be passed to tryLogin.
@@ -512,7 +512,6 @@ <h3 id="inputs">
   setItem(key: string, data: string): void {
     this.data.set(key, data);
   }
-
 }
 
 /**
@@ -544,7 +543,7 @@ <h3 id="inputs">
  */
 export interface TokenResponse {
   access_token: string;
-  id_token: string; 
+  id_token: string;
   token_type: string;
   expires_in: number;
   refresh_token: string;