Skip to content

Add async auth guard support for OAuth routes #23389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
yagmurcelk merged 2 commits into from
Aug 1, 2025
Merged

Add async auth guard support for OAuth routes #23389

yagmurcelk merged 2 commits into from
Aug 1, 2025

Conversation

@fahrigedik
Copy link
Member

@fahrigedik fahrigedik commented Jul 25, 2025
edited
Loading

Introduced asyncAuthGuard and asyncAbpOAuthGuard to enable asynchronous authentication checks, particularly for OAuth flows involving code exchange. Updated app routes and OAuth module provider to use the new async guards where appropriate.

Description

Resolves #23286 (write the related issue number if available)

TODO: Describe what this PR has changed, add screenshot or animated GIF if available, write if it is a breaking change, and how to fix the breaking changes for existing applications if so.

Checklist

  • I fully tested it as developer / designer and created unit / integration tests
  • I documented it (or no need to document or I will create a separate documentation issue)

How to test it?

He describe in #23286

After setting up the environment for dev-app, you can start the application by running the following command in the npm/ng-packs directory:
yarn start

To reproduce the issue, add the canActivate guard to the home route in npm/ng-packs/apps/dev-app/src/app/app.routes.ts like this:

{
  path: '',
  pathMatch: 'full',
  loadComponent: () => import('./home/home.component').then(m => m.HomeComponent),
  canActivate: [AuthGuard]
}

Then, try to access the homepage after logging in — the issue (infinite redirect loop) will occur.

To fix the issue, replace AuthGuard with asyncAuthGuard.

@fahrigedik
Add async auth guard support for OAuth routes
a080ebc 
Introduced asyncAuthGuard and asyncAbpOAuthGuard to enable asynchronous authentication checks, particularly for OAuth flows involving code exchange. Updated app routes and OAuth module provider to use the new async guards where appropriate.
@sumeyyeKurtulus sumeyyeKurtulus added this to the 10.0-preview milestone Jul 28, 2025
sumeyyeKurtulus
sumeyyeKurtulus reviewed Jul 30, 2025
View reviewed changes
sumeyyeKurtulus
sumeyyeKurtulus reviewed Jul 30, 2025
View reviewed changes
sumeyyeKurtulus
sumeyyeKurtulus reviewed Jul 30, 2025
View reviewed changes
@fahrigedik
Refactor OAuth guard to use OAuthService and timer
f5d1731 
Replaces usage of AuthService.isAuthenticated and interval with OAuthService.hasValidAccessToken() and timer for checking authentication status. Also injects EnvironmentService to access OAuth configuration and updates logic to check responseType before waiting for authentication.
@sumeyyeKurtulus sumeyyeKurtulus self-requested a review July 30, 2025 09:16
@yagmurcelk yagmurcelk merged commit 7d75e87 into dev Aug 1, 2025
2 of 3 checks passed
@yagmurcelk yagmurcelk deleted the issue-#23286 branch August 1, 2025 11:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sumeyyeKurtulus sumeyyeKurtulus sumeyyeKurtulus approved these changes

@yagmurcelk yagmurcelk yagmurcelk approved these changes

Assignees

No one assigned

Labels

effort-13 enhancement ui-angular

Projects

None yet

Milestone

10.0-preview

Development

Successfully merging this pull request may close these issues.

Generated app with angular UI and theme basic authGuard login loop

4 participants

@fahrigedik @sumeyyeKurtulus @yagmurcelk