fix(portal-self-service): run checkAuth() at startup to end the login redirect loop (refs #67)
All checks were successful
CI / lint (pull_request) Successful in 1m6s
CI / build (pull_request) Successful in 53s
CI / unit (pull_request) Successful in 1m3s
CI / frontend (pull_request) Successful in 1m56s
CI / mutation (pull_request) Successful in 3m55s
CI / verify-stack (pull_request) Successful in 4m34s

Without an app-init auth check, the DigiD callback (?code=…) was never processed, so
the guard kept seeing 'not authenticated' and re-triggered login — an infinite
redirect loop. Add withAppInitializerAuthCheck() so checkAuth() runs before the router
and guard, establishing the session on the callback.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-07-01 13:26:42 +02:00
parent 5089c2aea6
commit 074101e836

View File

@@ -1,5 +1,10 @@
import { EnvironmentProviders, makeEnvironmentProviders } from '@angular/core';
import { authInterceptor, LogLevel, provideAuth } from 'angular-auth-oidc-client';
import {
authInterceptor,
LogLevel,
provideAuth,
withAppInitializerAuthCheck,
} from 'angular-auth-oidc-client';
import { AuthService } from './auth.service';
import { DigiadAuthService } from './digid-auth.service';
@@ -19,7 +24,8 @@ export interface DigiadAuthOptions {
*/
export function provideDigiadAuth(options: DigiadAuthOptions): EnvironmentProviders {
return makeEnvironmentProviders([
provideAuth({
provideAuth(
{
config: {
authority: options.authority,
redirectUrl: options.redirectUrl,
@@ -32,7 +38,11 @@ export function provideDigiadAuth(options: DigiadAuthOptions): EnvironmentProvid
secureRoutes: [options.secureApiOrigin],
logLevel: LogLevel.Warn,
},
}),
},
// Run checkAuth() at startup so the DigiD callback (?code=…) is processed before the router
// and guard run — without it the guard sees "not authenticated" and re-triggers login (loop).
withAppInitializerAuthCheck(),
),
{ provide: AuthService, useClass: DigiadAuthService },
]);
}