Angular-auth-oidc-client: when the user reloads the page, silent renew is not executed

Created on 11 Sep 2017  路  6Comments  路  Source: damienbod/angular-auth-oidc-client

If the user is logged in and reloads the page, '_isAuthorized' is true in the storage.

Hence authorizedCallback is never called and so neither is runTokenValidatation.

If I understand the code correctly this means the timer that checks if the tokens are expired is never started and so the silent renew process is never started.

bug
Source
picture ydg

All 6 comments

@ydg sounds correct, would need to catch this somehow. This would mean that once the token expires, the next API call will return a 401 and redirect to the login. Thanks for finding this, we need a way of fixing this.

damienbod picture damienbod on 11 Sep 2017

what if we moved the execution of

runTokenValidatation() from getUserinfo() to setupModule()

after

            if (this.authConfiguration.silent_renew) {
                this.oidcSecuritySilentRenew.initRenew();

I tried it locally and it seems to be behaving as I expect, but is there any bigger picture problem I am not seeing ?

If you think this is a valid fix, i'll do a PR.

ydg picture ydg on 11 Sep 2017
👍1

Thanks for raising this issue. I am having the same problem.

vicver82 picture vicver82 on 2 Oct 2017

@vicver82 @ydg I fix this as soon as possible. Thanks for raising this issue.

damienbod picture damienbod on 2 Oct 2017
👍1

@ydg @vicver82 fixed in version 1.3.17

damienbod picture damienbod on 3 Oct 2017

@damienbod Thank you very much. Your library is great!

vicver82 picture vicver82 on 4 Oct 2017
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

xaviergxf picture xaviergxf  路  3Comments
haidelber picture haidelber  路  3Comments
mikeandersun picture mikeandersun  路  4Comments
sdev95 picture sdev95  路  3Comments
Expelz picture Expelz  路  4Comments