Angular-auth-oidc-client: Silent Renew doesn't get invoked

Created on 4 May 2018  路  8Comments  路  Source: damienbod/angular-auth-oidc-client

I've tried to follow your example of setting up silent renew but I'm unable to get it to work.
I've tried to read the documentation and code to find any events that gets triggered when silent renew is invoked.

Whats different in my source than your example is that I invoke authorization imediately when the user hit our app (as implemented in one of your examples).

When I set the silent_renew to true I can see that there is created an iFrame in the DOM named myiFrameForSilentRenew, but this iFrame is empty, from Developer Tools > Elements I can see the structure of the iFrame:

<iframe id="myiFrameForSilentRenew" style="display: none;">
   #document
   <html>
       <head></head>
      <body></body>
    </html>
</iframe>

The silent_renew.html which I suspect would be encapsulated in this iFrame, is put on an address accessable from postman and Chrome, and the entire URI is set to the silent_renew_url parameter.

The console doesn't mention anything about silent_renew getting invoked before the access_token expires.

Sample app is attached.

Thanks.
SilentRenew.zip

question
Source
picture jonasbg

Most helpful comment

Hey @damienbod ,
I was having a similar issue to @jonasbg because the iframe wasn't actually pointing to the correct token renew url and server side we weren't handling it correctly - IDS was giving back errors. @jonasbg you may want to check your Network tab in Chrome for request and look to see if its making a request for the silent-renew.html.

After fixing this issue im having a similar problem to @chazt3n. It appears that the iframe is reloading its src attribute every second which fires the ngOnInit() in my app.component. This component has some initial setup which calls lookup endpoints - so i'm seeing it making those requests over and over again.

I had set my silent_renew_offset_in_seconds setting to 300 - but the token expire time is 3600. Shouldn't this mean it wont update the token for at least 3300 seconds? Why is it happening every second? Also - if I put that down to 10 seconds and it doesn't seem to update every second anymore (however, I haven't waited an hour to see if it does actually refresh though).

@damienbod any thoughts on this issue?

picture jcfore21 on 9 May 2018
👍2

All 8 comments

@damienbod is an iframe required for silent renew?

My company won't allow iframes in any application. Does that mean I simply cannot use this tool? Can I use any OIDC mechanism?

chazt3n picture chazt3n on 8 May 2018

Hi @chazt3n

The silent renew requires an iframe to refresh tokens. This is the spec. If your company bans iframes, then the silent renew cannot be used. The login and the lib will work without iframe. Why does your company block iframes? You can protect your ifame with CSP etc. If you require a refresh tokens and iframes are banned, then you should implement a server side flow, and drop the SPA.

The other OIDC flows are not designed for SPAs. And not using OIDC is not best practice...

Greetings Damien

damienbod picture damienbod on 8 May 2018

Thank you very much for your response @damienbod, I've just discovered that we have had an app in production using an iFrame for a long time. So I'm going to be able to push through on this one, especially since it's within our own domain.

I have a new issue where the iframe is working and getting an access token, however the code within ngOnInit (app component) executes once a second. Is this a common issue caused by user error? I'm not sure what I'm doing wrong

chazt3n picture chazt3n on 9 May 2018

Hey @damienbod ,
I was having a similar issue to @jonasbg because the iframe wasn't actually pointing to the correct token renew url and server side we weren't handling it correctly - IDS was giving back errors. @jonasbg you may want to check your Network tab in Chrome for request and look to see if its making a request for the silent-renew.html.

After fixing this issue im having a similar problem to @chazt3n. It appears that the iframe is reloading its src attribute every second which fires the ngOnInit() in my app.component. This component has some initial setup which calls lookup endpoints - so i'm seeing it making those requests over and over again.

I had set my silent_renew_offset_in_seconds setting to 300 - but the token expire time is 3600. Shouldn't this mean it wont update the token for at least 3300 seconds? Why is it happening every second? Also - if I put that down to 10 seconds and it doesn't seem to update every second anymore (however, I haven't waited an hour to see if it does actually refresh though).

@damienbod any thoughts on this issue?

jcfore21 picture jcfore21 on 9 May 2018
👍2

Does this work now?

damienbod picture damienbod on 17 May 2018

no its still the same issue

jcfore21 picture jcfore21 on 17 May 2018

@jcfore21 I can't find any trace of any requests for silent-renew.html at all.
@damienbod its still not working. Are there any event that fires prior to silent-renew is startet that we can subscribe to, to check if silent-renew is fired at all?

jonasbg picture jonasbg on 22 May 2018

I got it to work, but I'm unsure of how. I think that I missed some silent-renew configs on the STS and setup.

jonasbg picture jonasbg on 3 Jul 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

toddtsic picture toddtsic  路  4Comments
hannesrohde picture hannesrohde  路  3Comments
yelhouti picture yelhouti  路  4Comments
daudihusbands picture daudihusbands  路  3Comments
jhossy picture jhossy  路  4Comments