Angular-auth-oidc-client: Silent renew not seeing token expiry
Hi,
I'm using v9.0.5 and am having an issue with the silent renew.
I've enabled logging and it outputs the following:
silentRenewHeartBeatCheck
silentRenewRunning: true
idToken: true
_userData.value: true
but when it passes the expiry time of the token it doesn't appear to do anything.
I've got the following subscriptions set up:
`this._securityService.getIsAuthorized().subscribe(auth => {
this.isAuthenticated = auth;
});
this._securityService.getUserData().subscribe(userData => {
this.userData = userData;
});`
But the output is saying it is still authorised.
If I refresh the page it outputs the following:
Token not expired?: 1556136427000 > 1556137483211 (false)
IsAuthorized setup module; id_token isTokenExpired
runTokenValidation silent-renew running
STS server: https://cognito-idp.us-east-2.amazonaws.com/us-east-2_QaQHdxTgY
Silent Renew is active, check if token in storage is active
​#document​
IsAuthorizedRace: Timeout reached. Emitting.
IsAuthorizedRace: Completed
getIsAuthorized: false
silentRenewHeartBeatCheck
silentRenewRunning: true
idToken: false
_userData.value: true
So it recognises that the token isn't valid but doesn't look like it tries to refresh the token.
I have silent renew enabled:
this.configuration.silent_renew = true;
this.configuration.silent_renew_url = 'https://localhost:45212/silent-renew.html
and the following silent-renew.html:
`
`
Is there something I'm missing to make the token renewal work?
Thanks
ADringer
All 5 comments
@ADringer This seems correct. The id_token is no longer valid so the silent renew starts. Your session on the STS is still valid, so the silent renew gets new news for the app. If the session on the server was no longer valid, you would be recquired to login again.
Greetings Damien
damienbod
on 25 Apr 2019
Hi @damienbod thanks for the reply.
I'm still a little confused though (maybe I just have the wrong understanding about it), but shouldn't I see it renewing the token? I can see two issues:
I log in and in the same session the token expiry date is passed.
getIsAuthorized()returns true and thesilentRenewHeartBeatChecksaysidToken: true. Shouldn't this:
a. Identify that the expiry has passed;
b. show some output that it has tried to refresh the token? I don't see anything in the console or network to show it refreshing.If I close the browser and then come back to the site after the token expiry it identifies that the token is valid and outputs
getIsAuthorized: falsewithsilentRenewHeartBeatChecksayingidToken: false, but again I don't see any logs or traffic showing it trying to renew the token.
Thanks for your help.
ADringer
on 25 Apr 2019
@ADringer Question, do you see it logging
Token not expired?: XXXXXXX > XXXXXXX (false)
between the below sections?
silentRenewHeartBeatCheck
silentRenewRunning: true
idToken: true
_userData.value: true
Also is the session storage key storage_silent_renew_running_XXXX set to a non-empty value the entire time?
Cracien
on 7 May 2019
I see the following issue too. My scenario is I plugged out the network cable just before the silent renew is to be started and see that it continuously goes into a loop in runTokenValidation. So if I reconnect the network I hope that silent renew is triggered again and fetches the latest id token from the authentication endpoint. Resultant is that on reloading the page it again shows the login button when it should have shown the logged in person because the id was expired.
tariqzafa700
on 10 Feb 2020
fixed in version 11, we now support the validation of the token as well
damienbod
on 30 Apr 2020
Related issues
jhossy
·
4Comments
haidelber
·
3Comments
sdev95
·
3Comments
Roman1991
·
4Comments
xaviergxf
·
3Comments