Angular-auth-oidc-client: Logged out on refresh / new tab

Created on 14 Jun 2019  ·  5Comments  ·  Source: damienbod/angular-auth-oidc-client

Using v. 9.0.8 (same issue in earlier versions)
response_type: "code"
silent_renew: true
identity server 4

Hi
Have some issues where the user gets logged out after a period of inactivity or when opening a new window/Tab (Not every time).
Console output:
IsAuthorizedRace: Timeout reached. Emitting.
authorizedCallback incorrect nonce
authorizedCallback, token(s) validation failed, resetting

This happens on loading/refreshing the app. Have tried to do some research regarding the errors and the incorrect nonce is usually caused by multiple calls to authorize. On load the app does not call “authorize function” explicitly. I have a guard and a resolver on the app invoking getIsAuthorized. Wil this cause the authorize being called twice?

Release 11 investigate
Source
picture mnesser
👍3

Most helpful comment

This has been refactored and fixedin verison 11 which we plan to release in the next few days after testing

Greetings Damien

picture damienbod on 30 Apr 2020
👍21

All 5 comments

@mnesser - Any follow-up on this? I've been noticing that in a similar situation, once in a while, if I hit F5, it takes me back to my Login page. I can't perfectly reproduce it all the time.

DaleyKD picture DaleyKD on 19 Feb 2020

We still have the same issue..

mnesser picture mnesser on 19 Feb 2020

@mnesser @DaleyKD Wondering what I need to do here, what to check. I plan to improve how the tokens are stored so that you can host multiple applications in different tabs.

If the id_token is expired, then you need to login again, this sounds correct to me. If the session on the IdentityServer is active, the silent renew should work. If the server session is expired, then you get logged out and need to login again.

Could it be that the server session expires? You can fix this in the ID4 cookies.

Greetings Damien

damienbod picture damienbod on 20 Feb 2020

I am experiencing the same issue. The module of the client is set up to silent renew, the CSP header is set to allow frame ancestors with the origin of. the STS. The iframe actually loads eventually. However, whilst logged-in in one tab, opening the same url in a new tab forces the user to log-in again. What are the possible reasons for this?

My main unknown, which I cannot get clear from the documentation, is why we have to set up the configuration in two places. The auth-client-config.json and in the module once again with values from this file.

GabrielGil picture GabrielGil on 3 Mar 2020

This has been refactored and fixedin verison 11 which we plan to release in the next few days after testing

Greetings Damien

damienbod picture damienbod on 30 Apr 2020
👍21
Was this page helpful?
0 / 5 - 0 ratings

Related issues

jhossy picture jhossy  ·  4Comments
Roman1991 picture Roman1991  ·  4Comments
toddtsic picture toddtsic  ·  4Comments
sdev95 picture sdev95  ·  3Comments
revok picture revok  ·  4Comments