Angular-auth-oidc-client: 11.1.2 Returns tokens but doesn't apply them

Created on 26 May 2020 · 8Comments · Source: damienbod/angular-auth-oidc-client

Describe the bug
11.1.2 gets the tokens and returns them on forceRefreshSession. Sometimes the result is null, sometimes the tokens are there. But they don't apply to the authentication so the getPayloadFromIdToken() call still returns the old token in all cases.

Happens on all browsers.

Should await the silent renew or refresh call and not return until completed and then return the tokens but also apply them to the authentication configuration so that getPayloadFromIdToken() returns the current authentication.

bug investigate

Source

JohnGalt1717

All 8 comments

Hey @JohnGalt1717, which flow are you using? Do you have an example config? Thanks

FabianGosebrink on 27 May 2020

oidcConfigService.withConfig({
    stsServer: apiUrl,
    redirectUrl: `${location.protocol}//${location.host}`,
    postLogoutRedirectUri: LOGOUT_PATH,
    postLoginRoute: DEFAULT_LOGIN_REDIRECT_PATH,
    clientId: CLIENT_ID,
    scope: 'openid profile email',
    responseType: 'code',
    silentRenew: true,
    storage: localStorage,
    silentRenewUrl: `${location.protocol}//${location.host}/silent-renew.html`,
    logLevel: environment.production ? LogLevel.Error : LogLevel.Debug,
    autoUserinfo: true,
    forbiddenRoute: FORBIDDEN_PATH,
    autoCleanStateAfterAuthentication: true,
    triggerAuthorizationResultEvent: true,
    maxIdTokenIatOffsetAllowedInSeconds: 600,
    unauthorizedRoute: UNAUTHORIZED_PATH,
    renewTimeBeforeTokenExpiresInSeconds: 20,
});

JohnGalt1717 on 27 May 2020

👍1

@JohnGalt1717 I'll test this, but it should work. Will test again. We don't have an check it the renew is already running, so if you call this multiple times before the last renew is finished, the tokens will be null maybe. Just trying to understand what goes wrong, I'll test this again

Thanks for reporting.

Greetings Damien

damienbod on 29 May 2020

@JohnGalt1717 thanks for reporting. The forkJoin we use only returns once, then it no longer works.

For the moment, until we fix, the authenticated$ event can be used and the get token.

damienbod on 1 Jun 2020

@damienbod I'm confused. I would assume that every time I call the force function it should return the updated tokens AND apply them. That isn't happening with silent renew per the release notes. I either get null or I get the new ones returned by they're not applied to the authentication. (id)

Doesn't seem to matter if it's the first time or the next time after that, but I would assume that it would return once and only once on the call on subscribe, but every time you call the force function it would work properly and return the updated tokens applied to the security service?

JohnGalt1717 on 1 Jun 2020

Hi @JohnGalt1717
I would assume that every time I call the force function it should return the updated tokens AND apply them. That isn't happening with silent renew per the release notes. I either get null or I get the new ones returned by they're not applied to the authentication. (id)

yes, this is what should happen, and we have an implementation bug. :( We fix this now.

Greetings Damien

damienbod on 1 Jun 2020

Thanks!

JohnGalt1717 on 1 Jun 2020

👍1

fixed in version 11.1.3, thanks for reporting

damienbod on 3 Jun 2020

Was this page helpful?

0 / 5 - 0 ratings