Angular-auth-oidc-client: Implicit flow silent renew
Describe the bug
When running the sample app, I am able to login and I can see my userData as json object in the browser. I can see in the console that silent renew is running and checking the expiration time. When this expires a silent renew will be done. So far so good. My issue is that when I close this specific tab or open a new tab with localhost:{port} the sample app is checking for the token and userData but somehow, not sure, userData is always 'null'. And the only possibility to fill userData again is to logout and login, then silent-renew is working again. For some reason it blocks the time expire check and from there on the application is unable to silent-renew itself.
Library version 11.1.3, Angular 9.2.2
To Reproduce
Steps to reproduce the behavior:
- Run sample app
- Added config settings: Autouserinfo: false, disableIatOffsetValidation: true (for azure)
- Click login and login
- Close tab and open tab on localhost:{port} again
Expected behavior
I expect the library to fill userData again and start checking for expiration time on the token and silent renew when neccesary.
Screenshots
Correct working silent renew with userData when logged in:
The page when opened in a new tab or closed tab and opened again:
Desktop (please complete the following information):
Chrome, Version 83.0.4103.116
Additional context
Thank you guys in advance for making the time and effort.
sdev95
All 3 comments
hi @sdev95 You can use the refreshSeesion button for this, or the behaviour you look for is implemented using a different function
Greetings Damien
damienbod
on 1 Jul 2020
Hi @damienbod , thank you for your quick reply! Unfortunately the refreshSession button does not fill userData again or start the token expiration check:
The console will spit out this continously: (So far in my experience it seems that the actual refresh will not happen)
Whilst in the original 'tab' the check and refresh will keep going and refresh when needed:
Is this the expected behaviour or by design when opening and closing the browser while using the implicit flow with silent renew? Previously I used version 10.0.15~ and closing and opening the browser didn't require user interaction except when they were not logged in before :). I might have to downgrade then because my Azure AD does not accept code flow with CORS limitations.
Thank you again for reading and for your time.
sdev95
on 1 Jul 2020
For anyone experiencing the same issue, I rebuild our Angular app to use Code flow with Azure AD B2C, in this specific case I misconfigured the redirect url's and had to specify that it was a SPA redirect URL in the portal. No need for implicit flow anymore gladly ;).
Closing this issue now.
sdev95
on 2 Jul 2020
Related issues
xaviergxf
路
3Comments
vit100
路
4Comments
hannesrohde
路
3Comments
mustafakachwala
路
4Comments
nizarkhsib
路
4Comments
Most helpful comment
For anyone experiencing the same issue, I rebuild our Angular app to use Code flow with Azure AD B2C, in this specific case I misconfigured the redirect url's and had to specify that it was a SPA redirect URL in the portal. No need for implicit flow anymore gladly ;).
Closing this issue now.