Angular-oauth2-oidc: redirect to home page after silent refresh

I did investigation and now i know that redirection is envoked via

parent.postMessage(location.hash, location.origin);

Hi @artemukolov did you find any solution for this? As in my application is also getting redirected to main(Home) page after silent refresh is performed.

@shriharry not yet.

Thanks for this. Can you compare you example with the demo application? There is effect does not occur. What's different there?

We have the same problem. I think the main difference in our project is that we use HashStrategy for routing. With the default location strategy it is working. Is there a way for HashStrategy to not redirect to home page especially if silent refresh is setup automatically?

@ndevtag Have you tried this approach from the docs about HashStrategy yet?

It relies on setting initialNavigation: false and manually (re)directing the user to a base route after calling the service.

this ist not the case i've explained here. The case i've explained belongs to the silent refresh, not the initial login. Or what do you mean?

Apologies, my suggestion then might've created more confusion to this issue, instead of being helpful.

You mention you have "the same problem", but possibly you just have the same symptoms? Either way @manfredsteyer's earlier remark probably holds: try to compare with the demo app and/or create a minimal repro that shows the issue, so others can further assist. Without a way to reproduce the issue it's really hard to help.

I think i've written that the main difference is the location strategy where the problem only occures on HashStrategy and i hope @manfredsteyer has some solution or workaround for this problem.

Hi @manfredsteyer, i´m running into the same problem. Is there any solution or workaround on this problem?
This also occurs in the sample-app if you turn on hash-strategy and call silentRefresh from another route as "/home".
To reproduce it in sample-app, enable hash-strategy in app.routes.ts and:
eg. add button to flight-edit.component.ts:

<h1>Flight Edit!</h1>
<p>Hier könnte auch der Datensatz mit der Id {{id}} stehen!</p>
<button class="btn btn-default" (click)="flightService.testSilentRefresh()">Test silent refresh</button>

and add to flight.service.ts:

testSilentRefresh() {
    this.oauthService.oidc = true;
    this.oauthService
      .silentRefresh()
      .then(info => console.debug('refresh ok', info))
      .catch(err => console.error('refresh error', err));
  }

Is there any solution yet? I am having the same issue.

I haven´t found an workaround yet because i don´t have an idea what causes this issue.
Still hoping for @manfredsteyer to find an solution or workaround.

@artemukolov @manfredsteyer Facing same issue. Using HashStrategy causing page redirect to Home page after silent refresh. Did you find any solution for this?

@rupeshjha
Only solution for me was to disable the HashStrategy. This caused an big restructure in my project but now I get no redirect after silent refresh.

There's some code (link) that clears the hash fragment after processing the id token. This is not very suitable for whoever uses a HashStrategy in combination with silent refresh. As the code suggests, you can set clearHashAfterLogin: false in AuthConfig to get this solved.

I'm seeing this and I'm not using hashing strategy. Have yet to step through the code, but have tried setting "clearHashAfterLogin" to false, but that made no difference.

@silamon Thank you for pointing that out. Though we also missed out on this.

Setting up both leads to a working system.

Also if you use the state to transfer your route you will get deep links as well.

Posting here in case someone may find it helpful since I ran into a similar issue. If you're doing client authorization in your back-end, be sure to add the silent-refresh.html url endpoint to the list of allowed redirect uris in your database

We have the same Problems. We ran into redirect in Iframe on Windows with Chrome. Other Constellations are working great. Chrome on Mac works. Windows and Firefox works!

My Fault. Third Party Cookies in Chrome. SRY

@manfredsteyer Any updates on the issue?
I am facing the same issue, I am using the hash location strategy, getting redirected to the home page after silent refresh. Totally stuck.

Just to chip in - I have 2 very similar apps with same oauth setup and this issue occurs in only one of these.

I have a feeling that this might be related to a custom baseHref setting in angular.json's build script configuration (as this should be the only difference between my apps).

Posting here in case someone may find it helpful since I ran into a similar issue. If you're doing client authorization in your back-end, be sure to add the silent-refresh.html url endpoint to the list of allowed redirect uris in your database

If that was the case, then the silent refresh would fail (instead of working fine and redirecting to the homepage).

Also, my issue might be different, cause it's not related to HashStrategy - I'm not using it in my apps.

Worth mentioning - to me the issue occurs when using implicit flow in version 8.0.4.

@manfredsteyer @mmanista I am using implicit flow with version 8.0.4 and I already added the silent-refresh.html in allowed urls, and already mentioned it in angular.json, but no success. Redirecting back to home page.

Seems like this is solved with version 9.1 which lands soon.

If you clone this repos, the sample application demonstrates this using the newest version. To reproduce it, do the following:

• In flags.ts, set useHash to true
• Login with implicit flow
• Assure yourself, that you've been logged in
• Switch to the route 'Book a Flight'
• Scroll down and press 'Refresh Token'
• In the console, you see, that the refresh took happen. Also, you are not redirected to the home route

Here is some additional info about using hash-based routing:
https://manfredsteyer.github.io/angular-oauth2-oidc/docs/additional-documentation/routing-with-the-hashstrategy.html

Feel free to reopen this issue, if I'm missing sth here.

@manfredsteyer thanks issue resolved in the latest version.

@manfredsteyer although the new update did resolved my issue, but it lead to a totally different issue after updating to 9.2.0. the prod build doesn't gives any error, but running the prod build is not working at all. I am just stuck on a blank screen. The same issue is not reproducible in normal build. Although I did notice in the network tab index.html and main.**.js gets loaded but nothing after it.
FYI my application is running on angular v7.x.

Hello, I did silent refreshing regarding your documentation.

When I try to call

this .oauthService .silentRefresh() .then((info) => console.warn('refresh ok', info)) .catch((err) => console.error('refresh error', err));
Then I got message in console:

OAuthSuccessEvent info: null type: "silently_refreshed"

And then app is redirect to main page.

How to prevent this redirecting? Thank you.

I am facing the same issue, did you find out any solution ?