Oidc-client-js: UserManager reads expired token from browser storage

any info?

No time to look into it yet. Sorry

Well, there is an expired property on the loaded user. does that not work for you?

but shouldn't you reject this token? Sure I can check it while reading but it doesn't seem to be correct place. I think it's token manager responsibility to handle expiration when reading token. you wrapped token manager and it's level of abstraction which should handle this for me and user should not be bothered (Oidc automatically redirects if token is expired and handles different cases).

You have the same issue if you load the user and the token expires after you've loaded it.

The only thing I can think of is if the access_token property would check the expiration and return undefined/null if it has expired.

But by default there is automatic silent renew so if token is going to expire it'll try to renew it.

But by default there is automatic silent renew so if token is going to expire it'll try to renew it.

But not everyone might be using this. Also, it's always possible that the token is a reference token and the user or server could revoke it at any time. So this means a properly coded client should always need to check for 401 and handle renewal.