Oidc-client-js: Silent Renew issue

Showing error: prompt=none was requested but user is not authenticated.

This means your cookie at the token server is no longer valid. You need to debug more into why that is.

Showing error: prompt=none was requested but user is not authenticated.

This means your cookie at the token server is no longer valid. You need to debug more into why that is.

Thanks for Quicky Reply @brockallen.
yes, I had set the cookie life time to 1 day
identityServerOptions.Authentication.CookieLifetime = new System.TimeSpan(1,2, 3, 0);
identityServerOptions.Authentication.CookieSlidingExpiration = true;
and also configured in services ConfigureApplicationCookie for cookie life time for 1 day. Need to debug it more now

@muralisambu and @brockallen I have same problem with last(2.3.0) version of IS4 and OIDCJS.

Have another IS4 at 2.1.0 version and don't have any problem.

It's this really a bug or what?

@muralisambu I will do that you said above.

@muralisambu doesn't works

I cat some issue at log:

dbug: IdentityServer4.Services.DefaultClaimsService[0]
Getting claims for identity token for subject: [email protected] and client: account
dbug: IdentityServer4.Services.DefaultClaimsService[0]
In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.

@alexsandro-xpt I was able to solve the issue by loading the Idsvr cookie scheme for Authentication middleware.

services.AddAuthentication(x=>x.DefaultAuthenticateScheme = IdentityServer4.IdentityServerConstants.DefaultCookieAuthenticationScheme)

with this the cookie was retaining and was able to do silent renew

@muralisambu doesn't works for me, after that code, the authentication stop to work.

Some time the oidc.js give me a Frame window timed out at console log in Chrome Dev Tools.
SilentRenewService._tokenExpiring: Error from signinSilent: Frame window timed out

Here is my Startup.cs https://gist.github.com/alexsandro-xpt/5ebe79fd63134b0b60305504231677ae

Closing. If you still have issues, feel free to reopen.

@alexsandro-xpt did you find any solution? Please share

@muralisambu doesn't works for me, after that code, the authentication stop to work.

Some time the oidc.js give me a Frame window timed out at console log in Chrome Dev Tools.
SilentRenewService._tokenExpiring: Error from signinSilent: Frame window timed out

Here is my Startup.cs https://gist.github.com/alexsandro-xpt/5ebe79fd63134b0b60305504231677ae

this is becuase when the client is trying to renew is taking more than the default time , you can increase the time and it should work.

In the client part add silentRequestTimeout(ms) , increase the value here default will be 5 sec, that should work out.

I encountered something similar and for me the issue was I was trying to silenRenew but didn't include offline_access as a scope prior. This might only be applicable for authorization_code with PKCE.

I encountered something similar and for me the issue was I was trying to silenRenew but didn't include offline_access as a scope prior. This might only be applicable for authorization_code with PKCE.

Sorry for posting a thank you reply but I can't stress this enough - I've been spending over 7 hours on this issue and tearing my hair off, and THIS is the only thing that worked. And it also makes sense. but it's not written in the docs!!!

Thanks to @muralisambu

For me, the solution was definitely this line for the session renewal problem. My session was renewed perfectly well during the first 30 minutes. After that it stopped for no reason.
This was the fix after block services.AddIdentityServer(...). I add this line:

services.AddAuthentication(x => x.DefaultAuthenticateScheme = IdentityServer4.IdentityServerConstants.DefaultCookieAuthenticationScheme);

I spent a full day analyzing the oidc-client.js logs and the problem on github and stackoverflow.
import { Log, UserManagerSettings } from 'oidc-client';
Log.logger = console;
Log.level = Log.DEBUG;

At the end, everyone manages to solve their problem with this same trick. See all the other issues here :
https://github.com/IdentityServer/IdentityServer4/issues/3960
https://github.com/IdentityServer/IdentityServer4/issues/1625

and the docs:
http://docs.identityserver.io/en/latest/topics/signin.html

I also had to put this in the logout :
public async Task<IActionResult> Logout(LogoutInputModel model) { await HttpContext.SignOutAsync(IdentityServer4.IdentityServerConstants.DefaultCookieAuthenticationScheme);}

Running into this same issue. The root cause is that the browser is not attaching the identity cookie with the request for renewal.

I have explicitly set this cookie to SameSite=None but the browser is still not attaching the cookie to the GET request to /connect/authorize. Anyone have any ideas what might be causing this cookie to get dropped?

It is a cross origin request... When running both the identity server and the application off of localhost (same origin) it works fine, but as when we run in production on different hosts with different addresses the cookie is not included resulting in an error renewing...

https://leastprivilege.com/2020/03/31/spas-are-dead/