Oidc-client-js: Signout and silent renew race

Created on 29 Jan 2020  路  3Comments  路  Source: IdentityModel/oidc-client-js

I am seeing a race for completion when signout is called when silent renew is in progress.

I have set a far too low access token expiration in identity server to trigger this behavior. When automatic silent renew is enabled (with the offline_access scope), then when invoking signoutRedirect() it can happen that the user is actually not signed out, because an ongoing silent renew is in progress.

investigating question
Source
picture rmja
👍1

Most helpful comment

I fixed this issue on my app by calling userManager.stopSilentRenew(); when starting the sign out flow

picture Guymestef on 30 May 2020
👍4

All 3 comments

Sure, I believe you :) What are you proposing?

brockallen picture brockallen on 1 Feb 2020

Year. I think the desired behavior is that the user is signed out, as that is triggered by interaction and should take precedence. So, any ongoing silent login should be cancelled before calling endsession.

rmja picture rmja on 1 Feb 2020

I fixed this issue on my app by calling userManager.stopSilentRenew(); when starting the sign out flow

Guymestef picture Guymestef on 30 May 2020
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

eckersalld picture eckersalld  路  5Comments
mode777 picture mode777  路  3Comments
pottabathini picture pottabathini  路  5Comments
StephenRedd picture StephenRedd  路  5Comments
ycrumeyrolle picture ycrumeyrolle  路  5Comments