angular-auth-oidc-client: Silent Renew - Renew stops checking token timestamps
Env
- We are using version 11.2.1
- Angular 10.2
- rxjs 6.6.3
- Typescript 4.0.3
- Implicit flow
- There are no errors in the browser Console
- There are no errors in browser Network
- There are no errors from the STS (IDS4)
Issue
- Silent renew runs once and the tokens are renewed
- No errors on the STS console
- Subsequent checks skip the check for expiry
First time silent renew compares the timestamp:-
Checking: silentRenewRunning: false id_token: true userData: true
Has id_token expired: false, 1603536078000 > 1603535806261
Has access_token expired: false, 1603535811129 > 1603535806262
silent renew finished!
Timestamps show token expired - Renew works fine and there are no errors on the STS console (IDS4)
Checking: silentRenewRunning: false id_token: true userData: true
Has id_token expired: false, 1603536078000 > 1603535812263
Has access_token expired: true, 1603535811129 > 1603535812263
starting silent renew...
BEGIN refresh session Authorize Iframe renew
RefreshSession created. adding myautostate: Array [ "f9b21f51375da50cfbdffbfc8a808c6b10MFtZrqx" ]
....
STS server: http://an.ip.address
currentUrl to check auth with:
....
BEGIN authorizedCallback, no auth data
history clean up inactive
Object { id_token:
....
removed event listener from IFrame
authorizedCallback created, begin token validation
Getting signinkeys from Array [ "http://an.ip.address/.well-known/openid-configuration/jwks" ]
silent renew finished!
Then subsequent silent renews don’t check the timestamps
Checking: silentRenewRunning: false id_token: true userData: true
silent renew finished!
Digging deeper
The key value for myClientName_storageSilentRenewRunning is not being reset after the tokens are renewed. But manually setting this key value to something other than running makes the silentRenew check the timestamps again.
IE this code doesn’t return null anymore and the timestamp evaluation runs:-
const shouldBeExecuted = userDataFromStore && !isSilentRenewRunning && idToken;
if (!shouldBeExecuted) {
return of(null);
}
After the refresh In the code (around 2900)
.subscribe(() => {
this.loggerService.logDebug('silent renew finished!');
if (this.flowHelper.isCurrentFlowCodeFlowWithRefeshTokens()) {
this.flowsDataService.resetSilentRenewRunning();
}
resetSilentRenewRunning is not being called so the key value isn’t updated from “running”
In the config the default value for useRefreshToken is false. Is this why below code returns false?
this.flowHelper.isCurrentFlowCodeFlowWithRefeshTokens()
Some help on this please would be great Thanks in advance, Nigel.
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 29 (4 by maintainers)
Hi all,
Thanks to the valuable feedback from other ticket subscribers about the silentrenew.html not being copied.
Unfortunately that is not the case for us. Silent renew is copied and always present on the server
Key issue for us is :-
The key value for myClientName_storageSilentRenewRunning is not being reset after the tokens are renewed. But manually setting this key value to something other than running makes the silentRenew check the timestamps again
And this code (Around line 2949) always returns false:-
if (this.flowHelper.isCurrentFlowCodeFlowWithRefeshTokens()) { }
Please re-open the ticket as based on initial submission data it has not been solved
Thanks Nigel
Hi Fabian, Apologies for not getting back to you sooner. We are in the middle of a major update to our platform and I haven’t had a chance to try the config yet in test. Will set up a test Angular client that uses silent renew which I will be able to share with you ASAP Kind regards, Nigel.
I am having the same issue. See the console logs below (the token is expired btw). My silent-renew iframe is also empty in the elements tab in chrome dev tools. I am also not seeing calls in the network tab to the silent-renew.html.
Checking: silentRenewRunning: true id_token: true userData: true angular-auth-oidc-client.js:180 silent renew finished! angular-auth-oidc-client.js:180 Checking: silentRenewRunning: true id_token: true userData: true angular-auth-oidc-client.js:180 silent renew finished! angular-auth-oidc-client.js:180 Checking: silentRenewRunning: true id_token: true userData: true angular-auth-oidc-client.js:180 silent renew finished!