angular-oauth2-oidc: AutoSilentRefresh doesn't work after refresh the page

    this.oAuthService.configure(this.ntAuthConfig);
    this.oAuthService.tokenValidationHandler = new JwksValidationHandler();
    this.oAuthService.setupAutomaticSilentRefresh();
    this.oAuthService.loadDiscoveryDocumentAndLogin();

once get token, setupAutomaticSilentRefresh works well but after refresh the page, seems like counter is reset as start from 0

for example, set access token expires 5 mins. and login then 70% of 5mins will refresh token right? Let us say 60% time spent and refresh the page, then after 3mins again will try to refresh the token. so that the time between when I refresh and reach the 70% will be expired.

when the user refresh the page, do we need to refresh access_token? or use same token? if yes, how to fetch new access token when the user refresh the page?

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 1
  • Comments: 17 (7 by maintainers)

Most upvoted comments

private setupAccessTokenTimer(): void {
    const expiration = this.getAccessTokenExpiration();
    const storedAt = this.getAccessTokenStoredAt();
    const timeout = this.calcTimeout(storedAt, expiration);

    this.ngZone.runOutsideAngular(() => {
      this.accessTokenTimeoutSubscription = of(
        new OAuthInfoEvent('token_expires', 'access_token')
      )
        .pipe(delay(timeout))
        .subscribe(e => {
          this.ngZone.run(() => {
            this.eventsSubject.next(e);
          });
        });
    });
  }

I think this method needs to be changed. according to this method, try to calculate (expiration - storeAt) * 0.75(default) which is always fetch 75% of expiration time. but what we need to is we have to calculate current time as well, if current time is past than storedAt, we need to use current time instead of storedAt.

same as setupIdTokenTimer()

+5
junimohano on Oct 2, 2018

This bug is not longer present in version 8.0.0

setupAutomaticSilentRefresh() calls this.restartRefreshTimerIfStillLoggedIn(); which calls this.setupExpirationTimers(); which calls this.setupAccessTokenTimer() which uses const timeout = this.calcTimeout(storedAt, expiration); which calculates the timeout as:

const delta = (expiration - storedAt) * this.timeoutFactor - (now - storedAt);
return Math.max(0, delta);

in case the token is past it’s timoutFactor (75%) the timeout will be 0 => an instant refresh will be triggered

+1
danmana on Oct 11, 2019
Read more comments on GitHub
← angular-oauth2-oidc: Auto login and nonce/state error question
angular-oauth2-oidc: checkSession fails when issuer has a different origin as the check_session_iframe →