Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

session_state is lost on silent refresh token renewal

See original GitHub issue

I am trying to use the silent refresh feature with session state management, but run into the following issue:

I have very short access token lifetime (5min). When oidc-client-ts (successfully, I might add) refreshes the access token using the refresh token, it seems to clear the session_state field of User. This leads to session management not working when I reload the page, as now session_state is null.

Steps to reproduce:

Set up a client with monitorSession: true, short access token lifetimes and refresh tokens
Log in without any previous state
Observe that the session mgmt iframe is loaded (via the debug log for example)
Wait for silent refresh token renewal
Reload the page
Observe that no login attempt is made (since there is still a valid access token in sessionStorage)
Observe that the session mgmt iframe is not loaded (since session_state is now null)
This can also be verified by checking the content of sessionStorage

Issue Analytics

State:
Created a year ago
Comments:5 (3 by maintainers)

Top GitHub Comments

1reaction

pamapacommented, Jun 13, 2022

You patch the oidc-client-ts sources in your node_modules temporary.
You can create a folder in your application and copy all code from this project into that folder and access it from there.

PS: I will release this week a new version

0reactions

sharttecommented, Jun 13, 2022

Thanks a bunch, I will try this as soon as I can.

Although I first have to check how I can do that easily from master without waiting for a new release 😃