Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Incorrect authentication request caused when page is refreshed whilst silent-renew is happening or after it has failed.

See original GitHub issue

Describe the bug If the page is refreshed whilst a silent renew is happening (or fails) then the wrong combination of parameters are sent to the authentication server, causing an error.

To Reproduce

  • Disable the silent-renew functionality in the silent-renew.html file.
  • Wait for silent renew to trigger
  • Refresh the browser

Notice that in devtools, the request contains parameters for the silent renew still (including the redirect url) - this causes our authentication server (IDS4) to return a HTTP 400 error. It writes a log message indicating it was expecting this auth request to redirect back to our normal auth complete endpoint, not silent-renew.html

Expected behavior No error, correct redirect url supplied.

Possible solution It seems to me that the cause of this bug is that the storageSilentRenewRunning object is stored in sessionStorage (via the storage service). If this were in memory it wouldn’t round-trip during the refresh and be accidentally picked up.

I have verified this logic in a work around by always clearing this object from sessionStorage when the app is initialized

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:6 (3 by maintainers)

github_iconTop GitHub Comments

2reactions
chad-smithcommented, Jul 20, 2021

Would it be possible to update to version 12?

Hi Damien. I’m deep in the middle of some other work at the moment, but I will update and test as soon as I get a chance - might be a couple of weeks though.

Thanks for the update and your continued work on the library 👍

0reactions
damienbodcommented, Nov 8, 2021

Closing this as Angular is now V13

Read more comments on GitHub >

github_iconTop Results From Across the Web

Why is authentication lost after refreshing my single page ...
There could be a few different reasons why authentication is lost after refreshing a single page application. Common reasons are 1) Auth0 ......
Read more >
Oidc client js: silent access token renew breaks because ...
Something is not working at the silent access token renew level. The expected behavior is an automatic renew of the access token, which...
Read more >
Known issues with PaperCut MF, NG, Hive, Pocket and ...
If a PaperCut Print Deploy server's Client Authentication method is set to AUTO or TRUST then PaperCut Mobility Print queues will fail to...
Read more >
angular-auth-oidc-client - Bountysource
If the page is refreshed whilst a silent renew is happening (or fails) then the wrong combination of parameters are sent to the...
Read more >
Common questions about the Microsoft Authenticator app
Allow while using the app: If you choose this option, you'll be prompted to ... go to the two-step verification area of your...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Silent Renew process doesn't always start with a protected route

Next page

JWK key with no 'use' field is causing validation of id_token failure