Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

AutoSilentRefresh doesn't work after refresh the page

See original GitHub issue

    this.oAuthService.configure(this.ntAuthConfig);
    this.oAuthService.tokenValidationHandler = new JwksValidationHandler();
    this.oAuthService.setupAutomaticSilentRefresh();
    this.oAuthService.loadDiscoveryDocumentAndLogin();

once get token, setupAutomaticSilentRefresh works well but after refresh the page, seems like counter is reset as start from 0

for example, set access token expires 5 mins. and login then 70% of 5mins will refresh token right? Let us say 60% time spent and refresh the page, then after 3mins again will try to refresh the token. so that the time between when I refresh and reach the 70% will be expired.

when the user refresh the page, do we need to refresh access_token? or use same token? if yes, how to fetch new access token when the user refresh the page?

Issue Analytics

State:
Created 5 years ago
Reactions:1
Comments:17 (7 by maintainers)

Top GitHub Comments

5reactions

junimohanocommented, Oct 2, 2018

private setupAccessTokenTimer(): void {
    const expiration = this.getAccessTokenExpiration();
    const storedAt = this.getAccessTokenStoredAt();
    const timeout = this.calcTimeout(storedAt, expiration);

    this.ngZone.runOutsideAngular(() => {
      this.accessTokenTimeoutSubscription = of(
        new OAuthInfoEvent('token_expires', 'access_token')
      )
        .pipe(delay(timeout))
        .subscribe(e => {
          this.ngZone.run(() => {
            this.eventsSubject.next(e);
          });
        });
    });
  }

I think this method needs to be changed. according to this method, try to calculate (expiration - storeAt) * 0.75(default) which is always fetch 75% of expiration time. but what we need to is we have to calculate current time as well, if current time is past than storedAt, we need to use current time instead of storedAt.

same as setupIdTokenTimer()

1reaction

danmanacommented, Oct 11, 2019

This bug is not longer present in version 8.0.0

setupAutomaticSilentRefresh() calls this.restartRefreshTimerIfStillLoggedIn(); which calls this.setupExpirationTimers(); which calls this.setupAccessTokenTimer() which uses const timeout = this.calcTimeout(storedAt, expiration); which calculates the timeout as:

const delta = (expiration - storedAt) * this.timeoutFactor - (now - storedAt);
return Math.max(0, delta);

in case the token is past it’s timoutFactor (75%) the timeout will be 0 => an instant refresh will be triggered

Top Results From Across the Web

Silent refresh not working with OIDC-client in Angular 5

The signin works fine and I'm able to acquire a token. However, the silent refresh doesn't fire, nothing happens. When I subscribe to...

Silent Refresh - Refreshing Access Tokens when using the ...

Silent refresh uses the assumption that the user is still logged into the OpenID Provider to automatically make another OpenID Connect ...

Silent Refresh - angular-oauth2-oidc

This is a well-known solution that compensates the fact that implicit flow does not allow for issuing a refresh token. It uses a...

Refresh access tokens - Okta Developer

This guide explains how to refresh access tokens with Okta. Learning outcomes. Understand how to set up refresh token rotation. Refresh access tokens....

Why is authentication lost after refreshing my single page ...

I have problems with silent reauthentication in the “latest” Chrome 92. ... give more insight for the reason why it doesn't work in...