Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Bug] Access token expired but `hasValidAccessToken()` still returns true

See original GitHub issue

Describe the bug OAuthService.hasValidAccessToken() returns true but the token actually expired. I looked at the session storage. The expired access_token is still there but expires_at is not. In this case, hasValidAccessToken() returns true.

Stackblitz example It is a private project.

To Reproduce I don’t know how to reproduce it step by step. I just used my angular application on Saturday. Then on Monday I tried to reload the page expecting to have the login button (when hasValidAccessToken() is false) but the app still worked as if hasValidAccessToken() is true. Though it fails at calling the API (401 because the token is actually expired). Therefore I had to remove the access_token from storage.

Expected behavior OAuthService.hasValidAccessToken() returns false.

Desktop (please complete the following information):

OS: macOS Monterey
Browser: Firefox
Version: 96

Additional context After I removed the access_token storage and made my app working again, I checked the storage and expires_at was not there. When is it supposed to be stored ?

Issue Analytics

State:
Created 2 years ago
Comments:5

Top GitHub Comments

1reaction

r-oueslaticommented, Jan 20, 2022

Thank you @jeroenheijmans.

My issue will be sorted soon. I actually use an IDS developed in our company. I asked the team in charge with the development if the expires_in is planned. It is currently being implemented so I should have it very soon. I won’t have to change anything after all.

Thanks for your time. I can close this issue.

0reactions

r-oueslaticommented, Jan 25, 2022

Just to add some extra information in case it can help someone else. There is a config parameter to handle absence of expires_in property in token response : it is fallbackAccessTokenExpirationTimeInSec.

Top Results From Across the Web

OAuthService hasValidAccessToken wrongly returns true #1214

Describe the bug hasValidAccessToken returns true even though expired_at in local storage is a minute before now. Additional context

angular-oauth2-oidc token always invalid after log in

logOut(); doesnt seem to have any effect either and keeps me logged in so i dont get redirected to the login page again...

OAuthService - angular-oauth2-oidc

getAccessTokenExpiration(). Defined in projects/lib/src/oauth-service.ts:2391. Returns the expiration date of the access_token as milliseconds since 1970.

Implicit flow authentication using angular-oauth2-oidc (Angular)

To get the access token & identity claims, just need to call the getAccessToken() andgetIdentityClaims() methods of the OAuthService.

Using the refresh token - Amazon Cognito - AWS Documentation

If the refresh token is expired, your app user must re-authenticate by signing in ... Amazon Cognito returns new ID and access tokens...