Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Hash not being cleared after silent refresh in Firefox

See original GitHub issue

In Firefox, when the token is refreshed by silent refresh, it adds a # automatically in the url and it’s not removed from the url. It only happens in Firefox, I don’t have the issue in Chrome. I even tried to add clearHashAfterLogin: true but it doesn’t seem to do anything, the hash is not removed.

I’m using angular-oauth2-oidc(v4.0.2) with Keycloak (4.2.1.Final). I use the default routing configuration in Angular, so my URLs don’t contain any hash.

My auth.config.ts

export const authConfig: AuthConfig = {
  // Url of the Identity Provider
  issuer: 'http://keycloak.local/auth/realms/helloworld',
  requireHttps: false,
  // URL of the SPA to redirect the user to after login
  redirectUri: window.location.origin + '/index.html',
  // URL for silent refresh
  silentRefreshRedirectUri: window.location.origin + '/silent-refresh.html',
  // Timeout before silent refresh is fired, 0.4 => fired when access token expiration time reaches 40%
  timeoutFactor: 0.5,
  showDebugInformation: true,
  // The SPA's id. The SPA is registerd with this id at the auth-server
  clientId: 'my-app',
  scope: 'openid profile email',
};

My app.component.ts

export class AppComponent {
  title = 'app';

  constructor(private oauthService: OAuthService) {
    this.configureWithNewConfigApi();
  }

  private configureWithNewConfigApi() {
    this.oauthService.configure(authConfig);
    this.oauthService.tokenValidationHandler = new JwksValidationHandler();
    this.oauthService.loadDiscoveryDocumentAndLogin();
    this.oauthService.setupAutomaticSilentRefresh();
}