How can I set auto token refreshing in password flow?
See original GitHub issueHow can I set auto token refreshing in password flow?
@NgModule({
declarations: [
AppComponent
],
imports: [
OAuthModule.forRoot({
resourceServer: {
allowedUrls: [`${environment.protocol}://${environment.hostname}`],
sendAccessToken: true
}
})
],
providers: [
{ provide: LocationStrategy, useClass: HashLocationStrategy },
{ provide: OAuthStorage, useValue: sessionStorage },
],
bootstrap: [AppComponent]
})
export class AppModule {
}
private readonly authConfig: AuthConfig = {
issuer: 'issuer',
oidc: false,
clientId: 'clientId',
scope: 'openid username role apps full-api offline_access'
};
In service constructor:
this.oAuthService.configure(this.authConfig);
this.oAuthService.setupAutomaticSilentRefresh();
1., .loadDiscoveryDocument()
2., .fetchTokenUsingPasswordFlowAndLoadUserProfile()
Login successful, user logged in.
After a while, it tries to call:
Request URL: http://10.10.10.10:10/connect/authorize?response_type=token&client_id=clientId&state=ZEx4dGR2alltRC02V2J3NEowWTJoa1pNbXp4R2lNaHNBTEZOTlVRZlB5T0dC&redirect_uri=&scope=openid%20username%20role%20apps%20full-api%20offline_access&prompt=none
Request Method: GET
Status Code: 302 Found
And I got an error after that:
http://10.10.10.10:10/home/error?errorId=CfDJ8PFLaJy2spFGuE1ynrI...
Request Method: GET
Status Code: 404 Not Found
Remote Address: 10.10.10.10:10
Referrer Policy: no-referrer-when-downgrade
Why does it want to call /connect/authorize
for token refreshing, why not call connect/token
?
What is wrong with my config?
Desktop
- OS: Windows 10 latest
- Browser: Chrome latest
- Version: 10.0.3 latest
Issue Analytics
- State:
- Created 3 years ago
- Reactions:1
- Comments:6
Top Results From Across the Web
What Are Refresh Tokens and How to Use Them Securely
This post will explore the concept of refresh tokens as defined by OAuth 2.0. We will learn how they compare to other token...
Read more >Refresh access tokens - Okta Developer
This guide explains how to refresh access tokens with Okta. Learning outcomes. Understand how to set up refresh token rotation. Refresh access tokens....
Read more >OAuth 2.0 Refresh Token Best Practices - Fusebit
In this blog post, we will focus on alternative number two: The authorization server automatically issues a new access token once it expires ......
Read more >Refresh Tokens - OAuth 2.0 Simplified
To use the refresh token, make a POST request to the service's token endpoint with grant_type=refresh_token , and include the refresh token as ......
Read more >Should access tokens be refreshed automatically or manually?
UI redirects to AS to authenticate the user via password · AS issues an access token and refresh token, then returns them to...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
No, sorry, no idea. RPO flow is deprecated and I don’t need to use or support it anywhere.
If I would need to use it (e.g. with a legacy server) I would probably not use a library but some form of handcrafted solution instead. RPO is so small that an entire library almost feels like overkill, usually.
Not really an answer to your questions, sorry. Possibly another community member can help out? Or you could dig through the code to see how things should work, and let us know what you found. Good luck!
We’re using a password flow based auth mechanism and handle token refresh like so:
This also handles loading of the user profile after getting an access token, and loading the user profile if the user still has a valid access token (from storage), which is in this way IMHO handled more elegantly than the provided examples in the documentation.
The
token_expires
event case will ensure that the token is refreshed when needed.