Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Make `silentRefresh()` trap incorrect `silentRefreshRedirectUri` configuration values

See original GitHub issue

EDIT: Please read on below this original post, the actual issue (and associated title) was changed slightly.

Original post:

Describe the bug

I’m using silentRefresh() more or less as in the tutorial Angular 6 with Auth0 using this library linked from the README, but with a code flow.

When the user is not logged in, the iframe generates a login_required error that the service catches tryLoginCodeFlow() here, but that does not cause the Promise returned from silentRefresh() to trigger the catch() clause. Instead, we wait until we get a timeout.

Expected behavior

the “login_required” error should cause the promise to reach the catch() handler.

Desktop (please complete the following information):

  • OS: Linux
  • Browser: Chrome
  • Version: 85

Issue Analytics

  • State:open
  • Created 3 years ago
  • Comments:5

github_iconTop GitHub Comments

1reaction
guss77commented, Oct 4, 2020
2. `silentRefreshRedirectUri` is `""`: the silentRefresh assumes the user explicitly wanted the redirect uri to be the application's root

Sounds reasonable, except maybe I would suggest using false for the “stop bothering me, I know what I’m doing” magic value. The test code can then be something like:

if (!this.silentRefreshRedirectUri && this.silentRefreshRedirectUri !== false) throw new Error(...);

It’s a bit more explicit and readable than checking against an almost invisible '', IMHO.

0reactions
jeroenheijmanscommented, Oct 4, 2020

I mistakenly thought that the config setting was a path on the serving site, but it is a full URI anyways. So an empty string is indeed weird and probably a configuration mistake. 👍

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to do a silent refresh via implicit flow in Angular?
so I have the problem that our token won't refresh. ... silentRefresh().then(result => console.log(result)).catch(error ...
Read more >
Silent Refresh - Refreshing Access Tokens when using the ...
Silent refresh uses the assumption that the user is still logged into the OpenID Provider to automatically make another OpenID Connect ...
Read more >
OAuth2 Refresh Token with Anular and IdentityServer4
This action will enable us to silently refresh the access token when it is close to expiry. Also, it will provide a better...
Read more >
Auth0 Single Page App SDK
Refresh Tokens are used when useRefreshTokens is set to true when configuring the SDK. Getting an Access Token silently without using Refresh Tokens...
Read more >
angular-oauth2-oidc - npm
Token Refresh for Implicit Flow by implementing "silent refresh" ... If you are just using oauth2, you have to set oidc to false...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

session_terminated in Chrome Incognito

Next page

OauthService.logOut(true) not logging out of the identity server.