Make `silentRefresh()` trap incorrect `silentRefreshRedirectUri` configuration values
See original GitHub issueEDIT: Please read on below this original post, the actual issue (and associated title) was changed slightly.
Original post:
Describe the bug
I’m using silentRefresh()
more or less as in the tutorial Angular 6 with Auth0 using this library linked from the README, but with a code flow.
When the user is not logged in, the iframe generates a login_required
error that the service catches tryLoginCodeFlow()
here, but that does not cause the Promise
returned from silentRefresh()
to trigger the catch()
clause. Instead, we wait until we get a timeout.
Expected behavior
the “login_required” error should cause the promise to reach the catch()
handler.
Desktop (please complete the following information):
- OS: Linux
- Browser: Chrome
- Version: 85
Issue Analytics
- State:
- Created 3 years ago
- Comments:5
Top Results From Across the Web
How to do a silent refresh via implicit flow in Angular?
so I have the problem that our token won't refresh. ... silentRefresh().then(result => console.log(result)).catch(error ...
Read more >Silent Refresh - Refreshing Access Tokens when using the ...
Silent refresh uses the assumption that the user is still logged into the OpenID Provider to automatically make another OpenID Connect ...
Read more >OAuth2 Refresh Token with Anular and IdentityServer4
This action will enable us to silently refresh the access token when it is close to expiry. Also, it will provide a better...
Read more >Auth0 Single Page App SDK
Refresh Tokens are used when useRefreshTokens is set to true when configuring the SDK. Getting an Access Token silently without using Refresh Tokens...
Read more >angular-oauth2-oidc - npm
Token Refresh for Implicit Flow by implementing "silent refresh" ... If you are just using oauth2, you have to set oidc to false...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Sounds reasonable, except maybe I would suggest using
false
for the “stop bothering me, I know what I’m doing” magic value. The test code can then be something like:It’s a bit more explicit and readable than checking against an almost invisible
''
, IMHO.I mistakenly thought that the config setting was a path on the serving site, but it is a full URI anyways. So an empty string is indeed weird and probably a configuration mistake. 👍