Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
setupAutomaticSilentRefresh uses iframe silent refresh instead of refresh token request when responseType: is 'code id_token',
See original GitHub issueDescribe the bug
setupAutomaticSilentRefresh uses silent refresh iframe instead of refresh token when using responseType: 'code id_token',
Stackblitz example Not applicable
To Reproduce
- Have a refresh token and responseType: ‘code id_token’,
- Call setupAutomaticSilentRefresh
- It will use iframe instead od freresh token request
Expected behavior It should do refresh token request
Desktop (please complete the following information):
- OS: Windows 10
- Browser Chrome
- Version 94.0.4606.61
Additional context The bug is on this line
It checks if the responseType === 'code' but should check if responseType.includes('code')
Issue Analytics
- State:
- Created 2 years ago
- Comments:7
Top Results From Across the Web
Silent refresh is not working in angular oauth oidc
oauthService.setupAutomaticSilentRefresh();. For refreshing the token, the iframe is getting added to the current page. everything looks good.
Read more >Silent Refresh - angular-oauth2-oidc
This is a well-known solution that compensates the fact that implicit flow does not allow for issuing a refresh token. It uses a...
Read more >angular-oauth2-oidc@15.0.1 - jsDocs.io
Performs a silent refresh for implicit flow. Use this method to get new tokens when/before the existing tokens expire. method ...
Read more >angular-oauth2-oidc - npm
Start using angular-oauth2-oidc in your project by running `npm i ... Important: Request offline_access to get a refresh token // The api ...
Read more >Silent Refresh - Refreshing Access Tokens when using the ...
Silent refresh uses the assumption that the user is still logged into the OpenID Provider to automatically make another OpenID Connect ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@jeroenheijmans Yup, thanks, that makes sense. I’ve switched to code flow. However I support the idea of giving out error or a warning when someone tries to use hybrid flow.
Aye, track #844 for that improvement! Thx for understanding 👍