Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

setupAutomaticSilentRefresh() works but is called too frequently

See original GitHub issue

Hi,

We’re using version 2.1.3 and are using silent refresh. It is configured like this:

this.oauthService.silentRefreshRedirectUri = window.location.origin + "/" + relativeAppPath + "silent-renew.html";
            this.oauthService.setupAutomaticSilentRefresh();
            this.oauthService.timeoutFactor = 0.9;

Our token currently has a lifetime of 10 hours. I know, far far too long and we’ll be reducing it to a more reasonable and secure timeframe but that’s what it is for now.

I have checked the expires_at field in session storage and the ticks it is writing converts to 10 hours relative.

My question is about the automatic silent refresh. It’s happening every 4-5 minutes which is far too frequent given the configuration outlined above. Any ideas why this might be?

Issue Analytics

State:
Created 5 years ago
Comments:14 (1 by maintainers)

Top GitHub Comments

7reactions

skruegscommented, Nov 6, 2019

We are experiencing the same issue where we want to refresh only on access_token expiration, but only the id_token timer is set. Is there a plan to merge @harmpauw’s PR anytime soon?

1reaction

harmpauwcommented, Aug 6, 2019

@jeroenheijmans the issue still remains the way @davdev82 described. If the id token has a shorter lifespan than the access token and you configure setupAutomaticSilentRefresh to only listen to access token expiration, the access token will never be refreshed. I created a pull request that always fires the token_expires event for both token. setupAutomaticSilentRefresh() then filters the token_expires event for the correct token type.