Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
"validating access_token failed. wrong state/nonce." when performing silentRefresh manually
See original GitHub issueAngular version: 5.2.7 angular-oauth2-oidc version: 3.1
I have the following setup:
oauthConfig.clientId = authConfig.clientId;
oauthConfig.redirectUri = this.checkURL(authConfig.redirectUri);
oauthConfig.scope = authConfig.scope;
oauthConfig.oidc = true;
oauthConfig.issuer = this.checkURL(authConfig.issuer);
oauthConfig.requireHttps = authConfig.requireHttps;
oauthConfig.silentRefreshRedirectUri = this.checkURL(authConfig.redirectUri + /silent-refresh.html');
this.oauthService.configure(oauthConfig);
this.oauthService.setupAutomaticSilentRefresh();
When performing a silent refresh, I need to get the new access token and pass it to other parts of the application. This is how I attempt to get the token:
this.oauthService.events.subscribe(({ type }) => {
switch (type) {
case 'token_refreshed':{
//This event doesn't get detected when the automatic silent refresh happens
break;
}
case 'silently_refreshed':{
//This event doesn't get detected when the automatic silent refresh happens
break;
}
case 'token_expires':{
this.oauthService.silentRefresh().then(()=>{
//Here I want to pass the new token to the other parts of the app
}).catch((err)=>{ return; });
break;
}
}
});
When I manually do the silent refresh, I get an error that says “validating access_token failed. wrong state/nonce.”.
I have auto-silent refresh set up as well, however the events are not triggered when the silent refresh happens, so I can’t pass the token to the other parts of the application there either.
The silent refresh request always returns 302 error.
Am I doing something wrong?
I’m using initImplicitFlow() BTW.
Issue Analytics
- State:
- Created 5 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
302 should be fine. It’s just the redirect back to your SPA.
This issue occours most of the time due to a race conditions. Is it possible that “at the same time” another part of the software is calling
silentRefreshorinitImplicitFlow?In this case, the following sequence would happen:
@gustavshf Good to hear you found the root cause. I think you can close the issue yourself, should be a button next to the green “Comment” button at the bottom of the page.