nativescript-oauth icon indicating copy to clipboard operation
nativescript-oauth copied to clipboard

Published 20 hours ago verified publisher icon alexziskind1

Refresh tokens not being used in Office365 auth flow

Open YvesCandel opened this issue 8 years ago • 4 comments
trafficstars

I'm running into some trouble using the refresh tokens being issued by my Azure AD.

In tns-oauth.ts there is following piece of code:

let expSecs = Math.floor(parseFloat(expires_in));
  let expDate = new Date();
  expDate.setSeconds(expDate.getSeconds() + expSecs);

  let tokenResult: TnsOAuthModule.ITnsOAuthTokenResult = {
     accessToken: access_token,
     refreshToken: refresh_token,
     accessTokenExpiration: expDate,
     refreshTokenExpiration: expDate
  }

And index.ts has:

public refreshTokenExpired(): boolean {
    if (this.tokenResult && this.tokenResult.refreshTokenExpiration) {
      if (this.tokenResult.refreshTokenExpiration) {
        return this.tokenResult.refreshTokenExpiration < (new Date());
      } else {
        return false;
      }
    } else {
      return true;
    }
 }

So, the refresh token expiration time is always set to the same time as the access token expiration time, even though I might be using an expiration time of 90 days using a policy. The result is that my users have to login in basically every time they use my app...

Any thoughts on this design? How can I get these refresh tokens to work properly?

YvesCandel avatar Jan 19 '17 09:01 YvesCandel

I've managed to work around this by doing the following on my startup page:

if (tnsOAuthModule.instance.tokenResult) {
  console.log('Accesss token expires at: ' + tnsOAuthModule.instance.tokenResult.accessTokenExpiration);
  if (tnsOAuthModule.accessTokenExpired() === true) {
    tnsOAuthModule.instance.refreshToken().then((result: string) => {
      console.log('SUCCESSFULLY REFRESHED TOKEN!');
      this.router.navigate(['home'], { clearHistory: true, animated: false });
    })
    .catch((er) => {
      console.log(er);
    });
  } else {
    this.router.navigate(['home'], { clearHistory: true, animated: false });
  }
}

So if the user has never logged in, this whole method doesn't fire. I have a sign in button they tap if they've never logged in. If they've logged in before and the token is still valid, they get redirected to the home page right away. If they've logged in before but the access token is no longer valid, I'll call on tnsOAuthModule.instance.refreshToken() to refresh the token.

Shouldn't this be handled by the ensureValidToken method?

YvesCandel avatar Jan 19 '17 10:01 YvesCandel

Hi @YvesCandel

I like your creative workaround. Yes, ensureValidToken should handle everything for you and needs to be extended to handle your scenario. But it needs to handle Facebook and AzureAD refresh token scenarios, which I didn't get to yet. Hopefully soon.

Alex

alexziskind1 avatar Jan 19 '17 12:01 alexziskind1

Thanks for the reply Alex.

YvesCandel avatar Jan 19 '17 12:01 YvesCandel

@YvesCandel your workaround helped me a lot! thank you!

lumayara avatar Apr 18 '18 17:04 lumayara