oidc-client-ts icon indicating copy to clipboard operation
oidc-client-ts copied to clipboard

Published 20 hours ago verified publisher icon authts

Automatic silent renew doesn't use refresh token if access token is already expired

Open Yurickh opened this issue 5 months ago • 0 comments

Related to #644, but not exactly the same, so decided to open this separately.

Reproducing

In a setup where:

  • You save user state in localStorage
  • You use refresh tokens
  • automaticSilentRenew is set to true

If you open a page with an expired token, but a valid refresh token, oidc-client-ts doesn't use the refresh token to renew. Instead, it just gives up renewing completely.

Possible root causes

Upon digging a bit, I've found out that in AccessTokenEvents, we drop completely the timer when the user is expired, which is decided based on access token, instead of refresh token.

Yurickh avatar Jun 03 '25 16:06 Yurickh