angular-auth-oidc-client
angular-auth-oidc-client copied to clipboard
damienbod
Silent renew stops after 400 token response and second browser "back" navigation
Describe the bug Silent renew seems to be triggered with response 400, after navigating back twice. After that silent renew stops and does not renew token. It seems that on navigating back second time silent renew triggers with same code in payload.
To Reproduce
- Login
- Navigate between pages to create browser history
- Wait for silent renew
- Navigate "back"
- Wait for silent renew
- Navigate "back" - seems that silent renew triggers automatically with same code in payload and identity server responds with 400. Silent renew stops and does not renew token anymore.
Expected behavior Navigating back should not trigger silent renew and should not stop silent renew.
Screenshots
Desktop:
- OS: Windows 10
- Browser: Chrome
- Version: 96.0.4664.45 (Official Build) (64-bit)
Additional context Tested on angular-auth-oidc-client 11.6.11 (angular 11) and 12.0.3 (angular 12).
This occurs for me as well with the following:
Angular 13.3.1 angular-auth-oidc-client: 13.1.0
AuthModule.forRoot({
config: {
authority: environment.idpAuthority,
redirectUrl: environment.clientUrl,
postLogoutRedirectUri: environment.clientUrl,
clientId: environment.clientId,
silentRenewUrl: `${environment.clientUrl}/silent-renew.html`,
scope: 'openid profile email xxxxxxxxxxx',
responseType: 'code',
silentRenew: true,
useRefreshToken: false,
startCheckSession: true,
ngswBypass: true,
renewTimeBeforeTokenExpiresInSeconds: 60
}
}),
This is a consistent and annoying problem, has anyone found a workaround?
I am back again in 2023 to ask if anyone has found a workaround for this. The user experience is terrible with this bug. When a user presses the back button multiple times there is a chance the entire app reloads due to the error from the IDS and having to go back to the IDS to 're-authenticate' instead of silent renewing.