angular-auth-oidc-client icon indicating copy to clipboard operation
angular-auth-oidc-client copied to clipboard

Published 20 hours ago verified publisher icon damienbod

[Question]: how to get new tokens manually when they expired

Open astrowq opened this issue 3 years ago • 5 comments

What Version of the library are you using?

14.0.1

Question How can I get new tokens manually with refresh token when access token and id token expired?

When the logged-in user leaves the website a while and the access/id token has expired, the next time the user re-opens the website, checkAuth would return isAuthenticated: false. Expired tokens do not get renewed as far as for me.

A manual re-login is needed, but I would like to get access/id token automatically since there is still refresh token present. My current workaround is to call authorize() when there is refresh token and isAuthenticated === false

I am new to this library. Sorry if this question was asked, or it can be done already. I can only find a relevant issue #1001 where it said At present this is not supported.

Appreciate any help in advance.

astrowq avatar Jun 04 '22 00:06 astrowq

I would love to see a comment about this because I am facing a similar issue.

trytuna avatar Jun 07 '22 15:06 trytuna

@damienbod @astrowq I am also in exact situation. Since last week I am trying to fix it but I can't. I am setting consumer key and consumer secret in the token api call I set them in refreshTokenRequestTokens(callbackContext: CallbackContext, customParamsRefresh?..) but its not working

spp125 avatar Jun 10 '22 16:06 spp125

I put so many hours into this and finally gave up on this. Switched to another library https://github.com/manfredsteyer/angular-oauth2-oidc and I got it working in like few minutes.

trytuna avatar Jun 10 '22 21:06 trytuna

Happy that you got it working. You could add a custom param in the authorize url prompt=none and it tells the IDP to silent authenticate (if you have a valid session on the IDP) The refresh token could also be sent directly to the IDP to the correct endpoint.

Greetings Damien

damienbod avatar Jun 10 '22 21:06 damienbod

I found the solution lately that is checkAuthIncludingServer().

First call checkAuth(); if it's not authenticated and there is a refresh token found with getRefreshToken(), call checkAuthIncludingServer() which would get the new access token via the refresh token. Note that id token is null if you access userData$, which is not updated via this method. However, userData is returned, and you can get it in the callback.

Hope it helps.

astrowq avatar Jun 11 '22 00:06 astrowq