angular-auth-oidc-client icon indicating copy to clipboard operation
angular-auth-oidc-client copied to clipboard

Published 20 hours ago verified publisher icon damienbod

[Bug]: idToken expired

Open alvachien opened this issue 2 years ago • 4 comments

Version

15.0.0

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

Since upgrading to 15.0.0, it now checks ID token but in unepxected way.

The idtoken I got:
EBUG] 0-achihui.js - AuthResult '{
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkRFQTI4QTVBNzI0RUI5OUQyQkZBOEQxNTBGNkExNDJBIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo0NDM1MyIsIm5iZiI6MTY2ODkzMjIyMiwiaWF0IjoxNjY4OTMyMjIyLCJleHAiOjE2Njg5MzI1MjIsImF1ZCI6ImFjaGlodWkuanMiLCJhbXIiOlsicHdkIl0sIm5vbmNlIjoiMzBkNzQwNmFjNWNiZDI2OGJhYWIyMmY1YjhkYzFlZmU1YlJHQmU0cVEiLCJhdF9oYXNoIjoiOG9zU050UDdnYWUwNWg5ZVdJOTQyZyIsInNpZCI6IkM1Mzc2OEU0NDlFM0IwMERGMjg5NDI2OUIyRDU3QTZBIiwic3ViIjoiNzYyZThkMzgtOTU5NC00MThmLTgyOTEtMWJhNzNhYTlkYWRhIiwiYXV0aF90aW1lIjoxNjY4OTMyMjIxLCJpZHAiOiJsb2NhbCIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsdmFjaGllbkBsaXZlLmNvbSIsIm5hbWUiOiJhbHZhY2hpZW5AbGl2ZS5jb20ifQ.eexzCoSVi1Pk93P96KZq4v8nyFiPp9YhLmJsnqxzt_yvGgl0SL5Df_dp5kpzfsuBScHbgTGzGXsoPjY0S31eo7urvLZG-bXS47mCUWDlptxC3hPiQxvgEdcZTYcH3E9fJJ86Wsm6VzH7nIW3AOU4a_4TW8CwQa6U9L9Kc2EBTXXlVrypF9-hWWnqEIQYqEtuKbo1VAhl-fgSN7oipgV61LXp3O4kzDrdMbHTVWP-ARTtmM_y2OaRPRTcqtL2GjEghaB5xDCAqWhpmIRSDmf9R30DQsNNw3e1XOwM4WAGTp-zQLBoQxoiHPaFlHAJaaOp8GRDyEKTD3RhQsk2c5toBQ"

After decode:
"exp": 1668931615

Then I got:
[DEBUG] 0-achihui.js - validate id token iat max offset 0 < 120000
angular-auth-oidc-client.mjs:4236 [DEBUG] 0-achihui.js - Has idToken expired: true --> expires in -7:0-6 , 4:22:02 PM > 4:28:08 PM
angular-auth-oidc-client.mjs:4233 
        
[WARN] 0-achihui.js - authCallback id token expired
logWarning @ angular-auth-oidc-client.mjs:4233
angular-auth-oidc-client.mjs:4236 [DEBUG] 0-achihui.js - authCallback token(s) invalid

Steps to reproduce the behavior

No response

A clear and concise description of what you expected to happen.

No response

Additional context

No response

alvachien avatar Nov 20 '22 08:11 alvachien 

    config: {
        authority: environment.IDServerUrl,

        redirectUrl: environment.AppHost, // window.location.origin,
        postLogoutRedirectUri: environment.AppHost,
        
        clientId: 'achihui.js',
        scope: 'openid profile api.hih offline_access', // 'openid profile ' + your scopes
        responseType: 'code',

        silentRenew: true,
        useRefreshToken: true,
        // silentRenewUrl: window.location.origin + '/silent-renew.html',
        renewTimeBeforeTokenExpiresInSeconds: 666,
        tokenRefreshInSeconds: 600,

        logLevel: environment.LoggingLevel === 2 ? LogLevel.Error : LogLevel.Debug,
      }

alvachien avatar Nov 20 '22 08:11 alvachien

Linked to #1546, it says bug fixed in 15.0, but I can repeat it in 15.0.

alvachien avatar Nov 20 '22 08:11 alvachien

I have this same issue on version 16 :/

daniromome avatar Aug 15 '23 19:08 daniromome

I was getting this issue due to the clock of the server being out of sync.

I am using keycloak in an arch linux instance, in order to fix it I just had to enable systemd-timesyncd.service.

daniromome avatar Sep 19 '23 13:09 daniromome