Guillaume Chervet

If oidc server is not in the same domain than your website then cookie should have attribute value: SameSite=None

Hi, @tielushko , By default the library use the shorter life between access_token and id_token. There is a property to change the default behavior. an example: https://github.com/AxaGuilDEv/ml-cli/blob/master/src/Ml.Cli.WebApp/ClientApp/public/environment.dev.json ` "token_renew_mode": "access_token_invalid"...

Thank you @rbalyan for the issue. I look a it today!

Hi @rbalyan , i did not sucess to reproduce the problem. Dobyou have a sample of your configuration ?

Thank you @Zhuohui-Li @rbalyan your feedback help are very helpful !

hi @rbalyan, @Zhuohui-Li, I do not success to reproduce it => https://github.com/AxaGuilDEv/react-oidc/pull/913/files Which OIDC server are your using?

here the published demo by the pullrequest => https://black-rock-0dc6b0d03-913.westeurope.1.azurestaticapps.net/

Thank you @Zhuohui-Li , I think it is the information I needed :)

I @Zhuohui-Li , I removed openid scope from my demo so I have only the access_token now in the demo. https://github.com/AxaGuilDEv/react-oidc/pull/913/files but I still cannot reproduce your bug: https://black-rock-0dc6b0d03-913.westeurope.1.azurestaticapps.net/ DO...

Which react version are you using @rbalyan ?