pamapa
pamapa
Thanks for providing this, i need some time to read through this. Looks interesting.
Typically for CORS is that you must properly configure the authorization server, so its knows your host and callback URL...
`Access-Control-Allow-Origin`, .. are part of the response header coming from the authorization server or your own hosting/back-end server...
The re-new process deals with the access token and its expiration time.
You will need to hack something on your own. I do not plan to have that in this library. If you something light-way please let us know...
Its most probably a logic bug in you application code. Maybe enabling logging helps you to find out: https://authts.github.io/oidc-client-ts/#md:logging
see https://github.com/authts/oidc-client-ts/blob/main/docs/index.md#hash-mode-router-spa
> Thank you for your solution. But IdentityServer4 Application return the callback url. We can not modify the callback url. I assume you are calling `mgr.signinCallback()`, thus you can modify...
Yes, it takes the claims from the id_token, you can see the affected code in the file https://github.com/authts/oidc-client-ts/blob/main/src/ResponseValidator.ts. Follow there `response.profile =`...
The CSP for your application should allow script execution and connecting to your IDP. Like: ``` "script-src 'self', "connect-src 'self' ", "frame-src 'self' " ``` The browser gives you hints...