pamapa

Typically you must register the redirect URI on the IdP side...

This MR is touching that area, but i have not seen why that should produce what you see. ``` Revision: 5af4847a005f5204906ee0946d48656a6da8bba3 Author: pamapa Date: 20.12.2023 09:17:04 Message: fix: #1312 handle...

> The only difference, that I can spot in the debug logs is that the log [SilentRenewService] _tokenExpiring: silent token renewal successful oidc-client-ts.js is comming earier with 2.4.0 than with...

@m4rc77 Thanks for tracking this down. I have to think about this.

The additional `postMessage` concept during the renew via iframe, makes everything even more complicated. A different approach: Maybe it is possible to request access to storage before hand? You could...

Yet another approach (which already works): Using refresh token in combination with trusted device concept. Microsoft Entra ID is currently using this concept. In this library there is support for...

Existing access token and if used refresh token are stored either in the local or session storage. Somthing like this, assuming you are using the default sessionStorage. ```ts import {...

Hard to say. But typically access tokens are bound to the domain and i can't know if the access token would work for both domains. If you have a valid...

> ```ts > monitorSession: true, // ** if true: infinite loading loop, if false: no loops** > ``` I guess the `monitorSession` does no loner work in your Keycloak/Chorme v129+...

There is an event on which you can subscribe, in case silent renew fails it triggers. See `addSilentRenewError`.