Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Silent renew stops after 400 token response and second browser "back" navigation #1321

Open
jmalStorm opened this issue Dec 7, 2021 · 3 comments
Open

Silent renew stops after 400 token response and second browser "back" navigation #1321

jmalStorm opened this issue Dec 7, 2021 · 3 comments
Labels
investigate

Comments

@jmalStorm
Copy link

jmalStorm commented Dec 7, 2021
edited
Loading

Describe the bug
Silent renew seems to be triggered with response 400, after navigating back twice. After that silent renew stops and does not renew token. It seems that on navigating back second time silent renew triggers with same code in payload.

To Reproduce

  1. Login
  2. Navigate between pages to create browser history
  3. Wait for silent renew
  4. Navigate "back"
  5. Wait for silent renew
  6. Navigate "back" - seems that silent renew triggers automatically with same code in payload and identity server responds with 400. Silent renew stops and does not renew token anymore.

Expected behavior
Navigating back should not trigger silent renew and should not stop silent renew.

Screenshots

Desktop:

  • OS: Windows 10
  • Browser: Chrome
  • Version: 96.0.4664.45 (Official Build) (64-bit)

Additional context
Tested on angular-auth-oidc-client 11.6.11 (angular 11) and 12.0.3 (angular 12).
@michaelmarcuccio
Copy link

michaelmarcuccio commented Apr 4, 2022
edited
Loading

This occurs for me as well with the following:

Angular 13.3.1
angular-auth-oidc-client: 13.1.0

 AuthModule.forRoot({
      config: {
        authority: environment.idpAuthority,
        redirectUrl: environment.clientUrl,
        postLogoutRedirectUri: environment.clientUrl,
        clientId: environment.clientId,
        silentRenewUrl: `${environment.clientUrl}/silent-renew.html`,
        scope: 'openid profile email xxxxxxxxxxx',
        responseType: 'code',
        silentRenew: true,
        useRefreshToken: false,
        startCheckSession: true,
        ngswBypass: true,
        renewTimeBeforeTokenExpiresInSeconds: 60
      }
    }),

@michaelmarcuccio
Copy link

This is a consistent and annoying problem, has anyone found a workaround?

@michaelmarcuccio
Copy link

I am back again in 2023 to ask if anyone has found a workaround for this. The user experience is terrible with this bug. When a user presses the back button multiple times there is a chance the entire app reloads due to the error from the IDS and having to go back to the IDS to 're-authenticate' instead of silent renewing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
investigate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@FabianGosebrink @michaelmarcuccio @jmalStorm