-
Notifications
You must be signed in to change notification settings - Fork 422
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: Silent refresh gets out of step until refresh token expires #1383
Comments
Hello @Budno We are facing the same problem with a single difference. Check session completely stops working instead of delayed working, which also leads to user has to refresh the page to get the auth flow working again. I was wondering did you find any solutions or workarounds? I tried it with v11.6.11, v12.0.3, 13.1.0 |
Hi @soners , |
Is this issue still relevant? Did you upgrade to the latest version? |
Yes, it is still relevant to us. However, we are currently not able to update to a version higher than v13.0.0 because starting from v13.1.0 the support of http (without https) was dropped and we are currently still dependent on http for on-premise environments. |
I'm also experiencing this issue on version 15.0.2. Seems to be much more likely to happen if the application is open in multiple browser tabs (chrome). Here are the console logs:
Authority is setup with an access token lifetime of 1min and refresh token lifetime of 2mins. Current OpenIdConfiguration:
Edit: I should mention that I'm using localStorage which causes all tabs to invalidate |
I am seeing this issue on v13.0.0 with the silentRenew getting out of step/delayed. The issue is more apparent with a lower renewTimeBeforeTokenExpiresInSeconds (30s vs 120s) since our access_token won't get renewed in time before it expires and causes 401 unauthorized errors in the webapp. Steps to reproduce are somewhat similar to what is suggested here #1841 except instead of just switching tabs I also switch applications altogether (minimize Chrome and switch to Visual Studio Code, for example). I think when I initially tried just switching tabs, I did not have debug logs enabled at the time, I was not getting 401 unauthorized errors so it's possible the silentRenew getting out of step/delayed could have been occurring without triggering 401 unauthorized errors. Console logs show periodic check changing from every 4 seconds to every 1 minute:
AccessToken expired checks over time:
Note: I've observed the negative expires in value without logging out and logging back in to the webapp but I included those events in here to explain the gap from the second accessToken expired check to the last accessToken expired. OpenID Configuration used for the logs:
Desktop (please complete the following information): OS: Windows 10 (22H2) |
@FabianGosebrink @damienbod Just curious if there has been time to further investigate this issue. Is there a status update available for this issue or is the recommendation to try to upgrade to the latest version? |
We are currently using v15 and this issue is still there. |
What Version of the library are you using?
11.6.11
Describe the bug
Intermittently the silent refresh mechanism seems to get out of step and waits much longer than the usual 4 seconds. The delay can range from a few seconds to several minutes. If the refresh token has expired in the meantime, the OIDC provider refuses to refresh it. As a consequence, a roundtrip to the OIDC server becomes necessary. This is observed several times an hour in my application. Sometimes the refresh check even stops altogether.
I have tried to circumvent the problem by increasing renewTimeBeforeTokenExpiresInSeconds from 10 to 150 seconds so that tokens are renewed earlier and can still be updated if a short delay occurs. This made the issue more rare, but it still recurred (with a delay > 150 seconds) after keeping the application open in the browser for 1-2 hours.
I am using silent renew with refresh tokens in a productive application.
To Reproduce
Use the library with silent renew, use refresh tokens that are valid for 120 seconds, set renewTimeBeforeTokenExpiresInSeconds=10 and keep the Angular application open for 1 hour. Then check the server log
Steps to reproduce the behavior:
on the OIDC server, use short-lived refresh and access tokens (e.g. 60 seconds)
Expected behavior
The silent refresh check should be executed every 4 seconds or at the projected expiration time of the refresh/access token.
Screenshots
![image](https://user-images.githubusercontent.com/74253363/153880652-99218621-ccd6-4cc0-8e65-a37cacaedcff.png)
Refresh check only after 23 seconds, then after 1 minute:
Refresh check delayed by almost 9 minutes:
![image](https://user-images.githubusercontent.com/74253363/153880141-578ef16f-6f52-4cef-a131-fe1ac7212d3b.png)
Refresh check stopped completely:
![image](https://user-images.githubusercontent.com/74253363/153880300-c3abb1d1-2cda-4c93-88e2-87ca5167c244.png)
Desktop (please complete the following information):
Additional context
When the refresh time starts to become less reliable, the browser often shows warnings about delayed calls to setInterval() or zone-evergreen progress handlers.
The text was updated successfully, but these errors were encountered: