Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: idToken expired #1593

Open
alvachien opened this issue Nov 20, 2022 · 4 comments
Open

[Bug]: idToken expired #1593

alvachien opened this issue Nov 20, 2022 · 4 comments
Labels
oidc-server-client-offset-def

Comments

@alvachien
Copy link

Version

15.0.0

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

Since upgrading to 15.0.0, it now checks ID token but in unepxected way.

The idtoken I got:
EBUG] 0-achihui.js - AuthResult '{
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkRFQTI4QTVBNzI0RUI5OUQyQkZBOEQxNTBGNkExNDJBIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo0NDM1MyIsIm5iZiI6MTY2ODkzMjIyMiwiaWF0IjoxNjY4OTMyMjIyLCJleHAiOjE2Njg5MzI1MjIsImF1ZCI6ImFjaGlodWkuanMiLCJhbXIiOlsicHdkIl0sIm5vbmNlIjoiMzBkNzQwNmFjNWNiZDI2OGJhYWIyMmY1YjhkYzFlZmU1YlJHQmU0cVEiLCJhdF9oYXNoIjoiOG9zU050UDdnYWUwNWg5ZVdJOTQyZyIsInNpZCI6IkM1Mzc2OEU0NDlFM0IwMERGMjg5NDI2OUIyRDU3QTZBIiwic3ViIjoiNzYyZThkMzgtOTU5NC00MThmLTgyOTEtMWJhNzNhYTlkYWRhIiwiYXV0aF90aW1lIjoxNjY4OTMyMjIxLCJpZHAiOiJsb2NhbCIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsdmFjaGllbkBsaXZlLmNvbSIsIm5hbWUiOiJhbHZhY2hpZW5AbGl2ZS5jb20ifQ.eexzCoSVi1Pk93P96KZq4v8nyFiPp9YhLmJsnqxzt_yvGgl0SL5Df_dp5kpzfsuBScHbgTGzGXsoPjY0S31eo7urvLZG-bXS47mCUWDlptxC3hPiQxvgEdcZTYcH3E9fJJ86Wsm6VzH7nIW3AOU4a_4TW8CwQa6U9L9Kc2EBTXXlVrypF9-hWWnqEIQYqEtuKbo1VAhl-fgSN7oipgV61LXp3O4kzDrdMbHTVWP-ARTtmM_y2OaRPRTcqtL2GjEghaB5xDCAqWhpmIRSDmf9R30DQsNNw3e1XOwM4WAGTp-zQLBoQxoiHPaFlHAJaaOp8GRDyEKTD3RhQsk2c5toBQ"

After decode:
"exp": 1668931615

Then I got:
[DEBUG] 0-achihui.js - validate id token iat max offset 0 < 120000
angular-auth-oidc-client.mjs:4236 [DEBUG] 0-achihui.js - Has idToken expired: true --> expires in -7:0-6 , 4:22:02 PM > 4:28:08 PM
angular-auth-oidc-client.mjs:4233 
        
[WARN] 0-achihui.js - authCallback id token expired
logWarning @ angular-auth-oidc-client.mjs:4233
angular-auth-oidc-client.mjs:4236 [DEBUG] 0-achihui.js - authCallback token(s) invalid

Steps to reproduce the behavior

No response

A clear and concise description of what you expected to happen.

No response

Additional context

No response
@alvachien
Copy link
Author 

    config: {
        authority: environment.IDServerUrl,

        redirectUrl: environment.AppHost, // window.location.origin,
        postLogoutRedirectUri: environment.AppHost,
        
        clientId: 'achihui.js',
        scope: 'openid profile api.hih offline_access', // 'openid profile ' + your scopes
        responseType: 'code',

        silentRenew: true,
        useRefreshToken: true,
        // silentRenewUrl: window.location.origin + '/silent-renew.html',
        renewTimeBeforeTokenExpiresInSeconds: 666,
        tokenRefreshInSeconds: 600,

        logLevel: environment.LoggingLevel === 2 ? LogLevel.Error : LogLevel.Debug,
      }

@alvachien
Copy link
Author

Linked to #1546, it says bug fixed in 15.0, but I can repeat it in 15.0.

@daniromome
Copy link

I have this same issue on version 16 :/

@daniromome
Copy link

I was getting this issue due to the clock of the server being out of sync.

I am using keycloak in an arch linux instance, in order to fix it I just had to enable systemd-timesyncd.service.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
oidc-server-client-offset-def
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@damienbod @alvachien @daniromome