Session timeout using SPA and oidc-js

Question

I am using angular 5 with oidc-client and identity server 4. Is session timeout supported in oidc-client or i need to implement it manually ?

By Session Timeout i mean, the user will be logged out after sometime of inactivity

Answer 1

for your SPA applications you can use the implicit flow, refresh token is not possible automatically but oidc-client.js can make it easy for you. you can use the silent refresh, oidc-client will send the active cookie session to get a new access_token just before the expiration of the new one. you need only to configure it

const config = {
  authority: xxxxx,
  client_id: xxxxx,
  popup_redirect_uri: `${OidcConfig.clientRoot}/assets/html/popup-login-redirect.html`,
  scope: 'openid profile',
  response_type: 'id_token token',
  post_logout_redirect_uri: `${OidcConfig.clientRoot}?postLogout=true`, // delet all stored tokens after logout
  userStore: new WebStorageStateStore({ store: window.localStorage }),
  automaticSilentRenew: true, // enable silent refresh
  silent_redirect_uri: `${OidcConfig.clientRoot}/assets/html/silent-refresh-redirect.html` // here when you can get the new tokens
};

here is the content of silent-refresh-redirect.html

  <script src="https://cdnjs.cloudflare.com/ajax/libs/oidc-client/1.5.1/oidc-client.min.js"></script>
  <script>
  var config = {
     userStore: new Oidc.WebStorageStateStore({ store: window.localStorage })
  };
  new Oidc.UserManager(config).signinSilentCallback()
    .catch((err) => {
        console.log(err);
    });

  </script>