3

I have a site which is using IS4 and the front end is Angular 7. I have the oidc-client library to handle all user authentication etc and everything works fine. This is the first time I'm seeing this issue though. I can log in and interact just fine, with my permissions, role stuff and it's all good. Sometimes I get a strange error after some inactivity so when I try to perform a secured operation I get an error straightaway without even hitting my API. If I refresh the page and perform the action, it works fine.

I have implemented the silent renew callback in my component just like this:

@Component({
    selector: 'app-silent-renew-callback',
    templateUrl: 'silent-renew-callback.component.html'
})
export class SilentRenewCallbackComponent implements OnInit {
    constructor(private authService: AuthService) { }

    ngOnInit() {
        this.authService.signingSilentCallback();
    }
}

which then goes off to the authService code:

signingSilentCallback(): Promise<void> {
        return this.manager.signinSilentCallback()
                           .catch(e => {
                               console.log(e);
                           });
    }

My auth service event configuration looks like this:

@Injectable()
export class AuthService {
    private manager: UserManager;
    private user: User = null;

    constructor() {
        if (!environment.production) {
            Log.logger = console;
        }
        this.manager = new UserManager(getClientSettings());

        this.manager.getUser()
                    .then(user => {
                        this.user = user;
                    });

        this.manager.events.addUserSignedOut(() => {
            this.signOut();
        });

        this.manager.events.addAccessTokenExpired(() => {
            this.signOut();
        });
    }
}
export function getClientSettings(): UserManagerSettings {
    return {
        authority: environment.authorityUrl,
        client_id: 'my_client_id',
        redirect_uri: `${environment.baseUrl}/auth-callback`,
        post_logout_redirect_uri: environment.baseUrl,
        response_type: 'id_token token',
        scope: 'openid profile my_api',
        filterProtocolClaims: true,
        loadUserInfo: true,
        automaticSilentRenew: true,
        silent_redirect_uri: `${environment.baseUrl}/silent-renew-callback`,
    };
}

The thing is that reading some posts it looks like there should be an event hooked up when you renew the user:

this.manager.events.addUserLoaded(_ => {
            this.manager.getUser()
                        .then(user => {
                            this.user = user;
                        });
        });

My question is whether that's mandatory to be added when you use the silent renew or not and also, in case that is not needed, if that rings the bell of any issues you guys have come across this before.

Thanks

Carlos Torrecillas
  • 4,965
  • 7
  • 38
  • 69
  • Are you saying you want to renew accessToken and load same user before token expires? From above code you are doing signout on `addAccessTokenExpired` And below you are asking about token renew on signin silent. ? – Sohan Jul 02 '19 at 06:22
  • Cannot you have both events? I guess they could be combined? I haven't seen any sign out though. If you had duplicated tabs and one of them logs out, then the userSignedOut is triggered and the other screens go to the login page however the event below was something I put in place to also avoid an expired session to be carried on so that the user would go back to login. Does that make sense? – Carlos Torrecillas Jul 02 '19 at 06:29
  • Yes it make sense now. You need to trigger this even once user is logged in and assign to your user object. `addAccessTokenExpired ` must be used in context to notify user about token expiration or can be used to renew you access_token – Sohan Jul 02 '19 at 08:29
  • Yes, so to assign my user, I do return this.manager.signinRedirectCallback() .then(user => { this.user = user; }) .catch(e => { console.log('Error when performing signing redirect', e); this.signingSilentCallback(); }); when I complete authentication – Carlos Torrecillas Jul 02 '19 at 08:47
  • Yes that looks okay, so what is issue now? – Sohan Jul 02 '19 at 09:08
  • The issue is that previously I didn't have the this.manager.events.addUserLoaded(_ => { this.manager.getUser() .then(user => { this.user = user; }); }); and I'm not sure if that's going to fix the issue regarding user inactivity after a while of no interaction. I read that the silent renew would trigger that event and therefore the user will get automatically refreshed? If so, then I'm assuming the issue is fix with that code, otherwise I don't know what else could be triggering that error – Carlos Torrecillas Jul 02 '19 at 09:45

0 Answers0