0

I am trying to do silent refresh using iFrame with Implicit Flow. I do not want to use automaticSilentRenew as it is not efficient. I am using oidc-client library in Angular 8 on the client side. So, there are two things which are happening :

1.) I am using auth-guard to secure the important components. In auth-guard i am checking if the token is valid, in case it's not then i am calling signinRedirect of the auth-service class to fetch the new token.

2.) I am not guarding the secure API calling component with auth-guard so that i could get the 401 unauthorized error for in-valid token. But if i guard it with auth-guard, it routes me to the auth-callback after getting the new set of tokens & the original request is lost.

I somehow wants to automate this process. Like, guarding the API invoking component with auth-guard and when i try to hit the API with expired token, the auth-guard comes into play, updates the current request with the valid token behind the scenes so as to give a seamless user experience. 

export class AuthService {

private manager = new UserManager(getClientSettings());
private user: User = null;


constructor() {
this.manager.getUser().then(user => {
  this.user = user;
});

this.manager.events.addAccessTokenExpiring(async function(){
  await this.manager.signinSilent().then(user => {   
      });  
});
}}

I am trying to catch addAccessTokenExpiring event in the constructor of my auth-service class and calling signinSilent to get the new access_token. The event does kick off prior to token expiration but i am getting this.manager undefined inside this event.

Please share your valuable inputs to attain this. Any existing example would be highly appreciable.

Thanking You!

Tarun Ohri

Tarun Ohri
  • 43
  • 1
  • 7
  • You can add some `state` to your auth request (ie: the original request). Then on the page you're receiving the callback, use this state to redirect back to that original request. – Pablo Recalde Feb 28 '20 at 10:24
  • @PabloRecalde Thanks for your prompt reply. I have edit my post, can you please have a look and try to help me where am i going wrong ? Thanks! – Tarun Ohri Feb 28 '20 at 11:53
  • this does not refer to your class when you use it inside a inline function that you're passing to another method. You'll need to either use an `arrow function` or `bind()` – Pablo Recalde Feb 28 '20 at 14:38

1 Answers1

0

My preference is to follow a similar approach but to not rely on the client side token expiry, by allowing a 401 to occur and then refreshing the token and retrying the API request with a new token.

If it helps, here are the 2 key classes:

Gary Archer
  • 22,534
  • 2
  • 12
  • 24
  • Yes @Gary, makes sense because if in case internet breaks down and the token expiry event got fire, in such case new token wont be able to receive and hence we would end up in 401 error eventually. So it is important to handle 401 in any case. – Tarun Ohri Mar 04 '20 at 17:52