Silent renew infinite looping in Vue application

Question

I have a Vue application within which I am trying to set up silent token renewal.

My Oidc configuration looks like the below:

var mgr = new Oidc.UserManager({
    authority: process.env.VUE_APP_IDENTITY_URL,
    client_id: process.env.VUE_APP_CLIENT_ID,
    redirect_uri: process.env.VUE_APP_REDIRECT_URI,
    scope: 'openid profile',
    response_type: 'id_token token',
    silent_redirect_uri: process.env.VUE_APP_SILENT_REDIRECT_URI,
    userStore: new Oidc.WebStorageStateStore({store: localStorage}),
    automaticSilentRenew: true,
    filterProtocolClaims: true,
    loadUserInfo: true,
})

I also have a static silent-renew.html page:

<!DOCTYPE html>
<html>
<head>
    <title>Silent Renew Token</title>
</head>
<body>
    <script src='oidc-client.min.js'></script>
    <script>        
        new Oidc.UserManager().signinSilentCallback().catch((err) => {
            console.log(err);
        });
    </script>
</body>
</html>

when I load up the application the silent renew just infinitely loops over and over:

my access token is not due to expire for another hour yet it still is triggering the event, I cannot get to the bottom of this. Does anyone know what else could cause this to loop?

Can you register a callback for event: accessTokenExpiring: Raised prior to the access token expiring. var mgr = new UserManager(); mgr.events.addAccessTokenExpiring(function(){ console.log("token expiring..."); }); This may help you in debug. Also, is it really required to set automaticSilentRenew: true. There may be better ways to handle the 401 error. — Prateek Kumar Dalbehera, May 15 '20 at 11:18
the error isn't a 401, the error is that it's making the request many times without the access token expiring. All the requests are made successfully as displayed by the screenshot above. I have already registered this event to log to console (accessTokenExpiring) and it is not logging when the looping is occuring so something else other than token expiry is causing the silent renew to loop. — DrollDread, May 15 '20 at 11:20
Please see the wiki: https://github.com/IdentityModel/oidc-client-js/wiki. automaticSilentRenew (boolean, default: false): Flag to indicate if there should be an automatic attempt to renew the access token prior to its expiration. The attempt is made as a result of the accessTokenExpiring event being raised. My point was automatic silent renew may not be required if you can implement better alternatives. — Prateek Kumar Dalbehera, May 15 '20 at 11:40
oidc-client.min.js - is it the same file referred by the VUE application & the html page? — Prateek Kumar Dalbehera, May 15 '20 at 11:41
@PrateekKumarDalbehera what would you consider to be a better alternative? If it was working as expected it would be a good solution to my situation IMO. Yes both import the same minified javascript file 'oidc-client.min.js'. — DrollDread, May 15 '20 at 12:18

score 5 · Accepted Answer · answered May 15 '20 at 13:37

5

Fixed by setting monitorSession: false in client settings. Having this to true was causing duplicate checks on token expiry.

answered May 15 '20 at 13:37

DrollDread

321
4
22

Silent renew infinite looping in Vue application

1 Answers1