1

I'm using "oidc-client": "1.10.1" for oidc authentication, below is my configuration for the userManager

const settings = {
    
    authority: (window as any).__env.auth.authority, //OAuth 2.0 authorization endpoint of the OpenID Provider
    
    client_id: (window as any).__env.auth.clientID, //
    
    redirect_uri: (window as any).__env.auth.redirectUri, //callback URI for the authentication response
    
    response_type: 'id_token token',
    
    scope: 'openid profile api',
    
    automaticSilentRenew: true,
    
    silent_redirect_uri: (window as any).__env.auth.silentRedirectUri,
    
    userStore: new WebStorageStateStore({ store: window.localStorage }),
    
    loadUserInfo: true,
    
    post_logout_redirect_uri: (window as any).__env.auth.postLogoutRedirectUri,
    
    silentRequestTimeout: 30000,
    
};

The silent renew token calls are not even made, i.e. the user gets logout after token expiration. Am I missing something?

P.S. I want to have the automatic renew of token working, because i tried the token renewal manually and it did work but doesn't seem like a reliable approach.

halfer
  • 19,824
  • 17
  • 99
  • 186
samridhi gupta
  • 23
  • 1
  • 5

1 Answers1

2

Here are a few things to check:

  • Are renewal messages being sent? Browser tools or a proxy such as Fiddler should give you some info.

  • Are you getting any info on errors or timers firing from OIDC client logs? Console output may help.

  • Are you processing renewal responses? You usually need to call user manager.signInSilentCallback.

  • Or it may just be that no renewal is happening because the token is not within 5 minutes of expiry.

enter image description here

RESOURCES OF MINE

Note that in my case I did not use a separate HTML file for renewal, and used index.html for both, along with this startup code.

Gary Archer
  • 22,534
  • 2
  • 12
  • 24
  • I did make it work manually and its working fine, but somehow the automatic renew is not even called , i have closelt looked into the network logs, if it fails i could see that in network, but the request is not even made for the silent renew. – samridhi gupta Sep 30 '20 at 09:04
  • also server side accesstoken lifetime is only 30min, is this could be a issue? – samridhi gupta Sep 30 '20 at 09:05
  • I believe renewal will only fire when a token is less than a few minutes from expiry. Try configuring the access token lifetime to be a small value such as 5 minutes and I think you'll see some requests fire - and OIDC Client log entries will show some timer events firing and doing nothing until the token is close to expiry - see above screenshot. – Gary Archer Sep 30 '20 at 12:39