-
Notifications
You must be signed in to change notification settings - Fork 215
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access token not renewed if expired #1601
Comments
|
OK, but it doesn't do it, if the access token is already expired, only if it's expiring soon. That's my question if this should be changed?! |
When a look at the code, it does (see "if it's negative, it will still fire" below): oidc-client-ts/src/AccessTokenEvents.ts Lines 26 to 57 in 1aaeb94
You may need to enable logging to console at debugging level to see what is going on with your application: import { Log } from "oidc-client-ts";
Log.setLogger(console);
Log.setLevel(Log.DEBUG) |
Yes, the event Edit:
However if at (3) the access token isn't already expired, but expires soon, there is no need to register for any events and the access token is renewed automatically. If setting the log level to |
Have you enabled oidc-client-ts/src/SilentRenewService.ts Lines 47 to 63 in 1aaeb94
|
Yes, oidc-client-ts/src/SilentRenewService.ts Line 23 in 1aaeb94
|
I agree. This code of only doing |
This is probably a better way to handle this within ...
// this will trigger loading of the user so the expiring events can be initialized
try {
const user = await this._userManager.getUser();
if (user?.expired) {
// we only listen on token expiring, thus request a new token if the current one is expired
await this._tokenExpiring();
}
}
catch (err) {
// catch to suppress errors since we're in a ctor
logger.error("getUser error", err);
}
... Can you test this? |
I've been bit by this as well, one question: after a signinSilent failure (I am getting a 400 - Invalid token from Keycloak) the library doesn't do anything with the user, wouldn't it make sense to somehow clear it? Am I responsible to do that, and what would be the best API to call? If I do nothing subsequent calls to getUser() simply return the same user, with no indication that the access and/or refresh token are not valid anymore. After adding
|
Silent renew of the access token is only done if it expires soon, not if it's already expired. It's possible to manually trigger renewal for expired access tokens by
but I wonder, why it's not done by default? Any specific reason for this, or could it be added by default?
The text was updated successfully, but these errors were encountered: