Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

silent_renew bug #519

Closed
klanglie opened this issue Oct 13, 2019 · 3 comments
Closed

silent_renew bug #519

klanglie opened this issue Oct 13, 2019 · 3 comments

Comments

@klanglie
Copy link

klanglie commented Oct 13, 2019
edited
Loading

With silent_renew enabled, refreshSession() / createAuthorizeUrl is being called prior to authorize(urlHandler). This leads to what may be a race condition. Expected behavior would be to block refreshSession() until authorize is complete. It might be something IDSV4-related. This didn't seem to happen before the upgrade to v3.

{
"stsServer": "https://localhost:44318",
"redirect_url": "http://localhost:4400/oidc-callback",
"client_id": "myclient",
"response_type": "code",
"scope": "mySiteAccess openid profile",
"post_logout_redirect_uri": "http://localhost:4400",
"start_checksession": true,
"silent_renew": true,
"silent_renew_offset_in_seconds": 0,
"silent_renew_url": "http://localhost:4400/silent-renew.html",
"use_refresh_token": false,
"post_login_route": "/home",
"forbidden_route": "/forbidden",
"unauthorized_route": "/unauthorized",
"log_console_warning_active": true,
"log_console_debug_active": false,
"max_id_token_iat_offset_allowed_in_seconds": 120,
"apiServer": "https://localhost:44390/",
"apiFileServer": "https://localhost:44378/",
"siteName": "My Site"
}

Error: Invalid redirect_uri{ redirectUri: "http://localhost:4400/silent-renew.html", expectedRedirectUri: "http://localhost:4400/oidc-callback" }, details: TokenRequestValidationLog { ClientId: "myclient", ClientName: "myclient", GrantType: "authorization_code", Scopes: null, AuthorizationCode: "i0-mw8cjUT68Z-JajYmzze5DEFVxG-_4QAWdDQYc3xA", RefreshToken: null, UserName: null, AuthenticationContextReferenceClasses: null, Tenant: null, IdP: null, Raw: [("grant_type": "authorization_code"), ("client_id": "myclient"), ("code_verifier": "C0.30956101666064106157083750138015708375013800.8447167887744094"), ("code": "i0-mw8cjUT68Z-JajYmzze5DEFVxG-_4QAWdDQYc3xA"), ("redirect_uri": "http://localhost:4400/silent-renew.html")] }
@elwray elwray mentioned this issue Nov 24, 2019
Closed
@gjberghuis gjberghuis mentioned this issue Feb 11, 2020
Merged
@FabianGosebrink
Copy link
Collaborator

Will be fixed in rls 11 as well

@jorisbrauns jorisbrauns mentioned this issue Apr 27, 2020
Closed
@BrettJG
Copy link

BrettJG commented Apr 29, 2020

@FabianGosebrink , any ETA on release 11?

@FabianGosebrink
Copy link
Collaborator

FabianGosebrink commented Apr 29, 2020
edited
Loading

Hey @BrettJG , please see the issue here: #609 we have the most of it done. We are currently working on the docs and testing. You can hoewever jump in right now and use it if you a) clone the branch and copy the files over until it is released or you can npm install directly from the github repo and use the branch. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

PCKE proper access token request. elwray/angular-auth-oidc-client
3 participants
@FabianGosebrink @klanglie @BrettJG