11.1.2 Returns tokens but doesn't apply them

[JohnGalt1717]

Describe the bug
11.1.2 gets the tokens and returns them on forceRefreshSession. Sometimes the result is null, sometimes the tokens are there. But they don't apply to the authentication so the getPayloadFromIdToken() call still returns the old token in all cases.

Happens on all browsers.

Should await the silent renew or refresh call and not return until completed and then return the tokens but also apply them to the authentication configuration so that getPayloadFromIdToken() returns the current authentication.

[FabianGosebrink]

Hey @JohnGalt1717, which flow are you using? Do you have an example config? Thanks

[JohnGalt1717]

oidcConfigService.withConfig({
	stsServer: apiUrl,
	redirectUrl: `${location.protocol}//${location.host}`,
	postLogoutRedirectUri: LOGOUT_PATH,
	postLoginRoute: DEFAULT_LOGIN_REDIRECT_PATH,
	clientId: CLIENT_ID,
	scope: 'openid profile email',
	responseType: 'code',
	silentRenew: true,
	storage: localStorage,
	silentRenewUrl: `${location.protocol}//${location.host}/silent-renew.html`,
	logLevel: environment.production ? LogLevel.Error : LogLevel.Debug,
	autoUserinfo: true,
	forbiddenRoute: FORBIDDEN_PATH,
	autoCleanStateAfterAuthentication: true,
	triggerAuthorizationResultEvent: true,
	maxIdTokenIatOffsetAllowedInSeconds: 600,
	unauthorizedRoute: UNAUTHORIZED_PATH,
	renewTimeBeforeTokenExpiresInSeconds: 20,
});

[damienbod]

@JohnGalt1717 I'll test this, but it should work. Will test again. We don't have an check it the renew is already running, so if you call this multiple times before the last renew is finished, the tokens will be null maybe. Just trying to understand what goes wrong, I'll test this again

Thanks for reporting.

Greetings Damien

[damienbod]

@JohnGalt1717 thanks for reporting. The forkJoin we use only returns once, then it no longer works.

For the moment, until we fix, the authenticated$ event can be used and the get token.

[JohnGalt1717]

@damienbod I'm confused. I would assume that every time I call the force function it should return the updated tokens AND apply them. That isn't happening with silent renew per the release notes. I either get null or I get the new ones returned by they're not applied to the authentication. (id)

Doesn't seem to matter if it's the first time or the next time after that, but I would assume that it would return once and only once on the call on subscribe, but every time you call the force function it would work properly and return the updated tokens applied to the security service?

[damienbod]

Hi @JohnGalt1717
I would assume that every time I call the force function it should return the updated tokens AND apply them. That isn't happening with silent renew per the release notes. I either get null or I get the new ones returned by they're not applied to the authentication. (id)

yes, this is what should happen, and we have an implementation bug. :( We fix this now.

Greetings Damien

[JohnGalt1717]

Thanks!

[damienbod]

fixed in version 11.1.3, thanks for reporting