Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing RefreshToken causes erroneous token request #909

Closed
KluSe opened this issue Nov 27, 2020 · 1 comment
Closed

Missing RefreshToken causes erroneous token request #909

KluSe opened this issue Nov 27, 2020 · 1 comment
Labels
enhancement

Comments

@KluSe
Copy link

KluSe commented Nov 27, 2020

Describe the bug
In some cases, the client might not get a RefreshToken when requesting one, e.g. because the OP does not provide one or the user did not consent to the "offline_access" claim. In this case the client will still attempt a refresh with the string value "undefined" as RefreshToken, likely because in auth-state.service.ts#L77 decodeURIComponent() is called on the Token without a check if the token actually exists. If the token is undefined, the method will return the string "undefined".

To Reproduce

  • Configure the client with useRefreshToken: true and silentRenew: true
  • Ensure the server does not actually return a RefreshToken
  • Wait for the AccessToken to expire
  • The client will attempt a token request with grant_type=refresh_token and code=undefined.

Expected behavior
If no RefreshToken is present, no attempt to refresh should be made.
@juanpgarces juanpgarces mentioned this issue Jan 18, 2021
Merged
@damienbod
Copy link
Owner

fixed will be released in 11.4.3 @KluSe Thanks for reporting. @juanp3053 thanks for fixing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@damienbod @KluSe