Angular SPA - Logout Uri Redirection post token expiry (timeout) does not work

[amitskale]

Hi,

I am running the sample Okta Hosted Login with logout redirect uri. For that I followed all the steps provided at the following url:
https://developer.okta.com/docs/guides/sign-users-out/angular/sign-out-of-okta/

I added a logout component to the SPA application which is not there in the Okta Hosted Login sample example and added the code given at the above link in it. Also added the angular routing for the logout route and configured http://localhost:8080/logout rule in Okta against the SPA. Tested the logout route in the browser and it works as expected however after the access token times out the application is not redirected to /logout uri configured in Okta SPA. Access token timeout is set up to 5 min in the access policy rule and refresh token is setup with unlimited refreshes with 7 days of expiry if not used. After 5 min of timeout if I click on some other link in the application (say profile or messages) then it refreshes the token so there is no issue with the timeout config as I can see. However we want user to be redirected to logout page if there is no activity by user for 5 min (i.e. when the access token expires)

We have integrated Okta with our other ASP.Net MVC application and there logout redirection works flawlessly however for angular SPA application it does not seem to be working

I am using your code sample (Okta Hosted Login code sample) for reproducing this issue as mentioned above

Ready to share my logout component if you want though there is nothing special about it

Thanks in advance for acknowledging the issue

Thanks,
Amit Kale

[amitskale]

It's more than a month this issue is waiting to be responded to. May I request someone from Okta support team to respond to this please?

[aarongranick-okta]

@amitskale It sounds like you are describing what we call "active" auto-renew of tokens: some process is watching for token expiration and will renew them in the background before their expiration time. The current version of okta-angular implements "passive" auto-renew, which means tokens will only be renewed when they are read, which occurs when a user clicks on a protected route. An upcoming version of okta-angular will implement "active" auto renew. For now, you can provide your own renew logic:

// oktaAuth is an instance of Okta angular service
const tokenManager = oktaAuth.getTokenManager();
// expired will fire 30 second before the token is set to expire
tokenManager.on('expired', key => {
  tokenManager.renew(key).then(() => {
   // logic after successful token renew
  }).catch(err => {
    // logic after renew failure
  });
});

[amitskale]

@amitskale It sounds like you are describing what we call "active" auto-renew of tokens: some process is watching for token expiration and will renew them in the background before their expiration time. The current version of okta-angular implements "passive" auto-renew, which means tokens will only be renewed when they are read, which occurs when a user clicks on a protected route. An upcoming version of okta-angular will implement "active" auto renew. For now, you can provide your own renew logic:

// oktaAuth is an instance of Okta angular service
const tokenManager = oktaAuth.getTokenManager();
// expired will fire 30 second before the token is set to expire
tokenManager.on('expired', key => {
  tokenManager.renew(key).then(() => {
   // logic after successful token renew
  }).catch(err => {
    // logic after renew failure
  });
});

@aarongranick-okta Thanks for the response
I see what you mean and propose as a workaround. I will try that and see how it works...