Reputation: 2760
IdentityServer 3 refresh tokens silently
I'm using Identity Server 3 to authenticate / authorize a user in an MVC application.
The MVC application uses the UseOpenIdConnectAuthentication method from IAppBuilder.
My MVC application has only one MVC controller which creates and Angular application.
Right now, when I make an ajax call and I get the response that the token has expired, I show a pop-up with a reload button that redirects that user to an action from HomeController which re authorizes the user through IS3 with a redirect.
My question - is there a way of doing this silently without having to use the pop-up and do the redirect?
Perhaps have an iFrame in the page that periodically makes requests to that action and saves the new tokens?
Or something similar ?
Is this doable in an Angular application which also uses a server side for authentication ?
Thanks you
Upvotes: 1
Views: 2525
Answers (1)
Reputation: 3145
If you want to renew the access token at the server side (Authorization code flow / Hybrid flow), you could make use of OIDC refresh tokens.
I believe you are looking for client side libraries (SPA client - Implicit flow) to refresh the Access tokens. Yes. This is possible via iframe. Have a look at the oidc-client JS library (look for signinSilent / automaticSilentRenew ) which renews Access tokens via iframe
Upvotes: 1
Related Questions
- SPA best practices for authentication and session management
- Refresh tokens using owin middleware and IdentityServer v3
- Return URL with Angular 6, angular-oauth2-oidc and IdentityServer 3
- AngularJS: How to clear query parameters in the URL?
- IdentityServer 3 refresh user with refresh token
- Identity server 4 and Angular app authenticate to achieve forever lasting session
- How to handle posts with IdentityServer3 as authentication server
- IdentityServer BestPractice when to refresh tokens
- IdentityServer handling timeouts and subsequent redirects
- Retrieving tokens from OAuth2 authorize endpoint in angularjs