Reputation: 207
oidc-client with IdentityServer3 - Angular2 SPA, how to refresh data access token
I'm using oidc-client.js with IdentityServer3.
I have everything working well at this point, except for renewing access tokens. I have an Angular2 SPA and I'm capturing the AccessTokenExpiring event and allowing the user to decide to continue working or logout. The logout was easy. However, i'm struggling with which userManager method to call to refresh my data access token. It seems if I use signInSilent(), I will need to provide a silent redirect uri, which I assume the Idsvr will redirect to, which I'd rather not have, as it would redirect from where the user is currently working. Is there a solid example of what I should be doing??
Thanks!!
Upvotes: 2
Views: 2453
Answers (2)
Reputation: 563
As I understand this, the signInSilent mechanism of the UserManager allows the the user to be authenticated in a hidden iframe.
The silent redirect uri should be where you process the token returned from IdentityServer.
Of course this can only work silently if the user is still logged in to IdentityServer at the moment the token expires.
If the user has been logged out of IdentityServer you can put some logic in your code (that gets triggered at your silent redirect uri) to detect this (IdentityServer will respond with an error login_required).
At which point you can trigger normal authentication here or using the silentRenewErrorevent.
The application state can be saved during a roundtrip to IdentityServer by passing it to UserManager.signinRedirect({data:'Your data here'}).
You could also use UserManager.signinPopup({data:'Your data here'} to avoid navigating away from the application in the main window. Where popup_redirect_uri can be where you process the callback and trigger the event with the new user to update any UI in your main window.
Issue which covers signInSilent process
Upvotes: 0
Reputation: 7435
Renewing tokens in the implicit flow is done by redirecting the user via the front channel (IOW the browser). There's no approach for programmatically doing this for JS style clients.
Upvotes: 2
Related Questions
- Silent Refresh Still Works After AccessToken Expiry
- Oidc client js: silent access token renew breaks because identity server authentication cookie sliding expiration doesn't work
- Refresh token for IdentityServer4
- Refresh tokens using owin middleware and IdentityServer v3
- Using IdentityServer4 Refresh Tokens
- IdentityServer 3 refresh user with refresh token
- silent renew in oidc-client-js does not work
- Identity Server 3 Implicit Flow with angular code to get token
- Identity Server 4 Angular 2 token expiration
- Oidc-client with IdentityServer3 - Angular2, how to logout and login properly