Reputation: 1
Angular 2 ADAL token refresh, for implicit flow (using "adal-angular4")
There seems to be no practical way of refreshing the token in implicit flow. Has anyone been able to achieve this? MS documentation suggests doing the refresh in an Iframe, looking for suggestions of what methods to cal in adal ng2 or adal js!!!
Edit: I'm using this library https://github.com/benbaran/adal-angular4
EDIT: Don't use the aforementioned library, it's a real POS
Upvotes: 2
Views: 4151
Answers (3)
Reputation: 5770
I also implemented ADAL js in my Angular 5 application and have implemented it the following way:
The user authenticates with AD and gets an access token with a lifetime (60 min in my case). That token is cached in browser. Everytime a request to the backend is fired, the token is taken from Cache and will be sent to the backend.
Then, there's another parameter called expireOffsetSeconds (defined on frontend in Adal config). It's set to 600 (=10 mins) for me.
That means, that from minute 1 to minute 49 it takes the token from cache. In the last 10 minutes it then fires a new request to AD to renew the token.
Therefore, it is ensured that the user does not have to re-login every hour. BUT in case of inactivity the users' session automatically gets invalidated by ADAL.
Any feedback/improvements welcome :)
Upvotes: 1
Reputation: 28299
Using implicit flow you are not refreshing the current token, you need to get a new one.
Here is how I am handling that in my app:
I am using oidc-client-js (not adal js) that talks to IdentityServer. I have a token lifetime like 20 minutes. So in order to keep client authenticated for more than 20 minutes the new token has to be requested at some point. In order to do so I am checking if user is idle and when he is not, etc. based on the logic the new token can be obtained form the IdentityServer using signinSilent and automaticSilentRenew events. Refresh happening with iframe as it implemented in oidc-client-js.
UPDATE:
By looking in to adal-angular4 source you need to call acquireToken in order to renew the token. As per docs:
/**
* Acquire token from cache if not expired and available. Acquires token from iframe if expired.
* @param {string} resource ResourceUri identifying the target resource
* @param {requestCallback} callback
*/
acquireToken(resource: string, callback: (message: string, token: string) => any): void;
You can play with acquireToken using that example https://github.com/benbaran/adal-angular4-example use it as this.service.acquireToken(...) in home.component.ts
Upvotes: 2
Reputation: 7394
You don't need to do anything explicitly to renew tokens on ADAL js and angular. ADAL js automatically intercepts REST calls and, if the necessary token isn't present or near expiry, it will proactively renew the token in the background. It's all transparent to you, but there is no need to use refresh tokens in single page apps; the artifact representing the session with Azure AD is the cookie issued at authentication time. ADAL JS uses a hidden iframe to drive a UX-less authentication that leverages the presence of that cookie to get new tokens from Azure AD via implicit flow.
Upvotes: 1
Related Questions
- Angular JWT refresh token
- Angular seamless refresh token flow
- Angular with adal-angular4 and refresh token
- angular 5 adal.js automatic token renew in load angular twice or more
- Refresh id_token ADAL: Angular 4
- Adal js Library - this.adalService.acquireToken method giving "Token renewal operation failed due to timeout" on first time login
- Angular - JWT Refresh Token
- ADAL.js: How to force user to re-enter password after token expiry
- Adal & Adal-Angular - refresh token infinite loop
- JavaScript ADAL renew token on non-route change?