Reputation: 1
Continuous loop and "Invalid grant" error during token refresh
I am using an angular application as client and Dotnet server as my backend. After logging in using a custom Dotnet authorization server that implements Openiddict and using the angular-auth-oidc-client package version 17, I encountered a continuous loop issue during token refresh. The token refresh enters into a loop of calls to connect/token, with each call being canceled and replaced by another call. This loop eventually ends with an "Invalid grant" error. This causes 100% CPU utilization in the authorization server, leading to the application being slow overall.
Operating System: Windows Angular Version: Version 17 Package Configuration:
authority: ********,
redirectUrl: window.location.origin,
postLogoutRedirectUri: window.location.origin,
clientId: ********,
scope: ********,
responseType: 'code',
silentRenew: true,
renewTimeBeforeTokenExpiresInSeconds: 120,
useRefreshToken: true,
logLevel: LogLevel.Debug,
ignoreNonceAfterRefresh: true,
Server Environment:
Dotnet Version=8.0.0
Microsoft.AspNetCore.OpenApi Version=8.0.0
Microsoft.EntityFrameworkCore.Design Version=8.0.0
Microsoft.AspNetCore.Authentication.Google Version=8.0.0
Microsoft.AspNetCore.Authentication.OpenIdConnect Version=8.0.0
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore Version=8.0.0
Microsoft.AspNetCore.Identity.EntityFrameworkCore Version=8.0.0
Microsoft.AspNetCore.Identity.UI Version=8.0.0
Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation Version=8.0.0
Microsoft.EntityFrameworkCore.SqlServer Version=8.0.0
Microsoft.EntityFrameworkCore.Tools Version=8.0.0
OpenIddict.AspNetCore Version=4.9.0
OpenIddict.EntityFrameworkCore Version=4.9.0
OpenIddict.Quartz Version=4.9.0
Quartz.Extensions.Hosting Version=3.8.0
Console error Network tab error
Steps to reproduce the behavior
- Log in to the application using the custom Dotnet authorization server.
- Wait until either the ID token or the access token expires.
- The application attempts to refresh the token by calling the endpoint connect/token.
- Observe that after a few successful silent refresh calls, the refresh call starts to fail, leading to a continuous loop of calls to connect/token.
- Eventually, the final call fails with an error message stating "Invalid grant."
This error mostly occurs when the application is idle for long time. Application source code - https://github.com/JoelDennyJoseph/AuthTestApp
The token refresh should occur smoothly without entering into a continuous loop, and there should be no "Invalid grant" error.
Upvotes: 0
Views: 89
Answers (0)
Related Questions
- Refresh token using Implicit flow. OpenIdDict
- The specified 'scope' is invalid. while refreshing token
- OpenIddict Authorization Code Flow & Refresh Tokens
- Authorization code got immediately expired after time zone changed
- OpenIdDict (Code Flow) - Handling Access Token Expiration
- How to Validate OpenID Connect Access Token generated by Azure AD v2 in ASP.NET core WEB API?
- How to integrate Social Login with existing .Net core Web API backend and Angular SPA frontend with working OpenIddict user/password and bearer token
- How can I prevent destructive auto-authorization on application startup when using "angular-auth-oidc-client"?