[Bug]: Silent renew using access token not id token like documented

[spikehockey75]

Version

15

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

[DEBUG] 0-scfr_ui - silent renew, periodic check finished!
angular-auth-oidc-client.mjs:4249 [DEBUG] 0-scfr_ui - Checking: silentRenewRunning: false, isCodeFlowInProgress: false - has idToken: true - has userData: true
angular-auth-oidc-client.mjs:4249 [DEBUG] 0-scfr_ui - Has accessToken expired: false --> expires in 8:27 , 11:40:25 AM > 11:31:58 AM

Steps to reproduce the behavior

No response

A clear and concise description of what you expected to happen.

We expect the library to refresh tokens on id_token expire time not access_token.

Additional context

We have been using the library for awhile and it used to refresh when id token expired, like silent renew says it does but now it appears to be checking access_token and since they are out of sync its causing issues with our implementation.

[damienbod]

Hi @spikehockey75

We added a configuration for this:

https://angular-auth-oidc-client.com/docs/documentation/configuration#disableidtokenvalidation

Some people only want to use the access token.

Can you check if this is enabled?

If this is enabled, then it should work, otherwise we have a bug in the lib.

Greetings Damien

[spikehockey75]

we tried manually setting it to false and still does not appear to be working

[damienbod]

@spikehockey75 This could be a bug then, can you send your client configuration?

Greetings Damien

[spikehockey75]

sure thing! @damienbod

version "angular-auth-oidc-client": "15.0.3",

    imports: [
      AuthModule.forRoot({
        config: {
          authority: environment.stsServer,
          redirectUrl: `${window.location.origin}/resolve`,
          clientId: 'custom_ui',
          scope: 'openid StandardWorkforceAndCDGroups',
          responseType: 'code',
          triggerAuthorizationResultEvent: true,
          postLogoutRedirectUri: `${window.location.origin}/unauthorized`,
          startCheckSession: false,
          silentRenew: true,
          postLoginRoute: '/main',
          ignoreNonceAfterRefresh: true,
          disableRefreshIdTokenAuthTimeValidation: true,
          triggerRefreshWhenIdTokenExpired: true,
          forbiddenRoute: '/forbidden',
          unauthorizedRoute: '/unauthorized',
          useRefreshToken: true,
          logLevel: LogLevel.Debug,
          disableIdTokenValidation: false,
          renewTimeBeforeTokenExpiresInSeconds: 10,
          issValidationOff: true,
          customParamsAuthRequest: {['auth_groups']: 'group_'}
        }
      })],
    exports: [AuthModule]
})

[spikehockey75]

Any update on this?

[spikehockey75]

Sorry didnt mean to hit close.

[spikehockey75]

@damienbod any idea on this?

[spikehockey75]

@damienbod any idea?

[damienbod]

@spikehockey75 busy with the day job, will try to make time to look at this

Greetings Damien

[damienbod]

Just created a PR to fix this, will release it once the tests are good

@spikehockey75 Thanks for reporting

greetings Damien

[damienbod]

Will be released in 15.0.5