You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a IDS4 server and use silent renew. Generally, the output in the log looks a bit like this:
oidc.logger.service.ts:20 silentRenewHeartBeatCheck
silentRenewRunning: false
idToken: true
_userData.value: true
oidc.logger.service.ts:20 Token not expired?: 1585317895000 > 1585317894852 (true)
oidc.logger.service.ts:20 silentRenewHeartBeatCheck
silentRenewRunning: false
idToken: true
_userData.value: true
oidc.logger.service.ts:20 Token not expired?: 1585317895000 > 1585317897855 (false)
oidc.logger.service.ts:20 IsAuthorized: id_token isTokenExpired, start silent renew if active
oidc.logger.service.ts:20 BEGIN refresh session Authorize
oidc.logger.service.ts:20 RefreshSession created. adding myautostate: <<STATE>>
oidc.logger.service.ts:20 startRenew for URL:https://localhost:44365/connect/authorize?client_id=MyClientID&redirect_uri=https%3A%2F%2Flocalhost%3A4200%2Fassets%2Fsilent-renew.html&response_type=code&scope=openid%20profile%20Some.Service&nonce=N0.<<NONCE>>&state=<<STATE>>&code_challenge=<<CHALLENGE>>&code_challenge_method=S256&prompt=none
oidc.logger.service.ts:20 silentRenewEventHandler
oidc.logger.service.ts:20 BEGIN authorized Code Flow Callback, no auth data
oidc.logger.service.ts:20 history clean up inactive
oidc.logger.service.ts:20 {id_token: "<<IDTOKEN>>", access_token: "<<ACCESSTOKEN>>", expires_in: 30, token_type: "Bearer", scope: "openid profile Some.Service", …}
oidc.logger.service.ts:20 authorizedCallback created, begin token validation
oidc.logger.service.ts:20 jwks_uri: https://localhost:44365/.well-known/openid-configuration/jwks
oidc.logger.service.ts:20 validate_id_token_iat_max_offset: 877 < 10000
oidc.logger.service.ts:20 Token not expired?: 1585317928000 > 1585317898878 (true)
oidc.logger.service.ts:20 at_hash from the server:<<HASH>>
oidc.logger.service.ts:20 at_hash client validation not decoded:<<HASH>>
oidc.logger.service.ts:20 AuthorizedCallback token(s) validated, continue
oidc.logger.service.ts:20 <<TOKEN>>
oidc.logger.service.ts:20 <<TOKEN>>
oidc.logger.service.ts:20 storing to storage, getting the roles
oidc.logger.service.ts:20 getIsAuthorized: true
oidc.logger.service.ts:20 silentRenewHeartBeatCheck
silentRenewRunning: false
idToken: true
_userData.value: true
oidc.logger.service.ts:20 Token not expired?: 1585317928000 > 1585317901520 (true)
And then it continues with the heartbeat check and soon we'll have the same sequence.
The problem comes in when the server is uncontactable. I fake it by stopping and restarting the server when I expect the token to expire, but the same can happen just because of network instability.
Then it looks like this:
silentRenewHeartBeatCheck
silentRenewRunning: false
idToken: true
_userData.value: true
oidc.logger.service.ts:20 Token not expired?: 1585317928000 > 1585317925535 (true)
oidc.logger.service.ts:20 silentRenewHeartBeatCheck
silentRenewRunning: false
idToken: true
_userData.value: true
oidc.logger.service.ts:20 Token not expired?: 1585317928000 > 1585317928537 (false)
oidc.logger.service.ts:20 IsAuthorized: id_token isTokenExpired, start silent renew if active
oidc.logger.service.ts:20 BEGIN refresh session Authorize
oidc.logger.service.ts:20 RefreshSession created. adding myautostate: <<STATE>>
oidc.logger.service.ts:20 startRenew for URL:https://localhost:44365/connect/authorize?client_id=MyClientID&redirect_uri=https%3A%2F%2Flocalhost%3A4200%2Fassets%2Fsilent-renew.html&response_type=code&scope=openid%20profile%20Some.Service&nonce=<<NONCE>>&state=<<STATE>>&code_challenge=<<CODE>>&code_challenge_method=S256&prompt=none
So it all seems to work until it tries to hit the URL. Since the URL is unavailable, it never receives tokens and remains in a waiting state. Even when the server comes back online, the silent renew is never triggered again.
I have two questions about this:
Is the server is unreachable long enough for the request to time out, shouldn't it retry the request in case the server becomes available again?
If the server is unavailable long enough for the refresh token to expire, shouldn't there then be some error or event raised?
And a related bonus question:
What is the recommended way to detect authentication errors during silent renew?
The text was updated successfully, but these errors were encountered:
I have a IDS4 server and use silent renew. Generally, the output in the log looks a bit like this:
And then it continues with the heartbeat check and soon we'll have the same sequence.
The problem comes in when the server is uncontactable. I fake it by stopping and restarting the server when I expect the token to expire, but the same can happen just because of network instability.
Then it looks like this:
And from here, this bits repeats endlessly:
So it all seems to work until it tries to hit the URL. Since the URL is unavailable, it never receives tokens and remains in a waiting state. Even when the server comes back online, the silent renew is never triggered again.
I have two questions about this:
And a related bonus question:
What is the recommended way to detect authentication errors during silent renew?
The text was updated successfully, but these errors were encountered: