silent token renew in identity server 4 with js client app not working as expected

access-token identityserver4 oidc-client-js implicit-flow
Mahesh Gupta picture Mahesh Gupta · Apr 17, 2017 · Viewed 8.3k times · Source

I am working with identity server 4 to provide identity services to different apps in an enterprise arch.

Registered an SPA application using implicit flow with the identity server 4 app with oidc-client.js and is working.

But the problem is with token renew, need to preserve user login for a long period of time with out asking user to login again.

To make this happen implemented silent token renew with the following configuration.

var config = {
    authority: "http://localhost:5000",
    client_id: "jswebclient",
    redirect_uri: "http://localhost:5003/callback.html",
    response_type: "id_token token",
    scope: "openid profile api1",
    post_logout_redirect_uri: "http://localhost:5003/loggedout.html",
    automaticSilentRenew: true,
    silent_redirect_uri : "http://localhost:5003/callback.html" };

var mgr = new Oidc.UserManager(config);

with the above configuration automatic renew is happening but it is not silent renew as expected, complete page redirect to the redirect uri is happening to handle response from identity server.

for ex: index.html is my actual page in which silent renew happens and callback.html is the redirect uri , index.html is redirected to callback.html and then renewed and then redirected back to index.html, actual network log is attached below,enter image description here

can any one pls help me solve the issue to make silent renew happen.

Answer

Mahesh Gupta picture Mahesh Gupta · Apr 19, 2017

after googling a lot and referring to many articles i found out the issue, which is with the configuration, it worked after changing the configuration to the below 

var config = {
    authority: "http://localhost:5000",
    client_id: "jswebclient",
    redirect_uri: "http://localhost:5003/callback.html",
    response_type: "id_token token",
    scope: "openid profile api1",
    post_logout_redirect_uri: "http://localhost:5003/loggedout.html",
    automaticSilentRenew: true,
    silent_redirect_uri: "http://localhost:5003/silentrenew.html"   
};

var mgr = new Oidc.UserManager(config);

created a new silentrenew.html page to handle silent renew response and added the below script in the page

 <script>
    new Oidc.UserManager().signinSilentCallback();        
 </script>

thats all... it started working as expected.

Related questions

IdentityServer4 Access Token Lifetime

I am using IdentityServer4, and its configuration is in the database. There is a silent renewal on the client (oidc). I have set the following lifetime settings for the client: AbsoluteRefreshTokenLifetime = 60 * 30,//30 mins AccessTokenLifetime = 60 * 5,//5 mins SlidingRefreshTokenLifetime = 60 * 15 // 15 mins What should happen? How …

Read More
How to make IdentityServer to add user identity to the access token?

Short: My client retrieves an access token from IdentityServer sample server, and then passes it to my WebApi. In my controller, this.HttpContext.User.GetUserId() returns null (User has other claims though). I suspect access token does not have nameidentity …

Read More
Basic HTTP and Bearer Token Authentication

I am currently developing a REST-API which is HTTP-Basic protected for the development environment. As the real authentication is done via a token, I'm still trying to figure out, how to send two authorization headers. I have tried this one: …

Read More