No user in signinSilentCallback using identityserver and oidc client of javascript

Anonymous Creator picture Anonymous Creator · May 18, 2018 · Viewed 8.2k times · Source

I am getting user undefined in following code.

I have already authenticated user from MVC.

But when I use signinSilentCallback to get detail of that user, it is getting undefined using oidc-client in js.

It doesn't give any error as well.

        var mgr = new UserManager({
                    authority: "http://localhost:5000",
                    client_id: "js",
                    redirect_uri: "http://localhost:50144/signin-oidc",
                    silent_redirect_uri: "http://localhost:50144/signin-oidc",
                    response_type: "id_token token",
                    post_logout_redirect_uri: "http://localhost:50144/signout-callback-oidc",
                });

        mgr.signinSilentCallback().then(function (user) {

            //**Here user is undefined.**
            axios.defaults.headers.common['Authorization'] = "Bearer " + user.access_token;

        });

In Identityserver 4, client is defined as following.

new Client
                {
                    ClientId = "js",
                    ClientName = "js",
                    ClientUri = "http://localhost:50144",

                    AllowedGrantTypes = GrantTypes.Implicit,
                    AllowAccessTokensViaBrowser = true,
                    RequireClientSecret = false,
                    AccessTokenType = AccessTokenType.Jwt,

                    RedirectUris = 
                    {
                        "http://localhost:50144/signin-oidc",
                    },

                    PostLogoutRedirectUris = { "http://localhost:50144/signout-callback-oidc" },
                    AllowedCorsOrigins = { "http://localhost:50144" },

                    AllowedScopes =
                    {
                        IdentityServerConstants.StandardScopes.OpenId,
                        IdentityServerConstants.StandardScopes.Profile,
                        IdentityServerConstants.StandardScopes.Email
                    }
                }

Answer

Sohan picture Sohan · May 21, 2018

signinSilentCallback: Returns promise to notify the parent window of response from the authorization endpoint. https://github.com/IdentityModel/oidc-client-js/wiki

signinSilentCallback - This is not something will return you the user object.

If you really need to get the user object on silent renew i would suggest to use this approach with folloowing code snippet. This works for me in salesforce apps as well.

this.userManager.events.addAccessTokenExpiring(() =>
            {
                this.userManager.signinSilent({scope: oidcSettings.scope, response_type: oidcSettings.response_type})
                    .then((user: CoreApi.Authentication.Interfaces.OidcClientUser) =>
                    {
                        this.handleUser(user); // This function just set the current user
                    })
                    .catch((error: Error) =>
                    {
                        this.userManager.getUser()
                            .then((user: CoreApi.Authentication.Interfaces.OidcClientUser) =>
                            {
                                this.handleUser(user);
                            });
                    });
            });

We need to handle the getUser in catch as well due to one of bug reported for iFrame in oidc-client js

From above code focus on the way the silent renew is performed when the token expires.