syncTokensInfoAsync inside RenewToken does not work correctly

[nhat-tr]

Issue and Steps to Reproduce

RefreshToken process always triggers silentLogin Process.

Instead of using the current VALID AccessToken to start a new Renew Token Process, oidc-client always treats the current AccessToken as INVALID and therefore an extra SilentLogin process has to be started to update the access token.

In my screenshot, my Access Token is clearly still valid and should be expired in 113 seconds. The token_timer event has "timeLeft" as data, this timeLeft should be used to trigger renew token process. In renewToken process, this value (timeLeft) is somehow reused to identify if the current Token still valid or not, this is INCORRECT.

Source code: https://github.com/AxaFrance/oidc-client/blob/main/packages/oidc-client/src/renewTokens.ts

Because of this logic, the current token is INVALID and therefore localsilentLoginAsync() is triggered.

Versions

@axa-fr/react-oidc 7.19.0

Screenshots

Expected

Do RenewToken with current valid access token

Actual

Treat the current valid acess token as invalid and do a seperate silent Login process to renew token.

Additional Details

• Installed packages: @axa-fr/react-oidc 7.19.0

[guillaume-chervet]

Hi @nhat-tr , thank you for your issue.

I am not sure to understand the problem. There are 2 tokens: access_token and the refresh_token

It seems your configuration does not ask for the refresh_token. So silent signing is the only way to ask for a new access_token.

Oidc client refresh access_token before its invalidity. It is a design choice to try to always have a valid token to be able to use.

The time before ask for new tokens is configurable.

[nhat-tr]

thank @guillaume-chervet for your quick reply. Wow, you are right, I forgot to activate refresh token. This is not a bug.