Closed nhat-tr closed 4 months ago
Hi @nhat-tr , thank you for your issue.
I am not sure to understand the problem. There are 2 tokens: access_token and the refresh_token
It seems your configuration does not ask for the refresh_token. So silent signing is the only way to ask for a new access_token.
Oidc client refresh access_token before its invalidity. It is a design choice to try to always have a valid token to be able to use.
The time before ask for new tokens is configurable.
thank @guillaume-chervet for your quick reply. Wow, you are right, I forgot to activate refresh token. This is not a bug.
Issue and Steps to Reproduce
RefreshToken process always triggers silentLogin Process.
Instead of using the current VALID AccessToken to start a new Renew Token Process, oidc-client always treats the current AccessToken as INVALID and therefore an extra SilentLogin process has to be started to update the access token.
In my screenshot, my Access Token is clearly still valid and should be expired in 113 seconds. The
token_timer
event has "timeLeft
" as data, thistimeLeft
should be used to trigger renew token process. In renewToken process, this value(timeLeft)
is somehow reused to identify if the current Token still valid or not, this is INCORRECT.Source code: https://github.com/AxaFrance/oidc-client/blob/main/packages/oidc-client/src/renewTokens.ts
Because of this logic, the current token is INVALID and therefore
localsilentLoginAsync()
is triggered.Versions
@axa-fr/react-oidc 7.19.0
Screenshots
Expected
Do RenewToken with current valid access token
Actual
Treat the current valid acess token as invalid and do a seperate silent Login process to renew token.
Additional Details