User waiting on login page causes an error

lab-willharper commented 1 month ago

Issue and Steps to Reproduce

When a user goes through the following steps, the service worker throws an error

Trigger login.
Wait for redirect to auth provider page.
Wait 5-7 min on the auth provider login screen.
Enter credentials and submit.
Redirect back to login page will trigger a "Refresh token should be hidden by service worker" error in the console.

Versions

7.20.1

Screenshots

Expected

The user logs in successfully and can use our application

Actual

There is an error in the application thrown by the service worker

Additional Details

Current configuration

export const oidcConfig = { 
  authority: window.identityUrl, 
  client_id: 'ClientUI', 
  redirect_uri: (window as any).location.origin + '/authentication/callback', 
  silent_redirect_uri: (window as any).location.origin + '/authentication/silent-callback', 
  grantType: 'code', 
  scope: 'offline_access api_1 api_2', 
  refresh_time_before_tokens_expiration_in_second: 120, 
  service_worker_relative_url: '/OidcServiceWorker.js', 
  token_automatic_renew_mode: TokenAutomaticRenewMode.AutomaticOnlyWhenFetchExecuted 
};

Root cause appears to be related to the fact that it cannot retrieve the code_verifier from the service worker, but the code_verifier is in session_storage

guillaume-chervet commented 1 month ago

Hi @lab-willharper , you are right thank you for your issue. I know how to fix this and I will when i will be back from holiday. It is link to service worker lifetime.

lab-willharper commented 1 month ago

Thanks @guillaume-chervet!

I did have another fix idea in relation to rehydrating the worker from session storage. I am testing through that solution locally and can raise a PR depending on the results of that testing. Reading through the codebase though, was it a design choice not to rehydrate or is there another reason for not doing so? I do not have the most experience when working with service workers.

AxaFrance / oidc-client