Is there a way to restrict no.of re-login attempts, on login failure?

AxaFrance / oidc-client

Light, Secure, Pure Javascript OIDC (Open ID Connect) Client. We provide also a REACT wrapper (compatible NextJS, etc.).

MIT License

579 stars 157 forks source link

Is there a way to restrict no.of re-login attempts, on login failure? #1415

Open nandeeshwar-p opened 1 month ago

nandeeshwar-p commented 1 month ago

At present when API fails to get the token after acquiring code, infinite no.of calls are made to get the token. Is there a way to restrict the no.of attempts to get the token.

guillaume-chervet commented 1 month ago

hi @nandeeshwar-p ,

I have remove it recently. But sure it can be readded. Which error do you have? I did that change to display session lost only when HTTP 400 occurs (session lost). The browser tab in sleep mode fail to call the OIDC server but tokens are still valid. I did not find the best solution, but may be a number of fail and tab active could bring to a session lost. Or may be a new event throwed after a number of fails attempts that are not =>400 < 500