IdentityModel / oidc-token-manager

Apache License 2.0
51 stars 36 forks source link

Silent renewal gets metadata every time it is called #46

Closed appetere closed 8 years ago

appetere commented 8 years ago

The renewTokenSilentAsync method takes a copy of the TokenManager settings then creates a new OidcClient using these.

Then it calls into loadMetadataAsync, makes a call to the metadata-endpoint and sets the result on settings.metadata.

But the next time renewTokenSilentAsync is run, the original settings are used without the metadata, and another call to the metadata-endpoint it required.

So I was wondering if this method could use the existing instance of OidcClient on TokenManager, to get the metadata once per instance of TokenManager?

My workaround is to make a call to loadMetadataAsync at application startup, so the TokenManager's settings.metadata property is set, which subsequent calls to renewTokenSilentAsync will then use.

For reference:

TokenManager.prototype.renewTokenSilentAsync = function () {
    var mgr = this;

    if (!mgr._settings.silent_redirect_uri) {
        return _promiseFactory.reject("silent_redirect_uri not configured");
    }

    var settings = copy(mgr._settings);
    settings.redirect_uri = settings.silent_redirect_uri;
    settings.prompt = "none";

    var oidc = new OidcClient(settings);
    return oidc.createTokenRequestAsync().then(function (request) {
        var frame = new FrameLoader(request.url);
        return frame.loadAsync().then(function (hash) {
            return oidc.processResponseAsync(hash).then(function (token) {
                mgr.saveToken(token);
            });
        });
    });
}
brockallen commented 8 years ago

Yea, I could see that as useful. Perhaps load by default with another flag to make it lazy load.

brockallen commented 8 years ago

Closing, as this has been addressed in the updated oidc-client (https://github.com/IdentityModel/oidc-client-js) replacement.