Silent renew - Error if is expired time less than 60 seconds

[Jenan]

I recieved the Error message "interaction_required" in this method:

How can I fix this?

And token has only expired but not renewed.

Thank you.

function configureAutoRenewToken(mgr) {

    if (mgr._settings.silent_redirect_uri && mgr._settings.silent_renew) {

        mgr.addOnTokenExpiring(function () {
            mgr.renewTokenSilentAsync().catch(function (e) {
                mgr._callSilentTokenRenewFailed();
                console.error(e && e.message || "Unknown error"); => Throw the error this line
            });
        });

    }

}

[brockallen]

"interaction_required" means the user must interact and thus a silent renew will never work. You must log the user in via an interactive window.

[Jenan]

What do you mean with "interactive window"?

Is possible to configure OIDC manager for refresh access token for user automatically in the background of the app?

[brockallen]

What do you mean with "interactive window"?

One in which the user interacts. IOW, they have to re-authenticate.

Is possible to configure OIDC manager for refresh access token for user automatically in the background of the app?

Yes, this is the silent renew feature. But it only works as long as they stay logged into the token service.

[Jenan]

The problem with error called "interactive window" was because I don't confirm the remeber of the consent screen.

This feature the silent_renew causes of refresing the page. Is possible to create this refresh without refresh via ajax call or somthing like this?

Thank you.

[brockallen]

This error is from the spec: https://openid.net/specs/openid-connect-core-1_0.html#AuthError

[Jenan]

OK.

This feature the silent_renew causes of refresing the page. Is possible to create this refresh access_token without refresh via ajax call or somthing like this?

[brockallen]

This feature the silent_renew causes of refresing the page.

Ok, this sounds odd to me.

On a side note, there is a major rewrite going on as we speak: https://github.com/IdentityModel/oidc-client-js/issues/2. As a result, the underlying silent renew will be working similar, but different. Perhaps you can try from the dev branch and see how it's working for you? I plan to release in the next week or so.

[Jenan]

I'll try your new version of oidc client.

I mean with refreshing - the reload all the page for getting new acess token via iframe - before expiration token - 60 seconds.

I am wondering about getting new access token before expiration old access token but without complete reloading of current page - this used the ajax and http request.

[brockallen]

mean with refreshing - the reload all the page for getting new acess token via iframe - before expiration token - 60 seconds.

Ok, I can't read. So yes, this is the behavior -- 60 seconds prior to token expiration the silent renew feature gets a new access token. The entire page should not be refreshing.

[Jenan]

I can see this behavior of reloading page on the video: https://vimeo.com/131636653 - 53:16.

[brockallen]

Not sure what you mean.

I'd suggest trying the sample code in the most recent dev branch, but the timers is the only thing I've not yet ported over.

[Jenan]

I meant automatic refresh index.html after expiration the old access token. It isn't good user experience - reload the whole page.

[brockallen]

It doesn't do that. What you saw on the video was javascript updating the page when it received a notification that the iframe came back with an updated token.

Try the samples -- I think that will help your understanding.

[Jenan]

Brock, I tried the samples as you recommended.

I'm wondering about correct way for sillent renew an access token - without redirect to index.html.

Can I in the renew the access token only recreate value in localStorage where is stored the access token? I want to avoid redirected to index.html for updating access token.

[Jenan]

I meant something like this:

TokenManager.prototype.processTokenCallbackSilent = function (hash) {
        var mgr = this;

        if (window.parent && window !== window.parent) {
            var hash = hash || window.location.hash;
            if (hash) {
                //window.parent.postMessage(hash, location.protocol + "//" + location.host);

                var lochash = hash.substr(1);
                var result = OidcClient.parseOidcResult(lochash);
                if (result) {
                    mgr.saveToken(result);
                }
            }
        }
    }

[brockallen]

I'm wondering about correct way for sillent renew an access token - without redirect to index.html.

I don't follow. The purpose of the silent renew is to open an iframe and receive back the result so the main window can maintain state. Also, it's posted as a message so the main window's config can deal with the storage requirements, rather than the silent renew callback window needing the recreate all the same config.