Closed devlz303 closed 9 years ago
It's because your user is not logged in, a html page is being displayed, and the XFO is kicking in. For the silent renew to work, your user has to have marked "remember my consent".
Thanks for pointing me in the right direction. There was another problem, but your comment "a html page is being displayed" made me look into the actual response in Fiddler. The problem was I did not add the url for the frame.html to the redirecturi's for this client, which resulted in: The client application is not known or is not authorized. After I added the redirecturi, the client was known resulting in a response with tokens.
There was another problem I ran into. To test the silent renew I had set the AccessTokenLifetime to 60 seconds. But the clientside tokenmanager is fetching a new token 60 seconds before the old token expires. So after fetching a new token, the tokenmanager would trigger a new fetch. After chaning the AccessTokenLifetime setting to 120 seconds all was fine.
Kind regards!
Oh, and I forgot to mention: it wasn't needed to mark remember my consent to make te silent renew work.
If you've disabled consent in the server, then that avoids the prompt as well.
I have copied the OAuthJS sample code to test my IdentityServer with a SPA client (from https://github.com/IdentityServer/Thinktecture.IdentityServer3.Samples/tree/master/source/OAuthJS). Retrieving an access token is working fine, and the call to my Web API is also working like it should.
I also enabled the silent_renew options, but somehow this is not working. In the console log I see the message: token is about to expire And then an error occurs: Refused to display 'https://localhost:44324/identity/connect/authorize?rest_of_the_long_querystring' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
The identityserver is running on another host (port), so it's true the request is not from the same origin. I've tried to set X-Frame-Options header in IdentityServer (web.config), but now I end up with multiple X-Frame-Options headers. The SAMEORIGIN header is forced by IdentityServer (by the SecurityHeadersAttribute).
Is there something I can do to make it work?
Thanks!