A question about the redirect uri in silent-renew feature

[linsolas]

Hello,

Thanks for the Silent Token Renewal feature, which is really useful for us. However, I have a question about its implementation. As far as I understand this feature, I have to provide an URI which looks like http://my-server/#/silent-renew. However, if I look on the RFC 6749 (The OAuth 2.0 Authorization Framework), it says that the endpoint URI should not include fragment:

The redirection endpoint URI MUST be an absolute URI as defined by [RFC3986] Section 4.3. The endpoint URI MAY include an "/x-www-form-urlencoded" formatted (per Appendix B) query component ([RFC3986] Section 3.4), which MUST be retained when adding query parameters. The endpoint URI MUST NOT include a component.

On our context, we use ForgeRock solution that does not allow fragments in the redirect_uri, which prevents the silent token renewal to work correctly.

So did I missed something here? If not, how to accomodate the silent-renew feature with such constraints?

Thanks

[JamesRandall]

Hi, the best thing to do here (if you can) is to switch to Angular HTML5 routing mode. That will remove the need for a fragment and the URI will become http://my-server/silent-renew.

There's a good explanation of the different Angular modes on Stack Overflow:

http://stackoverflow.com/questions/16677528/location-switching-between-html5-and-hashbang-mode-link-rewriting

I find that clearer than Angular's actual documentation.

I think that should sort that out for you so I'll close the issue but if you continue to have any problems just reopen it and let me know how I can help further.