search

aurelia-contrib / aurelia-open-id-connect

An aurelia adapter for the IdentityModel/oidc-client-js
https://zamboni-app.azurewebsites.net
MIT License
54 stars 18 forks source link

'Frame window timed out' error on silent renew. #71

Closed pajohns closed 4 years ago

pajohns commented 5 years ago

I'm attempting to renew a users session prior to their session expiring, yet it doesn't seem to work without receiving a Frame window timed out error. I'm catching the addSilentRenew error and the trace is as follows:

Silent renew error
auth-service.ts?6434:47 Error: Frame window timed out
    at t._error (webpack-internal:///3Rfw:74:25924)
    at t._timeout (webpack-internal:///3Rfw:74:26359)
From previous event:
    at new t (webpack-internal:///3Rfw:74:24995)
    at t.prepare (webpack-internal:///3Rfw:74:24154)
    at e._signinStart (webpack-internal:///3Rfw:74:10314)
    at e._signin (webpack-internal:///3Rfw:74:10096)
    at eval (webpack-internal:///3Rfw:74:8370)
From previous event:
    at e.signinSilent (webpack-internal:///3Rfw:74:8345)
    at t._tokenExpiring (webpack-internal:///3Rfw:75:4681)
    at e.t.raise (webpack-internal:///3Rfw:75:3682)
    at e._callback (webpack-internal:///3Rfw:75:2851)

My configuration file is:

export function oidcConfig(config: AppConfig): OpenIdConnectConfiguration {
    console.log(`config.appHost = ${config.appHost}`);

    const userManagerSettings: UserManagerSettings = {
        accessTokenExpiringNotificationTime: 60,
        authority: config.appHost,
        automaticSilentRenew: true,
        checkSessionInterval: 1000,
        client_id: '****', // Omitted
        filterProtocolClaims: true,
        loadUserInfo: false,
        post_logout_redirect_uri: `${config.appHost}/signout-oidc`,
        redirect_uri: `${config.appHost}/callback`,
        response_type: 'id_token token',
        scope: 'openid profile **** ', // Omitted
        silentRequestTimeout: 10000,
        silent_redirect_uri: `${config.appHost}/signinSilentCallback`,
        userStore: new WebStorageStateStore({
            prefix: 'oidc',
            store: window.localStorage,
        }),
    }
}

I have registered a handler using

        this.oidc.addOrRemoveHandler('addAccessTokenExpiring', () => {
            console.log('Access token expiring event');
        });

        this.oidc.addOrRemoveHandler('addSilentRenewError', (e: any) => {
            console.log('Silent renew error');
            console.log(e);
        })

        this.oidc.addOrRemoveHandler('addAccessTokenExpired', () => {
            console.log('AddAccessTokenExpired event');
            this.oidc.logout();
        });

and the Access token expiring event message gets logged at the time that the token is determined to be expiring, as well as the Silent renew error message followed by the AddAccessTokenExpired event in succession.

I notice that in this issue for oidc-client-js it is determined that the silent_redirect_uri should not be required, especially given that the user doesn't actually see anything. Furthermore I notice that the difference between the User interface in the oidc-client dependency of aurelia-open-id-connect (1.4.1) and the current version of oidc-client (1.7.1). I'm wondering if updating the oidc-client version would fix this?

arnederuwe commented 4 years ago

Hi, I will be closing up stale issues by the end of the week.

Are you still experiencing this issue? Feel free to close this yourself. If you are still experiencing this issue, let me know as well, thanks!