search

damienbod / angular-auth-oidc-client

npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
https://www.npmjs.com/package/angular-auth-oidc-client
MIT License
1.13k stars 429 forks source link

[Bug]: Periodic silent renew check keep hapenning after logoff #1401

Open agardiol opened 2 years ago

agardiol commented 2 years ago

What Version of the library are you using? 13.1.0

Describe the bug I use an openid flow with the following options:

      scope: 'openid read write',
      responseType: 'code',
      silentRenew: true,
      useRefreshToken: true,

After a successful authentication, if I call the logoff method (my auth server does not have a revoke token endpoint), the library keep running periodically the silent renew check: image

To Reproduce Run the following code: this.oidcSecurityService.authorize(); Complete the logon process this.oidcSecurityService.logoff(); to log off Check the log

Expected behavior After a logoff, the library should stop checking periodically if a silent renew has to be done.

Desktop (please complete the following information):

damienbod commented 2 years ago

It doesn't check the server, just logs that the code validates if it needs to do something periodically. Maybe this could be improved

Thanks for reporting

Greetings Damien

agardiol commented 2 years ago

Thanks for you answer. Yes, you are right, there is no data exchange with the server. However, in logoff code, it should call IntervalService.stopPeriodicTokenCheck() somewhere (maybe in resetAuthorizationData function in reset-auth-data.service.ts. Best regards Antoine