search

damienbod / angular-auth-oidc-client

npm package for OpenID Connect, OAuth Code Flow with PKCE, Refresh tokens, Implicit Flow
https://www.npmjs.com/package/angular-auth-oidc-client
MIT License
1.15k stars 433 forks source link

[Bug]: idToken expired #1593

Open alvachien opened 1 year ago

alvachien commented 1 year ago

Version

15.0.0

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

Since upgrading to 15.0.0, it now checks ID token but in unepxected way.

The idtoken I got:
EBUG] 0-achihui.js - AuthResult '{
  "id_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6IkRFQTI4QTVBNzI0RUI5OUQyQkZBOEQxNTBGNkExNDJBIiwidHlwIjoiSldUIn0.eyJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo0NDM1MyIsIm5iZiI6MTY2ODkzMjIyMiwiaWF0IjoxNjY4OTMyMjIyLCJleHAiOjE2Njg5MzI1MjIsImF1ZCI6ImFjaGlodWkuanMiLCJhbXIiOlsicHdkIl0sIm5vbmNlIjoiMzBkNzQwNmFjNWNiZDI2OGJhYWIyMmY1YjhkYzFlZmU1YlJHQmU0cVEiLCJhdF9oYXNoIjoiOG9zU050UDdnYWUwNWg5ZVdJOTQyZyIsInNpZCI6IkM1Mzc2OEU0NDlFM0IwMERGMjg5NDI2OUIyRDU3QTZBIiwic3ViIjoiNzYyZThkMzgtOTU5NC00MThmLTgyOTEtMWJhNzNhYTlkYWRhIiwiYXV0aF90aW1lIjoxNjY4OTMyMjIxLCJpZHAiOiJsb2NhbCIsInByZWZlcnJlZF91c2VybmFtZSI6ImFsdmFjaGllbkBsaXZlLmNvbSIsIm5hbWUiOiJhbHZhY2hpZW5AbGl2ZS5jb20ifQ.eexzCoSVi1Pk93P96KZq4v8nyFiPp9YhLmJsnqxzt_yvGgl0SL5Df_dp5kpzfsuBScHbgTGzGXsoPjY0S31eo7urvLZG-bXS47mCUWDlptxC3hPiQxvgEdcZTYcH3E9fJJ86Wsm6VzH7nIW3AOU4a_4TW8CwQa6U9L9Kc2EBTXXlVrypF9-hWWnqEIQYqEtuKbo1VAhl-fgSN7oipgV61LXp3O4kzDrdMbHTVWP-ARTtmM_y2OaRPRTcqtL2GjEghaB5xDCAqWhpmIRSDmf9R30DQsNNw3e1XOwM4WAGTp-zQLBoQxoiHPaFlHAJaaOp8GRDyEKTD3RhQsk2c5toBQ"

After decode:
"exp": 1668931615

Then I got:
[DEBUG] 0-achihui.js - validate id token iat max offset 0 < 120000
angular-auth-oidc-client.mjs:4236 [DEBUG] 0-achihui.js - Has idToken expired: true --> expires in -7:0-6 , 4:22:02 PM > 4:28:08 PM
angular-auth-oidc-client.mjs:4233 

[WARN] 0-achihui.js - authCallback id token expired
logWarning @ angular-auth-oidc-client.mjs:4233
angular-auth-oidc-client.mjs:4236 [DEBUG] 0-achihui.js - authCallback token(s) invalid

Steps to reproduce the behavior

No response

A clear and concise description of what you expected to happen.

No response

Additional context

No response

alvachien commented 1 year ago 
    config: {
        authority: environment.IDServerUrl,

        redirectUrl: environment.AppHost, // window.location.origin,
        postLogoutRedirectUri: environment.AppHost,

        clientId: 'achihui.js',
        scope: 'openid profile api.hih offline_access', // 'openid profile ' + your scopes
        responseType: 'code',

        silentRenew: true,
        useRefreshToken: true,
        // silentRenewUrl: window.location.origin + '/silent-renew.html',
        renewTimeBeforeTokenExpiresInSeconds: 666,
        tokenRefreshInSeconds: 600,

        logLevel: environment.LoggingLevel === 2 ? LogLevel.Error : LogLevel.Debug,
      }
alvachien commented 1 year ago

Linked to #1546, it says bug fixed in 15.0, but I can repeat it in 15.0.

daniromome commented 1 year ago

I have this same issue on version 16 :/

daniromome commented 1 year ago

I was getting this issue due to the clock of the server being out of sync.

I am using keycloak in an arch linux instance, in order to fix it I just had to enable systemd-timesyncd.service.