asadsahi
commented
6 years ago @pvagnini thanks for raising this issue.
I believe your first issue should be resolved by https://github.com/asadsahi/AspNetCoreSpa/commit/ec6f425fc2a044ab8b79d4ddef2a849d766ea519 .. the problem was if token was expired then if you call logout it was calling server side logout action, for which you have to be logged in. This isn't required as the server side logout is mostly required for cookies based sessions. For spa applications removing tokens from local storage suffice.
What are the correct settings for SetAccessTokenLifetime, SetIdentityTokenLifetime
You should be able to do it here
Is it possible that when an Unauthorized is returned from a controller action that the page is automatically redirected to the login page.
It is possible, you can possibly create an interceptor which does that.
Hi,
I have come across the issue where the Access Token must have expired as any action on the controller returns Unauthorized. The problem is that even if you click on LogOut it still returns Unauthorized and does nothing, and so there is no way to continue. Even closing and reopening the application returns you to a state where the web page shows as logged in, but any action still returns Unauthorized.
My Question are; What are the correct settings for SetAccessTokenLifetime, SetIdentityTokenLifetime and SetRefreshTokenLifetime so that I get the behavior of the user staying logged in as long as the browser page stays open, but when the page is closed and reopened the user is required to login again. The current behavior seems to allow a user the close the browser, then open again and still be logged in.
Is it possible that when an Unauthorized is returned from a controller action that the page is automatically redirected to the login page.
Once again your help and expertise is most appreciated.
Regards Paolo.