Closed MichaelBailly closed 3 years ago
Linked PRs:
Note that you will have to apply the same changes as for https://github.com/OpenPaaS-Suite/esn-frontend-account/pull/80 in all the SPAs to support silent renew.
This has been tested on keycloak, and there are no reason to not have this working on other OIDC providers just because this is only frontend code checking that the session is still OK using token stored on the browser.
To test it, I updated the access_token lifespan to 2 minutes (setting is to 1 minutes cause infinite loop on the client)
Some browser logs:
Hi tks @chamerling can you confirm we can remove lemonldap RP iframe hack ? since we can use the RP iframe provided by oidc client or we need it also
plz note that lemonldap is using opaque token and keycloak jwt token for access token fyi
cc @tuanlc
I am not aware of any Lemon hack, nor about how Lemon works. The oidc-client iframe should be enough. If not, Lemon probably has some OIDC implementation issues...
Silent renew is supported in oidc-client with a page each SPA must provide and used in an invisible iframe (plus some configuration).