Open max-kahnt-keylight opened 7 months ago
Shortly after posting this I noticed that the listenTo
property in the setupAutomaticSilentRefresh
might be the flag to avoid the bad refresh behavior. I am leaving this issue open nevertheless since I believe my observation about the improper handling of nullish storage values to be true nevertheless and it might be the cause for other unexpected behavior as well.
Describe the bug For a fully
id_token
based use-case, token refresh is happening all the time.In particular, IDP responses that do not contain an
access_token
will still result ingetAccessToken()
yielding'undefined'
(as a string!) which is truthy and hence set off asetupAccessTokenTimer()
call resulting in a 0 timeout('token_expires', 'access_token')
event.I am exploring using custom storage or custom refresh behavior to work around this issue.
Expected behavior Do not refresh based on a non-existing access_token.
Desktop:
Additional context The
OAuthStorage
class interface is string-based, which nicely falls in line with local/sessionStorage behavior but differs from theMemoryStorage
implemention when storingundefined
values.