Not redirected to login after inactive for longer period of time

[rjwijnen]

Hello, We are using this library for our first app and we see that when we let the browser open overnight and come back the next day our session (AD SSO session) is expired which is logic, but what doesn't happen is that we are not being redirected to the login. In my console i see the following:

Object { isAuthenticated: true, userName: "x@x.domainname.nl", loginError: "", profile: Object } main.7e806f89a6819c9d4958.bundle.js:1 MSIS9621: Unable to handle the OAuth authorization request without getting user input. main.7e806f89a6819c9d4958.bundle.js:1 MSIS9621: Unable to handle the OAuth authorization request without getting user input. main.7e806f89a6819c9d4958.bundle.js:1 Entering login main.7e806f89a6819c9d4958.bundle.js:1 Multiple 'X-Frame-Options' headers with conflicting values ('DENY, SAMEORIGIN') encountered when loading 'https://testadfs.x.x.nl/adfs/oauth2/authorize?response_type=id_token&client_id=blabla&redirect_uri=https%3A%2F%2Fapps.x.x.nl%2Fangularstudievoortgang%2Flogin&state=12345&client-request-id=12345f&x-client-SKU=Js&x-client-Ver=1.0.14&nonce=b892c351-a89e-436d-89d6-99d3a56f7e03'. Falling back to 'DENY'. (unknown) Refused to display 'https://testadfs.x.x.nl/adfs/oauth2/authorize?response_type=id_token&client_id=12345&redirect_uri=https%3A%2F%2Fapps.x.x.nl%2Fangularstudievoortgang%2Flogin&state=2174a14f-3931-406a-be50-f9d2a603e00e&client-request-id=c2c75197-285f-4998-a976-442a2157b47f&x-client-SKU=Js&x-client-Ver=1.0.14&nonce=b892c351-a89e-436d-89d6-99d3a56f7e03' in a frame because it set 'X-Frame-Options' to 'DENY, SAMEORIGIN'. (unknown) ` Because IsAuthenticated is set to true yesterday it still thinks it is authenticated which is not in reality. Any idea's on how to build this in this library or how to check this in my own app?

[jjbrunton]

I am also having this issue

[sureshchahal]

@jjbrunton and @rjwijnen : As long as the user have an active session with Azure AD, ADAL JS does it automatically for you. ADAL JS examines the projected expiration of the existing token (in the cache) and if the token is about to expire, it uses an invisible iFrame to send a new token (renewal) request to Azure AD.

can you share your sample code?

[rjwijnen]

@sureshchahal that indeed is the way the library is working, but there is a catch. If your browser session is expired with the ADFS you need to login again. But your app still thinks IsAuthenticated is true. For that you need to check if the error from an authenticated request results in an adal error. I changed the logged-in quard to: `@Injectable() export class LoggedInGuard implements CanActivate { constructor(private adalService: AdalService, private router: Router) { }

canActivate() {
  console.log(this.adalService.userInfo);
    if (this.adalService.userInfo.isAuthenticated && sessionStorage['adal.error'] != 'login_required' ) {
         return true;
    } else {
        this.router.navigate(['/login']);
        return false;
    }
}

}`

In my components my function to call an service looks like: getuserInfo() { this.userInfoService.getUserInfo().subscribe(userinfo => { this.userinfo = userinfo }, error => { if (sessionStorage['adal.error'] == 'login_required' ) { this.router.navigate(['/login']); } console.log(error) }, () => console.log('Get all userInfo')); } So if there is an error from the service i check if adal.error is filled with 'login_required'. That means user needs to login again. If i am overseeing something i'd like to hear.

[unnieayilliath]

I know AdalJs has the capability to refresh tokens in the background, but somehow this does not work for me. If I kep my browser session opened , I am not redirected to login again. Also, sessionStorage['adal.error'] is empty

[ht4963]

Does anyone have any updates on this? We are also having the same issue.