When you review Vittorio’s article concerning id_tokens
Controlling a Web App’s session duration - http://www.cloudidentity.com/blog/2016/07/25/controlling-a-web-apps-session-duration-2/
He mentions using a hidden iFrame to renew the id_token.
<script>
setInterval( function ()
{ @if (Request.IsAuthenticated) {
<text>
var renewUrl = "/Account/ForcedSignIn";
var element = document.getElementById("renewSession");
console.log("sending request to: " + renewUrl);
element.src = renewUrl;
</text>
} else {
<text>
console.log("No renewal attempt without a valid session");
</text>
},
1000*60*45
);
</script>
Will something like this work with a B2C Tenant? When implementing this same solution in B2C, it does not work. When viewing the network requests with dev tools I can I can see that it does call my endpoint to invoke the challenge request, then I see the call out to authorize (which is similar to what happens when initially logging in) but it never returns from there. Even though when viewing the response from the authorize call it seems to have succeeded? It just never returns to my RedirectUri (and thus I never get the renew token).
HTTP 302 GET http://localhost:54786/Authentication/ForcedSignIn
HTTP 200 https://login.microsoftonline.com/te//b2c_policy/oauth2/v2.0/authorize?client_id=client_id&redirect_uri=http%3A%2F%2Flocalhost%3A54786%2FAuthentication%2FForcedSignInRedirect&response_mode=form_post&response_type=id_token&scope=openid&state=OpenIdConnect.AuthenticationProperties...
No response is returned? Please let me know what is wrong.