0
votes

We tried to renew token silently (refresh token) using Oidc-Client library. We were able to login successfully. But once user's token expired silent callback page not being called even it is configured like below. Kindly help if anything missing or re-correct. Also silent redirect uri configured in identity server as one of redirect_uri.

Login.ts

Office.initialize = function () {  
     var settings = {
      authority: "https://xxxx.xxxxx.com/xxxx/v1", 
      client_id: "https://xxx.xxx.com/",
      redirect_uri: "https://localhost:3000/taskpane.html",
      post_logout_redirect_uri: "https://localhost:3000/logout.html", 
      revokeAccessTokenOnSignout: true,      
      response_type: "id_token token",
      scope: "openid read:xxxx read:xxxx",
      state: true,
      filterProtocolClaims: true,  
      loadUserInfo: true,
      nonce:true, 
      clearHashAfterLogin: true,
      automaticSilentRenew: true,     
      silent_redirect_uri: 'https://localhost:3000/silent-refresh.html',      
      monitorsession:true,  
      metadata: {        
        issuer: 'https://xxx.xxx.com/xxx/v1',                    
        authorization_endpoint:  "https://xxx.xxx.com/xxxxx/v1/connect/authorize"                  
       
    }    
    };
    
    var mgr = new Oidc.UserManager(settings);
    mgr.signinRedirect();
    
mgr.events.addAccessTokenExpiring(function(){
    console.log("token expiring...");
}); 

}

silent-refresh.html

<head>
    <title>RefreshToken</title>
    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">
</head>
<body>
    <script type="text/javascript" src=https://cdnjs.cloudflare.com/ajax/libs/oidc-client/1.10.0/oidc-client.js></script>
<script>
    new Oidc.UserManager().signinSilentCallback().then((user)=>
    { consolse.log("silentrenewed");}
    )
        .catch((err) => {
            console.log(err);
        });
        
</script>
</body>

Auth.ts

import { UserManager, WebStorageStateStore } from "oidc-client";

export default class AuthSigninService {
  private userManager: UserManager;

  constructor() {
  
      const settings: any = {
        ..................
        automaticSilentRenew: true,                                        
      accessTokenExpiringNotificationTime: 4,   
        silent_redirect_uri: "https://localhost:3000/taskpane.html",      
        monitorsession:false,  
             };

      this.userManager = new UserManager(settings);
    }
    
    public signin()
    {
        return this.userManager.signinRedirect();
    }  

      
  public async silentRenew() {
    try {
      const user = await this.userManager.signinSilentCallback().then((success) => {
        console.log("silentrenewed");
        console.log(success);
      }
      )
        .catch((err) => {
          console.log(err);
        });

    }
    catch (err) {
      console.log(err);
    }
    } 
}

taskpane.ts

document.getElementById('btnSilent').onclick = SilentRenew;

async function SilentRenew() {

  const auth = new AuthSigninService();
  auth.silentRenew();
   
}
1

1 Answers

0
votes

Possible causes:

  • Something to do with the inline script
  • Maybe the second instance of UserManager also needs to be initialised with settings

WHAT I WOULD TRY

  • On the main window, call await mgr.signInSilent(); to do an 'on demand' silent renewal and see if you get any console.log output.

  • Make the iframe code part of your main app rather than running it inline in an HTML page

SOMETHING TO COMPARE AGAINST

My code sample does iframe silent renewal and the spa code may give you some ideas.

I tend to set the silent renewal URI to the main index.html page, which I find simpler. Then write code like this:

if (window.top === window.self) {

    // If index.html is running on the main window, run the app
    const app = new App();
    app.execute();

} else {
  
    // If index.html is running on an iframe, handle token renewal responses
    const app = new IFrameApp();
    app.execute();

}

Here is my OAuth code by the way.