FusionAuth
Support silent renewal with prompt=none in Oauth2 Implicit Grant
Support silent renewal with prompt=none in Oauth2 Implicit Grant
Problem
Missing support for silent renewal in OAuth2 Implict Grant
Solution
Support for prompt=none in Implicit Grant as described in OpenID Connect Core 1.0
Alternatives/workarounds
The only workaround known is currently described here: https://stackoverflow.com/questions/55859793/is-prompt-none-for-silent-refresh-in-a-spa-possible-with-fusionauth-and-its-prov
How to vote
Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.
Here's a further workaround: https://stackoverflow.com/questions/61531844/attempting-to-implement-silent-refresh-with-fusion-auth
I think my concern here is that when using a library like oidc-client-js, getting in between it and the refresh starts to erode the autowiring perks of OIDC.
I noticed that FusionAuth is already half way to supporting prompt=none. Since the expected behavior is the same as without prompt=none in the case you are logged in, it will already return a 302 redirect to the return url. On the surface it seems trivial for FusionAuth to check for prompt=none and return a 302 as well instead of displaying the login page. It should just return to the redirect url with the query string parameter error=login_required and include the state as well ... It is probably more complicated than that but that is the behavior I see from other providers. I was able to "fake" it by adding the following javascript to the header in the theme ... but oidc-client.js still doesn't work due to X-Frame-Options: Deny being sent (I have submitted issue #1003 to address that).
const urlParams = new URLSearchParams(window.location.search);
if (urlParams.has('prompt'))
{
const promptParam = urlParams.get('prompt');
if (promptParam === 'none')
{
window.location = '${redirect_uri}?error=login_required&state=${state}';
}
}
