react-oidc-context icon indicating copy to clipboard operation
react-oidc-context copied to clipboard
verified publisher icon authts

UserManagerEvents are not firing for expired/expiring token

Open HansLauBorch opened this issue 2 years ago • 5 comments

Hello, I am trying to implement token refresh, and I have tried to add an event listener on addAccessTokenExpiring, but it never gets fired. It does not seem like the expiry is ever set even though it exists within the id_token. After inspecting the user object, both "expires_in" and "expired" is undefined.

User info from storage (redacted private info):

{"id_token":"<id_token>","session_state":null,"access_token":"00D8E000000HVnk!AQ0AQBOFoyafuzoaENSL8iJbGgzm5wIpcjn9vBuHVjSJJjRDq.oibBOwvf3a_oTnhF1nx11RmvZrjE47k_ozRG5opX2u7kNk","refresh_token":"<refresh_token>","token_type":"Bearer","scope":"refresh_token custom_permissions openid api","profile":{"sub":"<sub>","zoneinfo":"Europe/Amsterdam","email_verified":true,"address":{},"profile":"<profile>","iss":"<iss>","phone_number_verified":true,"preferred_username":"<username>","given_name":"Hans","locale":"no_NO","picture":"<picture>","aud":"<audience>","updated_at":"2023-04-19T08:59:10Z","nickname":"<nickname>","name":"<name>","phone_number":"<phone>","exp":1693385964,"iat":1693385664,"family_name":"<familyname>","email":"<email>"}}

useEffect(() => {
        // the `return` is important - addAccessTokenExpiring() returns a cleanup function
        return auth.events.addAccessTokenExpiring(() => {
            auth.revokeTokens();
        });
    // eslint-disable-next-line react-hooks/exhaustive-deps
    }, [auth.events, auth.revokeTokens]);

Any idea what might cause the fields to not be populated?

HansLauBorch avatar Aug 30 '23 08:08 HansLauBorch

See https://github.com/authts/oidc-client-ts/blob/main/src/AccessTokenEvents.ts, you will need to load an initial valid User object with valid access token in order to have that event. Either add debug logging https://authts.github.io/oidc-client-ts/#md:logging or debug down that road...

pamapa avatar Aug 31 '23 10:08 pamapa

See https://github.com/authts/oidc-client-ts/blob/main/src/AccessTokenEvents.ts, you will need to load an initial valid User object with valid access token in order to have that event. Either add debug logging https://authts.github.io/oidc-client-ts/#md:logging or debug down that road...

Might be a dumb question, but how would I go about loading an initial valid user object? I unfortunately can't modify the access token as that is managed by Salesforce.

HansLauBorch avatar Sep 01 '23 11:09 HansLauBorch

In the user manager constructor:

        // order is important for the following properties; these services depend upon the events.
        if (this.settings.automaticSilentRenew) {
            this.startSilentRenew();
        }

This code will call down the stack addAccessTokenExpiring image

Have a look into the SilentRenewService. If you have not set automaticSilentRenew then you have to deal it for your self.

pamapa avatar Sep 01 '23 12:09 pamapa

Do you happen to have any example code? To me it seems like I would need to get the user info from the token endpoint and then modify the User object with the missing information such as "expiry" and "expires_in" after it has been loaded. I can't find any examples on how you would modify any of the information stored within the library.

HansLauBorch avatar Sep 04 '23 08:09 HansLauBorch

This https://github.com/authts/oidc-client-ts/tree/main/samples/Parcel might help you.

pamapa avatar Sep 04 '23 11:09 pamapa