2

I am following the pluralsight course Securing Angular Apps with OpenID Connect and OAuth2 to get up and running with oidc-client in Angular, but I have come across an issue with the silent refresh token, which throws

SilentRenewService._tokenExpiring: Error from signinSilent: Frame window timed out t.error

on the server the client is 

new Client
            {
                ClientId = "spa-client",
                ClientName = "Projects SPA",
                AllowedGrantTypes = GrantTypes.Implicit,
                AllowAccessTokensViaBrowser = true,
                RequireConsent = false,

                RedirectUris =           { 
                              "http://localhost:4200/assets/oidc-login-redirect.html",
                              "http://localhost:4200/assets/silent-redirect.html" 
                               },
                PostLogoutRedirectUris = { "http://localhost:4200/?postLogout=true" },
                AllowedCorsOrigins =     { "http://localhost:4200/" },

                AllowedScopes =
                {
                    IdentityServerConstants.StandardScopes.OpenId,
                    IdentityServerConstants.StandardScopes.Profile,
                    "projects-api"
                },
                IdentityTokenLifetime=30,
                AccessTokenLifetime=30

            }

and the config on the client is:

var config = {
  authority: 'http://localhost:4242/',
  client_id: 'spa-client',
  redirect_uri: 'http://localhost:4200/assets/oidc-login-redirect.html',
  scope: 'openid projects-api profile',
  response_type: 'id_token token',
  post_logout_redirect_uri: 'http://localhost:4200/?postLogout=true'
  userStore: new WebStorageStateStore({ store: window.localStorage }),
  automaticSilentRenew: true,
  silent_redirect_uri: 'http://localhost:4200/assets/silent-redirect.html'
};

I found a suggested solution from "Sohan" for a similar problem here (this is specifically for azure AD). This then causes

Frame window timed out

Or a suggestion in this post that I should add references for the silent-redirect.html to my angular.json file, this didn't help

I am using Angular 7 and on Chrome Version 73.0.3683.86 (Official Build) (64-bit)

tony09uk
  • 2,841
  • 9
  • 45
  • 71
  • Hard to say anything regarding some course with limited access. But anyway have you checked the logs on IdSrv side? Might be some info there. When do you get the error (steps to reproduce)? – d_f Mar 29 '19 at 17:04
  • Yeah, there are no error. It looks like it but even been hit – tony09uk Mar 29 '19 at 19:27

2 Answers2

2

This one took me several tries to fix. It was a combination of:

  • my oidc-client.js UserManager object was getting initialized more than once;
  • I didn't have the /silent-refresh path for all my environments registered in my IdentityServer4 ClientRedirectUris table.
codeMonkey
  • 4,134
  • 2
  • 31
  • 50
0

I usually got this error when I forget to configure the "silent refresh" URL.

matteogll
  • 803
  • 8
  • 16
  • Hi matteogll, thanks for your answer! Could you elaborate on configuring the "silent refresh" URL just a bit? – Brydenr Mar 27 '20 at 20:19
  • Yes, I have this kind of error when my silentRefres URL does not work for some reasons. In your case: First: check that "http://localhost:4200/assets/silent-redirect.html" is reachable from IdentityServer (otherwise you'll see some error in server.log). Second: check that in "silent-redirect.html" the UserManager.signinSilentCallback() call gives no error. – matteogll Mar 30 '20 at 10:06