- ABP Framework version: v5.0.1
- UI type: Angular (Authorization Code Flow)
- DB provider: EF Core
- Identity Server Separated (Angular): yes
Occasionally when visiting the app after the credentials expire, we get Error refreshing token
in the console. The app then immediately navigates to the login page. After entering credentials, verifying with two factor, and redirecting to the Angular home page, the user is still not logged in. They click login again and must enter credentials and two factor again, and then they are logged in.
Here is the console throughout this flow when this happens:
Any suggestions for a workaround for this?
8 Answer(s)
-
0
Can you give information about the AccessTokenLifetime and the refresh token AbsoluteRefreshTokenLifetime?
Also if it's on public, can you create/share a demo user for us that we can test on your environment?
-
0
Our app is not currently public, but I've included the information below. Let me know if there's anything else that could be helpful.
IdentityTokenLifetime: 300 AccessTokenLifetime: 3600 AuthorizationCodeLifetime: 300 AbsoluteRefreshTokenLifetime: 608400 SlidingRefreshTokenLifetime: 304200
Here is our
environment.ts
in case that helps as well: -
0
I couldn't reproduce this problem on my local testing. It is hard to diagnose if it is about the oauth2 library or the oidc configuration with just the browser console log.
Since you get access token validation error, it may be related to the configuration
skipIssuerCheck: true
.Can you remove this configuration and see if it works?
-
0
Thanks for the suggestion. I have removed the
skipIssuerCheck: true
. I'm still not sure what causes this error to happen so I'll watch it the next few days and will let you know if it happens again. -
0
thanks for the feedback. let us know the result after observing it.
-
0
Still experiencing this issue after removing
skipIssuerCheck: true
. I've done some more testing and can now consistently cause the issue in my project:- Updated lifetimes for testing:
- AccessTokenLifetime: 300 (5 minutes)
- SlidingRefreshTokenLifetime: 600 (10 minutes)
- AbsoluteRefreshTokenLifetime: 900 (15 minutes)
- Login
- Close the tab
- After 15 minutes, navigate back to the site
Please also note we are using the subdomain tenant resolver. Let me know if you have any other suggestions. Thanks!
- Updated lifetimes for testing:
-
0
Thank you for the steps. We’ll try to reproduce this issue.
-
0
Hello,
With your steps, we can reproduce the
wrong state/nonce
error. But after navigating to the identity server, the identity server didn't ask for credentials because the user was still authenticated in the identity server. I opened an issue in the abp repo. You can follow the status of this issue.