Ends in:
7 DAYS
18 HRS
27 MIN
0 SEC
Ends in:
7 D
18 H
27 M
0 S
Open Closed

Angular UI Bug: Error Refreshing Token, Wrong State/Nonce #2988


User avatar
0
jackmcelhinney created
  • ABP Framework version: v5.0.1
  • UI type: Angular (Authorization Code Flow)
  • DB provider: EF Core
  • Identity Server Separated (Angular): yes

Occasionally when visiting the app after the credentials expire, we get Error refreshing token in the console. The app then immediately navigates to the login page. After entering credentials, verifying with two factor, and redirecting to the Angular home page, the user is still not logged in. They click login again and must enter credentials and two factor again, and then they are logged in.

Here is the console throughout this flow when this happens:

Any suggestions for a workaround for this?


8 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Can you give information about the AccessTokenLifetime and the refresh token AbsoluteRefreshTokenLifetime?

    Also if it's on public, can you create/share a demo user for us that we can test on your environment?

  • User Avatar
    0
    jackmcelhinney created

    Our app is not currently public, but I've included the information below. Let me know if there's anything else that could be helpful.

    IdentityTokenLifetime: 300
    AccessTokenLifetime: 3600
    AuthorizationCodeLifetime: 300
    AbsoluteRefreshTokenLifetime: 608400
    SlidingRefreshTokenLifetime: 304200
    

    Here is our environment.ts in case that helps as well:

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    I couldn't reproduce this problem on my local testing. It is hard to diagnose if it is about the oauth2 library or the oidc configuration with just the browser console log.

    Since you get access token validation error, it may be related to the configuration skipIssuerCheck: true.

    Can you remove this configuration and see if it works?

  • User Avatar
    0
    jackmcelhinney created

    Thanks for the suggestion. I have removed the skipIssuerCheck: true. I'm still not sure what causes this error to happen so I'll watch it the next few days and will let you know if it happens again.

  • User Avatar
    0
    alper created
    Support Team Director

    thanks for the feedback. let us know the result after observing it.

  • User Avatar
    0
    jackmcelhinney created

    Still experiencing this issue after removing skipIssuerCheck: true. I've done some more testing and can now consistently cause the issue in my project:

    1. Updated lifetimes for testing:
      • AccessTokenLifetime: 300 (5 minutes)
      • SlidingRefreshTokenLifetime: 600 (10 minutes)
      • AbsoluteRefreshTokenLifetime: 900 (15 minutes)
    2. Login
    3. Close the tab
    4. After 15 minutes, navigate back to the site

    Please also note we are using the subdomain tenant resolver. Let me know if you have any other suggestions. Thanks!

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Thank you for the steps. We’ll try to reproduce this issue.

  • User Avatar
    0
    muhammedaltug created

    Hello,

    With your steps, we can reproduce the wrong state/nonce error. But after navigating to the identity server, the identity server didn't ask for credentials because the user was still authenticated in the identity server. I opened an issue in the abp repo. You can follow the status of this issue.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06