Application auto logout #3211 | Support

shobhit created 2 years ago

ABP Framework version: v4.2.2
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes
Exception message and stack trace:
Steps to reproduce the issue:"

I was logged into an app.aztute.com page at first, then the page timed out because I hadn't used the page in a long time, and then when I tried using that same page again, it sent me to this identity.aztute.com. We are expecting if user is not using the app for long time and ABP framework allow user to login again then user should be redirect to angular app index page instead of identity login page.

15 Answer(s)

0

gterdem created 2 years ago
Senior .NET Developer

Sorry, I don't follow.

You are logged in to some angular application (app.aztute.com) but after some inactive time, your access token expired and when you tried to interact again, you are redirected to the authentication server (i assume identtiy.aztute.com is so).

We are expecting if user is not using the app for long time and ABP framework allow user to login again then user should be redirect to angular app index page instead of identity login page.

I couldn't understand your intention. Do you expect users shouldn't be required to log in again?
0

shobhit created 2 years ago

user should login again but instead of redirecting to identity page it should redirect to applicaton page as currently when idenity page displayed then user get idenity information instead of application login
0

gterdem created 2 years ago
Senior .NET Developer

Can you share screenshots with domain names explaining your flow step by step for us to understand better?
0
shobhit created 2 years ago
go to app.aztute.com

Click on login button

User navigate to identity.aztute.com

enter user details

user get login into the application app.aztute.com

keep system open for long duration (whole day/night)

do any action in app.aztute.com

Actual: user get logged out and redirected to identity.aztute.com

Expecte: user get logged out and redirect to app.aztute.com landing page like step 1
0

ismcagdas created 2 years ago
Support Team

Hi @shobhit

Could you share which one is what you want ? Are both options OK for you ?

Option 1

Step 7: Do any action in app.aztute.com Step 8: User get logged out and redirected to identity.aztute.com for login Step 9: User logins on identity.aztute.com Step 10: User is redirected to main app.aztute.com

Option 2

Step 7: Do any action in app.aztute.com Step 8: User get logged out and redirected to app.aztute.com Step 9: User clicks login and logins on identity.aztute.com Step 10: User is redirected to main app.aztute.com
0

shobhit created 2 years ago

Option 1 batter. Can it prevent user to never see the user details page? i.e. if user type identity.aztute.com then after successful login user redirected to app.aztute.com.

else Both options are good to me
0

gterdem created 2 years ago
Senior .NET Developer

I think after the token is invalidated, the request results in 401 and immediately redirects to IdentityServer without returnUrl.

We will try to reproduce it and if it is related to missing parameters by our side to oidc-library, we'll fix it.
0

shobhit created 2 years ago

great. thanks.
0

gterdem created 2 years ago
Senior .NET Developer

I am guessing you are not using refresh tokens.

Share your oAuthConfiguration in the envorinment.ts file, please.
0

muhammedaltug created 2 years ago

Hello,

We fixed navigating to the login page when the token expires in version 4.4 with this pr. Can you update your project to version 4.4 and try your steps again ?
0

shobhit created 2 years ago

I am guessing you are not using refresh tokens.

Share your oAuthConfiguration in the envorinment.ts file, please.

oAuthConfig: { issuer: 'https://localhost:44388', redirectUri: baseUrl, clientId: 'MyApp_App', responseType: 'code', scope: 'offline_access MyApp', },
0

shobhit created 2 years ago

Hello,

We fixed navigating to the login page when the token expires in version 4.4 with this pr. Can you update your project to version 4.4 and try your steps again ?

Hi, We are using 4.2.2. Can i get fix for this. Currently we cannot upgrade due to release plan.

muhammedaltug created 2 years ago

Hello,

Packages can not be re-publish with the existing version to npm. We don't have plans to release a new version for version 4.2.x.

Suppose you don't want to update the ABP version. You can add the following code in your app.component.ts.

import { Component } from '@angular/core';
import { OAuthService } from 'angular-oauth2-oidc';
import { AuthService } from '@abp/ng.core';
import { filter } from 'rxjs/operators';

@Component({
  selector: 'app-root',
  template: `&lt;!-- COMPONENT TEMPLATE --&gt;`,
})
export class AppComponent {
  constructor(private authService: AuthService, private oAuthService: OAuthService) {
    this.oAuthService.events
      .pipe(filter(event => event.type === 'token_refresh_error'))
      .subscribe(() => this.authService.navigateToLogin());
  }
}

0
shobhit created 2 years ago
Hello muhammedaltug , Thanks for help. my App.component.ts constructor looks like this. in last line of code

.subscribe(() => this.authService.navigateToLogin());

.navigateToLogin() method not found. What is missing

constructor( private routes: RoutesService, private oAuthService: OAuthService, private authService: AuthService, private replaceableComponentsService: ReplaceableComponentsService ) { this.oAuthService.events .pipe(filter(event => event.type === 'token_refresh_error')) .subscribe(() => this.authService.navigateToLogin()); }
0

muhammedaltug created 2 years ago

Hello,

Sorry for the wrong code example. I checked AuthService in 4.2.2, you can use initLogin method of AuthService in the subscription

Have an answer to this question? Log in and write your answer.