We are using Angular + AuthServer (OpenIddict) for authentication, but the client reported that it takes 3-5 seconds from opening the application to reaching the login page. Is this normal, or how can we speed up this process?
6 Answer(s)
-
0
- Solution
- 3–5 seconds is longer than typical for ABP Angular + AuthServer/OpenIddict in a healthy local/prod setup. The delay usually comes from one or more of:
- Angular initial bundle load and first-time OIDC discovery/token round-trip
- Database/permission seeding or permission grant lookups on first call
- Redis or distributed cache not running/misconfigured (cache misses → DB hits)
- CORS/middleware misconfig or connection issues causing retries
- Apply these concrete checks and optimizations:
Backend (AuthServer/OpenIddict + HttpApi.Host)
- Ensure distributed cache is up and reachable
- If you configured Redis for the solution template, make sure Redis is running and the connection string is correct. ABP’s permission store and app configuration endpoints benefit from cache; without it, first load hits DB repeatedly and slows login/redirect.
- Verify no connection errors in logs and that cache keys get set.
- Pre-seed tenants/permissions outside of the login request
- Avoid heavy work (migrations, bulk permission grants, role creation, etc.) in the same request chain as login/authorize. Move tenant creation/permission seeding to a background process, domain event handler, or an administration workflow, not during the OIDC redirect flow. Long-running DB work inside the account/register/login flow directly increases the time to reach Angular.
- Check DB performance and timeouts
- Ensure DB indexes exist for ABP tables heavily used during login/first load (e.g., AbpPermissionGrants).
- Increase DB command timeout only if you’ve addressed query slowness. If you see command timeouts for batched PermissionGrants, reduce batch size or defer them outside the request.
- Verify CORS and endpoints
- Ensure AuthServer CORS origins include the Angular URL. Misconfigured CORS can add delays due to retries/preflight patterns. After successful auth, Angular calls:
- /.well-known/openid-configuration and /.well-known/openid-configuration/jwks
- /connect/token
- /api/abp/application-configuration Make sure these are fast and not blocked by any middleware or reverse proxy.
- Keep the OpenIddict server lean
- Disable unnecessary middleware in the auth host during login (excess logging at Trace, heavy health checks on every request, etc.).
- Ensure production build settings for the server (Release build, response compression enabled).
Angular 6) Use production build and lazy loading
- Build Angular in production mode (ng build --configuration production) and serve gz/br compressed assets on the hosting side to reduce initial load.
- Keep routes lazy-loaded and avoid heavy synchronous work in app initializers.
- Cache the discovery document
- Angular’s OAuth client will fetch the OIDC discovery document on app start. Make sure the issuer URL is stable and fast. Hosting the AuthServer on the same LAN/region and enabling HTTP/2 helps.
- Confirm redirectUri and silent refresh timing
- Ensure redirectUri points to a fast-loading route and that silent refresh/initial auth sequence isn’t configured to re-load app multiple times.
Checklist to validate quickly
- Start AuthServer and verify logs: no timeouts, no Redis errors, no CORS warnings.
- Hit /.well-known/openid-configuration directly in the browser: must respond quickly (<100 ms locally).
- Check /api/abp/application-configuration latency right after login: should be fast (<300–500 ms). If slow, it indicates cache/DB pressure.
- Run Angular in production mode and serve compressed bundles.
This approach aligns with common ABP conventions, but specific official documentation for this exact performance scenario is not available.
- Sources
- https://abp.io/docs/latest/modules/openiddict
- https://abp.io/support/questions/3587
- https://abp.io/support/questions/102
- https://abp.io/support/questions/565
This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.
-
0
hi
What is your abp framework version?
Can you test with a new and latest template project?
Thanks.
-
0
Using ABP 8, here is the online URL: https://imm.koimpact.tw/
-
0
hi
Can you set the log level to
Debugand share the full login process logs?https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems
liming.ma@volosoft.com
Thanks.
-
0
Let’s check it again ourselves to make sure.
-
0
ok, You can share debug logs later. Thanks.
