Open Closed

Access to @abp/ng.core Source Code – Intermittent Logout / Token Refresh Issue #10439

User avatar
0
mogau.mokgabudi created

Hi ABP Team,

We’re currently experiencing an intermittent issue in our Angular front end where users are being signed out when the access token expires. In some cases, the refresh endpoint is successfully called, yet the application still ends up revoking the session and redirecting the user to the login page.

Once the revoke endpoint is triggered, the entire application performs a full refresh, causing users to lose their current application state. This is particularly problematic for users who are in the middle of completing forms or workflows.

The issue is difficult to reproduce consistently, which makes it challenging to debug.

I was able to review the oauth-module source and noticed that its interceptor does not explicitly attempt to refresh or log out when the token is expired. This suggests that something within the @abp/ng.core module (possibly an interceptor or authentication-related service) may be triggering the revoke endpoint and forcing the redirect.

Unfortunately, I’m unable to access the relevant core module source when attempting to download the package sources.

Would it be possible to obtain access to the @abp/ng.core source code (or at least the portions related to authentication and interceptors) so we can properly inspect and diagnose what is triggering the revoke call?

Your assistance would be greatly appreciated.

Kind regards, Mogau

Go to accepted answer
6 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent
    • You won’t be able to get the full @abp/ng.core / @abp/ng.oauth package source code from GitHub, because ABP Angular packages are distributed via npm and their full TypeScript sources are not published in the abpframework/abp GitHub repository in a way that SourceBot can retrieve here.
    • Also, starting with ABP v7+, the OAuth implementation is not in @abp/ng.core. @abp/ng.core mainly contains abstractions/tokens, and the actual authentication/interceptor behavior is provided by @abp/ng.oauth (which overrides those abstractions). So the component that could be triggering logout/revoke behavior is much more likely in @abp/ng.oauth than @abp/ng.core.

    What you can do now (practical debugging path without core sources):

    1. Confirm the initiator of /connect/revocation in DevTools

      • In Chrome DevTools → Network → click the revocation request → check the Initiator tab (or “Stack trace” if available).
      • This usually points to the exact JS bundle + line that invoked it (often something like main.js or a chunk file).
      • With that, you can open the corresponding source in the Sources tab and inspect the function call chain.

    2. Search in your built output for “revocation”

      • In dist/ (or via DevTools global search), search for:
        • revocation
        • /connect/revocation
        • revokeToken
        • logout
      • This typically reveals which library code path triggers the call (even if minified).

    3. Patch/override the logout redirect behavior to prevent full app refresh

      • The “full refresh / state reset” is usually caused by a hard navigation to the login page or auth-server end-session endpoint.
      • If you identify the service calling revoke/logout, you can override the related “pipe to login” function/provider or replace the auth service in Angular DI so that:
        • it does not hard-refresh the SPA
        • it navigates using Angular Router (or shows a modal) and preserves draft state

    4. If this is ABP Commercial and you need internal package sources

      • Please contact ABP via the official channel so they can evaluate providing the relevant source or a private reference: https://abp.io/contact.
    • https://abp.io/docs/latest/framework/ui/angular/oauth-module
    • https://abp.io/contact

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    mogau.mokgabudi created

    This does not solve my problem, from the chuck files there are multiple services calling the revoke endpoint (volo-abp.ng.account-, volo-abp.ng.identity-, etc

  • User Avatar
    0
    sumeyye.kurtulus created
    Support Team Angular Expert

    Hello,

    You can obtain the source code using the Suite tool, as described in the documentation: https://abp.io/docs/latest/suite/source-code You may also find the CLI tool helpful, as it provides related commands for retrieving the source code: https://abp.io/docs/latest/cli#get-source

    If you could share the detailed steps to reproduce the issue, we would be happy to assist you further.

    Thank you for your cooperation.

  • User Avatar
    0
    mogau.mokgabudi created

    Hi, we followed the instrustions to get the angular source. These are the results, I can get the oath source without any issue but core throws an error

  • User Avatar
    0
    sumeyye.kurtulus created
    Support Team Angular Expert

    Thank you for your response. We will investigate this issue further on our end. In the meantime, you can access the source code for the core package at the following link: https://github.com/abpframework/abp/tree/dev/npm/ng-packs/packages/core

  • User Avatar
    0
    mogau.mokgabudi created

    Thank you

    1
Assignee
User avatar sumeyye.kurtulus
Question details
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.2.0-preview. Updated on February 17, 2026, 09:10
1
ABP Assistant
🔐 You need to be logged in to use the chatbot. Please log in first.