Open Closed

Application auto logout #3211


User avatar
0
shobhit created
  • ABP Framework version: v4.2.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

I was logged into an app.aztute.com page at first, then the page timed out because I hadn't used the page in a long time, and then when I tried using that same page again, it sent me to this identity.aztute.com. We are expecting if user is not using the app for long time and ABP framework allow user to login again then user should be redirect to angular app index page instead of identity login page.


15 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Sorry, I don't follow.

    You are logged in to some angular application (app.aztute.com) but after some inactive time, your access token expired and when you tried to interact again, you are redirected to the authentication server (i assume identtiy.aztute.com is so).

    We are expecting if user is not using the app for long time and ABP framework allow user to login again then user should be redirect to angular app index page instead of identity login page.

    I couldn't understand your intention. Do you expect users shouldn't be required to log in again?

  • User Avatar
    0
    shobhit created

    user should login again but instead of redirecting to identity page it should redirect to applicaton page as currently when idenity page displayed then user get idenity information instead of application login

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Can you share screenshots with domain names explaining your flow step by step for us to understand better?

  • User Avatar
    0
    shobhit created
    1. go to app.aztute.com
    2. Click on login button
    3. User navigate to identity.aztute.com
    4. enter user details
    5. user get login into the application app.aztute.com
    6. keep system open for long duration (whole day/night)
    7. do any action in app.aztute.com
    8. Actual: user get logged out and redirected to identity.aztute.com
    9. Expecte: user get logged out and redirect to app.aztute.com landing page like step 1
  • User Avatar
    0
    ismcagdas created
    Support Team

    Hi @shobhit

    Could you share which one is what you want ? Are both options OK for you ?

    Option 1

    Step 7: Do any action in app.aztute.com Step 8: User get logged out and redirected to identity.aztute.com for login Step 9: User logins on identity.aztute.com Step 10: User is redirected to main app.aztute.com

    Option 2

    Step 7: Do any action in app.aztute.com Step 8: User get logged out and redirected to app.aztute.com Step 9: User clicks login and logins on identity.aztute.com Step 10: User is redirected to main app.aztute.com

  • User Avatar
    0
    shobhit created

    Option 1 batter. Can it prevent user to never see the user details page? i.e. if user type identity.aztute.com then after successful login user redirected to app.aztute.com.

    else Both options are good to me

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    I think after the token is invalidated, the request results in 401 and immediately redirects to IdentityServer without returnUrl.

    We will try to reproduce it and if it is related to missing parameters by our side to oidc-library, we'll fix it.

  • User Avatar
    0
    shobhit created

    great. thanks.

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    I am guessing you are not using refresh tokens.

    Share your oAuthConfiguration in the envorinment.ts file, please.

  • User Avatar
    0
    muhammedaltug created

    Hello,

    We fixed navigating to the login page when the token expires in version 4.4 with this pr. Can you update your project to version 4.4 and try your steps again ?

  • User Avatar
    0
    shobhit created

    I am guessing you are not using refresh tokens.

    Share your oAuthConfiguration in the envorinment.ts file, please.

    oAuthConfig: { issuer: 'https://localhost:44388', redirectUri: baseUrl, clientId: 'MyApp_App', responseType: 'code', scope: 'offline_access MyApp', },

  • User Avatar
    0
    shobhit created

    Hello,

    We fixed navigating to the login page when the token expires in version 4.4 with this pr. Can you update your project to version 4.4 and try your steps again ?

    Hi, We are using 4.2.2. Can i get fix for this. Currently we cannot upgrade due to release plan.

  • User Avatar
    0
    muhammedaltug created

    Hello,

    Packages can not be re-publish with the existing version to npm. We don't have plans to release a new version for version 4.2.x.

    Suppose you don't want to update the ABP version. You can add the following code in your app.component.ts.

    import { Component } from '@angular/core';
    import { OAuthService } from 'angular-oauth2-oidc';
    import { AuthService } from '@abp/ng.core';
    import { filter } from 'rxjs/operators';
    
    @Component({
      selector: 'app-root',
      template: `<!-- COMPONENT TEMPLATE -->`,
    })
    export class AppComponent {
      constructor(private authService: AuthService, private oAuthService: OAuthService) {
        this.oAuthService.events
          .pipe(filter(event => event.type === 'token_refresh_error'))
          .subscribe(() => this.authService.navigateToLogin());
      }
    }
    
    
    
  • User Avatar
    0
    shobhit created

    Hello muhammedaltug , Thanks for help. my App.component.ts constructor looks like this. in last line of code

      .subscribe(() => this.authService.navigateToLogin());
      
    

    .navigateToLogin() method not found. What is missing

    constructor( private routes: RoutesService, private oAuthService: OAuthService, private authService: AuthService, private replaceableComponentsService: ReplaceableComponentsService ) { this.oAuthService.events .pipe(filter(event => event.type === 'token_refresh_error')) .subscribe(() => this.authService.navigateToLogin()); }

  • User Avatar
    0
    muhammedaltug created

    Hello,

    Sorry for the wrong code example. I checked AuthService in 4.2.2, you can use initLogin method of AuthService in the subscription

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09