Silent Renew and the "login_required" Error When Using oidc-client

-
I recently implemented the Silent Renew functionality of oidc-client in an Angular application I work on, and was getting reports that the users' tokens were still expiring. This made no sense to me as I'd verified the code was working during development, but yesterday I found the problem and am hoping it will save someone some time.

The error we were getting back was "Error from signinSilent: login_required". This indicates that the user's session is no longer active on IdentityServer and they must re-authenticate -- which, of course, is what we're trying to prevent by using Silent Renew. In our case, the problem wasn't with the Silent Renew functionality, but rather the user's session was expired. The reason why it was expired was because, for some reason, we were setting the session length to 15 minutes instead of the default 10 hours.

What was occurring was that Silent Renew was attempting to renew a token after 55 minutes (60 minutes expiration, renewing 5 minutes early) but the session had already expired. During development, I had reduced the token expiration time to 2 minutes so I could more easily confirm that Silent Renew was making the request and renewing the token. But Silent Renew was never the problem.

Setting the session expiration back to 10 hours corrected the problem.

In IdentityServer 3, the session expiration can be set via AuthenticationOptions -> CookieOptions -> ExpireTimeSpan, as explained in the docs here. In the latest version of IdentityServer, it's a little different: check out the documentation here.

I hope this helps you if you're having this problem. At some point, I'd like to write a post of all the steps I did to get Silent Renew setup correctly in my app.

Comments

Post a Comment

Popular Posts

Resolving the "n timer(s) still in the queue" Error In Angular Unit Tests

-
A few months ago one of the developers I work with ran into the below error in an Angular unit test: 1 timer(s) still in the queue The fix was to specify a particular amount of time in the tick() call as shown below: it( 'should set accountConfirmationDetails when getAccountConfirmationDetails is called' , fakeAsync(() => {          // Arrange          let  spyGetAccountConfirmationDetails = spyOn(accountService,  'getAccountConfirmationDetails' )         .and         .returnValue(Promise.resolve(AccountMockData.mockAccountConfirmationDetails));                    // Act         fixture.detectChanges();         tick(15000);          // Assert         expect(spyGetPaymentConfirmationDetails).toHaveBeenCalled();           expect(comp.zone).toBe(42);           expect(comp.hasValidProfile).toBeTruthy(); })); Hoping this helps someone!
Read more

How to Get Norton Security Suite Firewall to Allow Remote Desktop Connections in Windows

-
Image
I ran into an issue recently with RDP connections being blocked by the firewall in Norton Security Suite. I checked the traffic rules under Settings > Firewall > Traffic Rules  and found that it was enabled by default (and couldn't be edited): But during further research, I found  this page  on Norton's support site which discusses the different trust levels of networks and mentions that, for the Public trust level, "This setting also blocks remote desktop connections by default.". I checked my network's trust level, and sure enough, it was set to Public (I'm not sure how/why). (Sidebar: Notice in the screenshot above that allowing Remote Desktop for Public Networks is defaulted to Allow , though that rule is not active). Here's what my network trust level looks like now after changing the setting to Private (accessible under Settings > Firewall > General Settings > Network Trust ): After changing the network trust level t
Read more

Fixing the "Please add a @Pipe/@Directive/@Component annotation" Error In An Angular App After Upgrading to webpack 4

-
I'm currently in the process of upgrading an Angular application which does not  use the Angular CLI from webpack 2 to webpack 4. The incremental upgrade from webpack 2 to 3 was easy, but once I made the jump from 3 to 4, I encountered a lot of problems. I went through them one by one, but the one that had me stumped was the following: Unhandled Promise rejection: Unexpected value 'MakePositivePipe' declared by the module 'SharedModule'. Please add a @Pipe/@Directive/@Component annotation. ; Zone: <root> ; Task: null ; Value: Error: Unexpected value 'MakePositivePipe' declared by the module 'SharedModule'. Please add a @Pipe/@Directive/@Component annotation. The code was transpiling/compiling fine, but this error was occurring when I'd navigate to a page containing this pipe. This code has worked fine under webpack 2 and 3. I made sure that the pipe was being set up as a declaration , which it was. What finally  corrected the issue for me w
Read more

How to Determine if a Column Exists in a DataReader

-
I recently had to work on something which required me to query a database, open the results in a DataReader, and check for the existence of a particular column. While the DataReader doesn't have a method to do this, with just a few steps I was able to accomplish this task. Here's how. First, the DataReader has a method named GetSchemaTable() , which returns a DataTable consisting of information regarding the data contained in the DataReader. The first column in this DataTable is named ColumnName , and its value is (obviously) the name of the column. Knowing this, we can loop through the rows in the DataTable, checking the ColumnName column for a value that equals the name of the column we're looking for. To this end, I wrote a static method in one of my classes which takes the DataReader and the name of the column being sought: (C#) public static bool HasColumn(DbDataReader Reader, string ColumnName) {    foreach (DataRow row in Reader.GetSchemaTable().Rows)    {       
Read more