Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to use RefreshAccesToken() to get a new access token after the current one expires #225

Closed
nisuraaa opened this issue May 4, 2024 · 7 comments · Fixed by asgardeo/asgardeo-auth-spa-sdk#171
Closed

Unable to use RefreshAccesToken() to get a new access token after the current one expires #225

nisuraaa opened this issue May 4, 2024 · 7 comments · Fixed by asgardeo/asgardeo-auth-spa-sdk#171
Assignees
@pavinduLakshan
Labels
bug Something isn't working

Comments

@nisuraaa
Copy link

nisuraaa commented May 4, 2024

Trying to invoke the RefreshAccessToken() manually after the access token expires gives me the following error on the browser console

image

However attempting use the get a new token by sending the same refresh token via an API call (via Postman) to the Asgardeo Server is successful

Is this by design?
@nisuraaa nisuraaa added the bug Something isn't working label May 4, 2024
@DucTuanmdt
Copy link

I encountered the same issue. Upon investigating the asgardeo-auth-spa-sdk, I noticed that beforerefreshAccessToken is called, there is a check for authentication at the following locations:

refreshAccessToken()

public async refreshAccessToken(): Promise<BasicUserInfo | undefined> {
    await this._validateMethod();

    return this._client?.refreshAccessToken();
}

_validateMethod()

if (validateAuthentication && !(await this.isAuthenticated())) {
    return Promise.reject(
        new AsgardeoAuthException(
            "SPA-AUTH_CLIENT-VM-IV02",
            "The user is not authenticated.",
            "The user must be authenticated first."
        )
    );
}

I believe it would be beneficial to have an option to bypass this check when attempting to refresh an expired access token.

@davidtranjs
Copy link

+1 same issue here
What is the point of check access token expired before excute refresh token ?

@nisuraaa
Copy link
Author

A workaround would be to downgrade the SDK version to 3.0.2

@davidtranjs
Copy link

@nisuraaa downgrade an major version can lead to a lot of other issues too 😢

@pavinduLakshan
Copy link
Contributor

Hi @nisuraaa and @davidtranjs, I too believe that it doesn't make sense to have isAuthenticated check before refreshing the access token.

@brionmario thoughts?

@brionmario
Copy link
Member

+1 to remove the check.
With asgardeo/asgardeo-auth-js-core#242, we are now checking the expiry time. Hence, it'll fail when the time is exceeded.

@pavinduLakshan
Copy link
Contributor

+1 to remove the check. With asgardeo/asgardeo-auth-js-core#242, we are now checking the expiry time. Hence, it'll fail when the time is exceeded.

Ack. will send a fix.

@pavinduLakshan pavinduLakshan mentioned this issue Jul 17, 2024
Merged
@pavinduLakshan pavinduLakshan self-assigned this Jul 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@pavinduLakshan pavinduLakshan

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disable running authentication check when refreshing access token asgardeo/asgardeo-auth-spa-sdk
5 participants
@davidtranjs @brionmario @DucTuanmdt @pavinduLakshan @nisuraaa