Misleading comment about silent redirect url

[linasburneika]

Comment tells that if silent redirect url is not configured, then the primary redirect url is reused and automatic silent renew will work:

auth-clients/packages/browser/src/types.ts

Line 57 in 252cd1e

/** The redirect URL used for silent sign in and renew. If not provided, will default to redirectUri. */

In reality however usermanager expects silentRedirectUri to be provided:

silent_redirect_uri: basicSettings.silentRedirectUri

without that access token obtained via interactive sign-in will get you 1 hour of work and then will fail abruptly.

Configuration of userManager allows 2 different redirect urls (interactive vs silent) for a reason. In case of silent signin, handling of response is done in a hidden iframe, where you want to load a minimal amount of code just to do processing. Official oidc-client sample even suggests to use a static html page for that:

https://github.com/authts/oidc-client-ts/blob/main/samples/Parcel/src/user-manager/sample-silent.html

If you reuse primary redirect uri also for silent signin, then it will load your complete app in the iframe. In case of itwin-viewer based app this is megabytes of javascript, which will hurt your RAM usage.

However if you don't configure silentRedirectUri, there is no way to know your configuration is not valid.
The underlying oidc-client needs it strictly:

https://github.com/authts/oidc-client-ts/blob/73c4ba86b13fa34d0ac33204a0dad998334e8a20/src/UserManager.ts#LL271C34-L271C34

But auth-client wrapper swallows the error:

auth-clients/packages/browser/src/Client.ts

Line 204 in 252cd1e

return undefined;

[ben-polinsky]

@ben-polinsky reminder to get this done this week. We've had another user confused by this.