I am trying to do silent refresh using iFrame with Implicit Flow. I do not want to use automaticSilentRenew as it is not efficient. I am using oidc-client library in Angular 8 on the client side. So, there are two things which are happening :
1.) I am using auth-guard to secure the important components. In auth-guard i am checking if the token is valid, in case it's not then i am calling signinRedirect of the auth-service class to fetch the new token.
2.) I am not guarding the secure API calling component with auth-guard so that i could get the 401 unauthorized error for in-valid token. But if i guard it with auth-guard, it routes me to the auth-callback after getting the new set of tokens & the original request is lost.
I somehow wants to automate this process. Like, guarding the API invoking component with auth-guard and when i try to hit the API with expired token, the auth-guard comes into play, updates the current request with the valid token behind the scenes so as to give a seamless user experience.
export class AuthService {
private manager = new UserManager(getClientSettings());
private user: User = null;
constructor() {
this.manager.getUser().then(user => {
this.user = user;
});
this.manager.events.addAccessTokenExpiring(async function(){
await this.manager.signinSilent().then(user => {
});
});
}}
I am trying to catch addAccessTokenExpiring event in the constructor of my auth-service class and calling signinSilent to get the new access_token. The event does kick off prior to token expiration but i am getting this.manager undefined inside this event.
Please share your valuable inputs to attain this. Any existing example would be highly appreciable.
Thanking You!
Tarun Ohri
My preference is to follow a similar approach but to not rely on the client side token expiry, by allowing a 401 to occur and then refreshing the token and retrying the API request with a new token.
If it helps, here are the 2 key classes: