Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Silent Redirect URI vs Silent Login URI #892

Open
ronildo opened this issue Oct 25, 2022 · 6 comments
Open

Silent Redirect URI vs Silent Login URI #892

ronildo opened this issue Oct 25, 2022 · 6 comments

Comments

@ronildo
Copy link

ronildo commented Oct 25, 2022

This is actually more a question than an issue:
For some reason, the method silentLoginAsync is timing out on my project. I'm trying to figure out why.

Looking at the code and instructions, it's not clear to me what those two params are used for.

silent_login_uri what value should I add here?
Is it a URL from my site? or is it something from my authentication provider?

Do you guys have any idea why this might be timing out?

Attaching a screenshot of the issue happening in production.
Screenshot from 2022-10-25 13-53-56
@guillaume-chervet
Copy link
Contributor

Hi @ronildo , silentlogin is used internally to manage silent callback route. It is not mandatory.

On which browser do you see this error?
This error append when oidc provider cookie is not sended to oidc provider.

@ronildo
Copy link
Author

ronildo commented Oct 25, 2022

I see this basically on all browsers, the screenshot was taken from Chrome.
Is there a way I can check to see if the cookie is all good?

@guillaume-chervet
Copy link
Contributor

guillaume-chervet commented Oct 26, 2022
edited
Loading

If oidc server is not in the same domain than your website then cookie should have attribute value: SameSite=None

@ronildo
Copy link
Author

ronildo commented Oct 26, 2022
edited
Loading

yes, oidc server is not in the same domain as the app.
Thank you again, I will check it tomorrow.

@tielushko
Copy link

tielushko commented Oct 26, 2022
edited
Loading

I wanted to add to this conversation, we have set the AccessTokenLifetime property on the IdentityServer that we use with this application to a lifetime of 48hrs. However, I noticed that the expiresAt property is different and is always set to be 300 seconds from the time the token was issued, despite the expiresIn property being valid, and set to 48hrs (172800 seconds).

Github

How would we go about modifying this expiresAt property? I see it used in codebase quite frequently and I believe that, in part, triggers our silent sign in failures.

Additionally, I checked the cookie that the OIDC uses, and it has the SameSite=None property.

image

@guillaume-chervet
Copy link
Contributor

Hi, @tielushko ,

By default the library use the shorter life between access_token and id_token.

There is a property to change the default behavior.

an example: https://github.com/AxaGuilDEv/ml-cli/blob/master/src/Ml.Cli.WebApp/ClientApp/public/environment.dev.json
"token_renew_mode": "access_token_invalid"

token_renew_mode: PropTypes.string, // Optional, update tokens base on the selected token(s) lifetime: "access_token_or_id_token_invalid" (default), "access_token_invalid" , "id_token_invalid"

@hxuanhung hxuanhung mentioned this issue May 2, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ronildo @tielushko @guillaume-chervet