@@ -76,6 +76,10 @@ export class AuthService {
76
76
. pipe ( filter ( e => [ 'session_terminated' , 'session_error' ] . includes ( e . type ) ) )
77
77
. subscribe ( e => this . navigateToLoginPage ( ) ) ;
78
78
79
+ // This *does* work with v9.0.0 as it detects code+pkce flow and sets up
80
+ // refreshToken() calls that require offline_access, instead of actually
81
+ // calling silentRefresh, which would fail because of this issue:
82
+ // https://github.com/manfredsteyer/angular-oauth2-oidc/issues/600
79
83
this . oauthService . setupAutomaticSilentRefresh ( ) ;
80
84
}
81
85
@@ -104,10 +108,9 @@ export class AuthService {
104
108
}
105
109
106
110
// 2. SILENT LOGIN:
107
- // Try to log in via silent refresh because the IdServer
108
- // might have a cookie to remember the user, so we can
109
- // prevent doing a redirect:
110
- return this . oauthService . silentRefresh ( )
111
+ // Try to log in via a refresh because then we can prevent
112
+ // needing to redirect the user:
113
+ return this . startWithRefresh ( )
111
114
. then ( ( ) => Promise . resolve ( ) )
112
115
. catch ( result => {
113
116
// Subset of situations from https://openid.net/specs/openid-connect-core-1_0.html#AuthError
@@ -161,14 +164,31 @@ export class AuthService {
161
164
. catch ( ( ) => this . isDoneLoadingSubject$ . next ( true ) ) ;
162
165
}
163
166
167
+ private startWithRefresh ( ) {
168
+ if ( this . oauthService . getRefreshToken ( ) ) {
169
+ console . log ( 'Found a refresh token, trying to use it.' ) ;
170
+ return this . oauthService . refreshToken ( ) ;
171
+ }
172
+
173
+ // No silent refresh via iframe is supported for code flow yet.
174
+ // See also: https://github.com/manfredsteyer/angular-oauth2-oidc/issues/600
175
+ return Promise . reject ( ) ;
176
+ }
177
+
164
178
public login ( targetUrl ?: string ) {
165
179
// Note: before version 9.1.0 of the library you needed to
166
180
// call encodeURIComponent on the argument to the method.
167
181
this . oauthService . initImplicitFlow ( targetUrl || this . router . url ) ;
168
182
}
169
183
170
184
public logout ( ) { this . oauthService . logOut ( ) ; }
171
- public refresh ( ) { this . oauthService . silentRefresh ( ) ; }
185
+ public refresh ( ) {
186
+ // Silent refresh via iframe is not supported (yet?) for the code+pkce flow.
187
+ // See also: https://github.com/manfredsteyer/angular-oauth2-oidc/issues/600
188
+ // this.oauthService.silentRefresh();
189
+ // So for now we do this instead:
190
+ this . oauthService . refreshToken ( ) ;
191
+ }
172
192
public hasValidToken ( ) { return this . oauthService . hasValidAccessToken ( ) ; }
173
193
174
194
// These normally won't be exposed from a service like this, but
0 commit comments