You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
I'm getting the following error:
authentication.service.ts:42 [ERROR] 0-ace_fe - silent renew failed! Error: Error: authorizedCallback, token(s) validation failed, resetting. Hash: at angular-auth-oidc-client.mjs:3657:37 at Observable.init [as _subscribe] (throwError.js:5:51) at Observable._trySubscribe (Observable.js:37:25) at Observable.js:31:30 at errorContext (errorContext.js:19:9) at Observable.subscribe (Observable.js:22:21) at catchError.js:14:31 at OperatorSubscriber._error (OperatorSubscriber.js:23:21) at OperatorSubscriber.error (Subscriber.js:40:18) at OperatorSubscriber._error (Subscriber.js:64:30)
Steps to reproduce the behavior
Angular 17.
"angular-auth-oidc-client": "17.0.0"
Service configuration is set in app.module.ts:
AuthModule.forRoot({
config: {
authority: environment.authenticationConfig.authority,
redirectUrl: environment.authenticationConfig.redirectUrl, // goes to /redirect
postLoginRoute: "/home",
postLogoutRedirectUri: environment.authenticationConfig.postLogoutRedirectUrl, // goes to /front-page
unauthorizedRoute: environment.authenticationConfig.unauthorizedRoute, // goes to /unauthorized
clientId: "fe",
ignoreNonceAfterRefresh: false, // if set to true, refresh works but nonce is not validated
scope: "openid profile offline_access",
responseType: "code",
silentRenew: true,
useRefreshToken: true,
secureRoutes: environment.authenticationConfig.secureRoutes,
logLevel: LogLevel.Debug,
Authority is a Keycloak container version 23.0.4
FE client configuration:
Client authentication off
Authentication flow: standard flow
A clear and concise description of what you expected to happen.
After configuring the authentication service to run an authentication code flow with pkce and silent renew based on refresh tokens, I expected the refreshed tokens nonce validation to be successfull. However the nonce validation raised an error due to the local stage being unconsistent.
We can see that the authNonce variable is null. I think this is causing the error. Maybe thie original nonce is being overwritten by some of the calls to the setNonce function, for example the one in the src/lib/flows/callback-handling/history-jwt-keys-callback-handler.service.ts file, or the one in the src/lib/iframe/silent-renew.service.ts which could mean that maybe something related to the keys or to the params of the renew callback are wrong?
I am also getting, this log (not really an error?) which I think is the cause of the token validation error:
It is getting the nonce from the token buth the stored nonce is a placeholder.
This placeholder is used in the file src/lib/flows/callback-handling/refresh-session-callback-handler.service.ts to set the authNonce state to the placeholder if there is refresh token in the state service?
// Nonce is not used with refresh tokens; but Key cloak may send it anyway
this.flowsDataService.setNonce(
TokenValidationService.refreshTokenNoncePlaceholder,
config
);
Indeed my Keycloak instance sends the nonce in every token of the response to the refresh token request.
The localNonce may be later check in the oidc-client/src/lib/validation/token-validation.service.ts file where the failed check log message that troubles me is raised:
¿Maybe is this check that is causing the token validation to fail?
This are the other warnings and errors that I get from the console:
authentication.service.ts:42 [WARN] 0-ace_fe - authCallback incorrect nonce, did you call the checkAuth() method multiple times?
angular-auth-oidc-client.mjs:70 [DEBUG] 0-ace_fe - authCallback token(s) invalid
authentication.service.ts:42 [WARN] 0-ace_fe - authorizedCallback, token(s) validation failed, resetting. Hash:
angular-auth-oidc-client.mjs:70 [DEBUG] 0-ace_fe - Local Login information cleaned up and event fired
angular-auth-oidc-client.mjs:70 [DEBUG] 0-ace_fe - Local Login information cleaned up and event fired
authentication.service.ts:42 [ERROR] 0-ace_fe - silent renew failed! Error: Error: authorizedCallback, token(s) validation failed, resetting. Hash: at angular-auth-oidc-client.mjs:3657:37 at Observable.init [as _subscribe] (throwError.js:5:51) at Observable._trySubscribe (Observable.js:37:25) at Observable.js:31:30 at errorContext (errorContext.js:19:9) at Observable.subscribe (Observable.js:22:21) at catchError.js:14:31 at OperatorSubscriber._error (OperatorSubscriber.js:23:21) at OperatorSubscriber.error (Subscriber.js:40:18) at OperatorSubscriber._error (Subscriber.js:64:30)
Another important thing is that the checkAuth() in my code is only called on the ngInit function of the Redirect component that is instantiated when accessing the /redirect unprotected (by any guard) route.
The text was updated successfully, but these errors were encountered:
mf-andres
changed the title
[Bug]:
[Bug]: silent renew failed! Error: Error: authorizedCallback, token(s) validation failed, resetting. Hash
May 28, 2024
Version
17.0.0
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
Steps to reproduce the behavior
Angular 17.
"angular-auth-oidc-client": "17.0.0"
Service configuration is set in app.module.ts:
Authority is a Keycloak container version 23.0.4
FE client configuration:
A clear and concise description of what you expected to happen.
Additional context
Authenticate request body:
Information stored in local storage after redirection by keycloak:
We can see that the authNonce variable is null. I think this is causing the error. Maybe thie original nonce is being overwritten by some of the calls to the setNonce function, for example the one in the src/lib/flows/callback-handling/history-jwt-keys-callback-handler.service.ts file, or the one in the src/lib/iframe/silent-renew.service.ts which could mean that maybe something related to the keys or to the params of the renew callback are wrong?
I am also getting, this log (not really an error?) which I think is the cause of the token validation error:
It is getting the nonce from the token buth the stored nonce is a placeholder.
This placeholder is used in the file src/lib/flows/callback-handling/refresh-session-callback-handler.service.ts to set the authNonce state to the placeholder if there is refresh token in the state service?
angular-auth-oidc-client/projects/angular-auth-oidc-client/src/lib/flows/callback-handling/refresh-session-callback-handler.service.ts
Indeed my Keycloak instance sends the nonce in every token of the response to the refresh token request.
The localNonce may be later check in the oidc-client/src/lib/validation/token-validation.service.ts file where the failed check log message that troubles me is raised:
¿Maybe is this check that is causing the token validation to fail?
This are the other warnings and errors that I get from the console:
Another important thing is that the checkAuth() in my code is only called on the ngInit function of the Redirect component that is instantiated when accessing the /redirect unprotected (by any guard) route.
The text was updated successfully, but these errors were encountered: