Identity Server 4 Angular 2 Token Expiration

Question

Identity Server 4 Angular 2 Token Expiration

I am looking for tips on how best to work with expiration using Angular 2 and Identity Server 4. I use an implicit stream with Identity Server 4 that does not issue token updates, and I do not want to redirect the user after the token expires.

Also, why is there no update token? Why does hybrid stream not work for javascript clients? I manage the ID server, application and api, so will this work?

+4

angular oauth openid-connect identityserver4

Fab Feb 10 '17 at 15:15

source share

1 answer

Jenan · Accepted Answer · 2017-02-11T20:19:59+0000

I can recommend a token management library for a javascript application: https://github.com/IdentityModel/oidc-client-js

You correctly used the implicit stream for SPA - here is a description of which stream is correct - https://leastprivilege.com/2016/01/17/which-openid-connectoauth-2-o-flow-is-the-right-one/

Oidc-clientprovides an excellent feature called automaticSilentRenew- check documents . In the background there is a timer and processes the event until the token expires and uses a hidden iframe to get a new access token.

Example for Angular2and Oidc-client: https://github.com/jmurphzyo/Angular2OidcClient

- JavaScript IdentityServer - https://vimeo.com/131636653

Identity Server 4 Angular 2 Token Expiration

More articles: