Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Angular client: After successful login, backend is flooded with token refresh requests #11408

Closed
lgadola opened this issue Jan 21, 2022 · 5 comments
Closed

Angular client: After successful login, backend is flooded with token refresh requests #11408

lgadola opened this issue Jan 21, 2022 · 5 comments

Comments

@lgadola
Copy link
Contributor

lgadola commented Jan 21, 2022

ABP 5.1.2
Angular
EF Core

Hi guys,

I have created an Angular frontend with "abp new" and added Ionic to it.
Added a login dialog and changed authentication to Resource Owner Password Flow.
Login with AuthenticationService.login() is successful and ID token is received.
But then the frontend goes into an indefinite loop, flooding the backend with /connect/token requests to get refresh tokens.
I have not found out, why this happens. The same behaviour is shown when changing back to Authorization Code Flow.

I created a repository where the behaviour can easily be reproduced.

Extract from the server log:

Thanks for your help!
@yinchang0626
Copy link
Contributor

@lgadola hi
try to downgrade rxjs :
"rxjs": "~6.6.0"

It work for me

@EngincanV
Copy link
Member

We use the angular-oauth2-oidc package for authentication. This problem is related to that package, as @yinchang0626 mentioned downgrading the package to v6 can fix your problem.

@lgadola
Copy link
Contributor Author

lgadola commented Jan 22, 2022

Thanks guys!
That works.

@lgadola lgadola closed this as completed Jan 22, 2022
@lgadola lgadola mentioned this issue Feb 2, 2022
Closed
@islam-b
Copy link

islam-b commented May 24, 2022
edited

angular-oauth2-oidc package uses rxjs operator delay to set the token expiration timer which is used to trigger the expiration event :

of(new OAuthInfoEvent('token_expires', 'access_token') )
        .pipe(delay(timeout))
        .subscribe((e) => {
           //...
       })

The issue occurs in the delay operator, it takes a max number value 2147483647 (as milliseconds), so when setting the access token lifetime (as seconds) big enough it will reach the limit and causes the unexpected behavior, (ReactiveX/rxjs#3015),

The max token lifetime that you can set is : 2863311,52 seconds (approximatively 1 month)

Explanation:

@f-belhocine
Copy link
Contributor

Many thanks for the detailed explanation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@lgadola @f-belhocine @yinchang0626 @islam-b @EngincanV