Comments (5)
(But lots of thanks for this nice sample application, it's very useful for learning and understanding :) )
from sample-angular-oauth2-oidc-with-auth-guards.
Update/Solved:
This seems to be caused by uBlock Origin in my Firefox. I'll try to find out some more details about it.
from sample-angular-oauth2-oidc-with-auth-guards.
Thanks for sharing the root cause, that might help others find this issue and a solution!
I'll close the issue but feel free to add any other details for others to find.
from sample-angular-oauth2-oidc-with-auth-guards.
Hi,
I could not find out what uBlock Origin blocks exactly to break this mechanism, but it's easy reproducible that it does. It does not show anything blocked in the overview and the network request protocol.
I also noticed that enabling the "Enhanced Tacking Protection" in Firefox also breaks the silent refresh in the same way.
It seems to me that this refresh mechanism with the hidden iframe is likely to be blocked by anti tracking tools, so this mechanism is not very safe to use as it might not work for many users? Do you have any opinion on that?
Regards,
Sven
from sample-angular-oauth2-oidc-with-auth-guards.
Glad to hear the sample is useful!
The third party cookie blockades are certainly something that messes with the iframe-based silent refresh mechanism. You can read my "SPA Necromancy" blogpost for extensive details, or a smaller version in the repo's readme.
from sample-angular-oauth2-oidc-with-auth-guards.
Related Issues (20)
- Add more unit test coverage for "copy-pastable" code
- Add observable to indicate if User Profile was loaded HOT 2
- Difference between this sample repository and the samples in the library's repository HOT 1
- Switch from demo.identityserver.io instance
- Microsoft Azure AD takes longer time on initial load with same setup HOT 6
- Getting silent_refresh_timeout right after "Content Security Policy" violation for "frame-ancestors 'none'" HOT 5
- isAuthenticated observable is false when localStorage is used HOT 3
- Steps for Azure AD HOT 2
- (Cross-post) Announcement about moderation of the library's community
- Question - Howto redirect to login page directly HOT 1
- Application logs out too quickly in Firefox HOT 1
- I stay authenticated even after i logout HOT 5
- Keep sending id_token as auth bearer HOT 1
- Update to Angular 16 HOT 1
- Replace Protractor with other end-to-end testing utilities HOT 3
- Consider dropping silent-refresh/iframe by using refresh endpoint HOT 3
- The attempt at silent refresh during the runInitialLoginSequence method can cause extremely long page loads if no token is present depending on the server used HOT 2
- Upgrade to Angular 17
- Auth service unit test is incorrect HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sample-angular-oauth2-oidc-with-auth-guards.