Hi Devs, We have an angular application which uses the implicit grant. In the application, once the user is authenticated, till the IDP session is active we do a silent refresh using an iframe to keep the token alive, but here I face a scenario like this.
Let's say the access token is having a lifespan of 10 min and the session at the identity server is having a lifespan of 15 min, I would like to do a silent refresh when the access token is about to expire. For example in like in 9 min. In this case, as there is already an active token exists, the IDP will return that active token which is having 1 min lifespan. So before the next silent refresh call the token will get expired. How can I handle this scenario. As this is a SPA, I don't want to do revoke and renew because we will have to store the client_secret in order to do this. So what is the best approach for this ? I was thinking a scenario like, appending a random scope with original requested scope each time we do the silent refresh. So we get a new access token every time. Will that be a correct approach ? Appreciate your thoughts on this. Regards, Prakhash -- *Prakhash Sivakumar | Senior Software Engineer | WSO2 Inc* *+94771510080 | prakh...@wso2.com <prakh...@wso2.com> | https://medium.com/@PrakhashS <https://medium.com/@PrakhashS>*
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev