You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
If the local machine’s clock is significantly out of sync with the Keycloak server's time (beyond the allowable clock skew), the oauth service interpret the token as expired and thrown the error Token has expired even though the token is valid, and end up with an infinite loop.
To address the loop issue, I catch the tryLogin error and invoke revokeTokenAndLogout(). This function revokes the authentication token and redirects the user to the postLogoutRedirectUri. However, Keycloak returns the error Missing parameters: id_token_hint because the logout uri is called with only the post_logout_redirect_uri parameter.
Expected behavior
The logout endpoint is called with post_logout_redirect_uri and id_token_hint
Desktop (please complete the following information):
OS: macOS Sonoma 14.6.1
Browser chrome
Version 129.0.6668.90 (Official Build) (arm64)
angular-oauth2-oidc version 15.0.1
Additional context
In case of Token has expired, the logOut method doesn't set the id_token_hintoauth-service.ts#L2553-L2555 since the id_token is not set into the storage.
Storing the id_token after receiving the token response oauth-service.ts#L1912 could ensure proper handling of the logout process.
The text was updated successfully, but these errors were encountered:
Describe the bug
If the local machine’s clock is significantly out of sync with the Keycloak server's time (beyond the allowable clock skew), the oauth service interpret the token as expired and thrown the error
Token has expiredeven though the token is valid, and end up with an infinite loop.To address the loop issue, I catch the
tryLoginerror and invokerevokeTokenAndLogout(). This function revokes the authentication token and redirects the user to thepostLogoutRedirectUri. However, Keycloak returns the errorMissing parameters: id_token_hintbecause the logout uri is called with only thepost_logout_redirect_uriparameter.Expected behavior
The
logoutendpoint is called withpost_logout_redirect_uriandid_token_hintDesktop (please complete the following information):
Additional context
In case of
Token has expired, thelogOutmethod doesn't set theid_token_hintoauth-service.ts#L2553-L2555 since the id_token is not set into the storage.Storing the
id_tokenafter receiving the token response oauth-service.ts#L1912 could ensure proper handling of the logout process.The text was updated successfully, but these errors were encountered: