[Bug]: Silent refresh fails using localStorage when multiple tabs trying to refresh at the same time

[Coldfen]

Version

16.0.0

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

myConfigId - silent renew failed! Error: Error: authorizedCallback, token(s) validation failed, resetting.

Steps to reproduce the behavior

1) Set up OIDC Code Flow PKCE using refresh tokens (used 'ng add angular-auth-oidc-client')

2) Set up custom storage using localStorage (used example from https://angular-auth-oidc-client.com/docs/documentation/custom-storage)

3) To speed up testing, setup your authority to have short lived access and refresh tokens. (i.e. 30 - 50 seconds) 

4) Login using one browser [chrome] tab (i.e. this.oidcSecurityService.authorize()). Open console and verify refresh is working

5) Open a few more tabs. Open console and verify they are authorized and refreshing (in my case i open 6 or more)

6) Wait until error occurs. It shouldn't take long - usually 2-20 minutes with 30 - 40 seconds tokens. Open more tabs if needed.

A clear and concise description of what you expected to happen.

Access token should refresh successfully and all tabs remain authorized

Additional context

The same problem was described in #1662

A temporary solution does not suit me well, because my token functions for 300 seconds.

My config:

AuthConfigModule added to the imports of the main AppModule.

[joewIST]

Experiencing the same issue. Any help appreciated.

[CraigGP1]

Same issue.

[Ghostbird]

We're encountering issues with this fairly often too. If there's a solution at the library level, that would be great.

[joewIST]

Not sure if you are experiencing any of the issues found here as well? #1753

[Ghostbird]

No, not as far as I know. The trick mentioned in #1662 (comment) is something I'm going to try, where the renewTimeBeforeTokenExpiresInSeconds gets a random number. That won't fix it, but may significantly reduce the problem.

[joewIST]

Good luck. We tried that in the past but it didn't fix our issue.

[joewIST]

We tried that but unfortunately it doesn't resolve our issue.

[lemonCMS]

Is there any progress on this issue?

[FabianGosebrink]

The cleanest solution would be to queue up the refreshes to guarantee a sequential order🤔🤔🤔 If that is possible. Have to test, but afair the tab gets a new instance of the lib, so basically we have to distinguish between what is being renewed currently. Maybe we can move the renewal information to the specific entry in the LS. Wdyt?

[sebastiandenis]

We have the same issue :/ (v. 16.0.1)

[Ghostbird]

@FabianGosebrink I think most proposed workarounds are trying to achieve this. I tried a random renewTimeBeforeTokenExpiresInSeconds for example, assuming that it would sequence the refreshes, but that didn't work.

[sebastiandenis]

@FabianGosebrink is there any chance to fix this anytime soon? We've tried many workarounds, but it seems that you can't do too much from the outside of the lib. When this error occurs, the auth data is being reset in the local storage and it affects all the tabs.

[FabianGosebrink]

I would love to but lacking of time :( As soon as I got time I can try to fix this.