Hi there !
Im looking for a way to silently login the user once his refresh token has expired. At the moment the user must reload the SPA ince his refresh token expired.
Perhaps using an iframe.
Any way to do this ?
Thanks !
Hi there !
Im looking for a way to silently login the user once his refresh token has expired. At the moment the user must reload the SPA ince his refresh token expired.
Perhaps using an iframe.
Any way to do this ?
Thanks !
My two cents here: The upcoming deprecation of third-party cookies [1] will impact iframe-based login widgets, iframe-based background token renewal, Connect Front-Channel Logout and OpenID Connect Session Management. Therefore, don’t use an iframe for that.
My recommendation, if possible for public clients, is to implement a BFF (Backend for Frontend) following the OAuth 2.0 guidelines for Browser-Based Applications [2] . Alternatively, you can delegate authentication and token renewal to a proxy with an OIDC module, such as lua-resty-openidc
[3].
[1] Federated Credential Management API overview | Privacy Sandbox | Google for Developers
[2] draft-ietf-oauth-browser-based-apps-18
[3] GitHub - zmartzone/lua-resty-openidc: OpenID Connect Relying Party and OAuth 2.0 Resource Server implementation in Lua for NGINX / OpenResty