Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error with authenticateOidcSilent #129

Open
Samtronic opened this issue Sep 11, 2020 · 19 comments
Open

Error with authenticateOidcSilent #129

Samtronic opened this issue Sep 11, 2020 · 19 comments

Comments

@Samtronic
Copy link

I install the last version 3.9.7 since I have error.
This is a log of event "oidcError"
An error occured at authenticateOidcSilent: End-User authentication is required
oidc-client.min.js?dd17:1 Uncaught (in promise) ErrorResponse: End-User authentication is required
at new e (oidc-client.min.js?dd17:1)
at t [as _processSigninParams] (oidc-client.min.js?dd17:1)
at t [as validateSigninResponse] (oidc-client.min.js?dd17:1)
at eval (oidc-client.min.js?dd17:1)

Thanks
Steven
@perarnborg
Copy link
Owner

@Samtronic When does this error appear? Is it when the application tries to renew the authentication? Or when the user visits a route?

@Samtronic
Copy link
Author

Samtronic commented Sep 11, 2020
edited
Loading

When the user is not logged and when the token is about to expiring. The behavior of authenticateOidcSilent is different since update

export const oidcSettings = {
authority: ${process.env.VUE_APP_OIDC_SERVER}/oauth2/auth,
client_id: 'gestionreseau',
redirect_uri: ${window.location.origin}/oidc-callback/,
response_type: 'id_token token',
scope: 'openid profile email roles',
// automaticSilentRenew: true,
accessTokenExpiringNotificationTime: 600, // (10 mins) The number of seconds before an access token is to expire to raise the accessTokenExpiring event.
silent_redirect_uri: ${window.location.origin}/silent-renew-oidc.html,
post_logout_redirect_uri: ${window.location.origin}/,
loadUserInfo: true,
filterProtocolClaims: true,
metadata: {
issuer: ${process.env.VUE_APP_OIDC_SERVER}/oauth2,
jwks_uri: ${process.env.VUE_APP_OIDC_SERVER}/oauth2/certs,
end_session_endpoint: ${process.env.VUE_APP_OIDC_SERVER}/oauth2/session/end,
authorization_endpoint: ${process.env.VUE_APP_OIDC_SERVER}/oauth2/auth,
revocation_endpoint: ${process.env.VUE_APP_OIDC_SERVER}/oauth2/token/revocation,
userinfo_endpoint: ${process.env.VUE_APP_OIDC_SERVER}/oauth2/userinfo
}
};

@perarnborg
Copy link
Owner

@Samtronic Can you check what version of oidc-client you have installed?

@Samtronic
Copy link
Author

Version 1.10.1

@perarnborg
Copy link
Owner

@Samtronic Thank you for your help in pointing this out! The error should be gone in v3.9.8. Let me know if not!

@Samtronic
Copy link
Author

Samtronic commented Sep 14, 2020
edited
Loading

Hi,

When I am not logged, I have now the message from only "oidcError" event. An error occured at authenticateOidcSilent: End-User authentication is required

When I am logged, and the Token is about to expired. I have again both message from "oidcError" event and "oidc-client"

An error occured at authenticateOidcSilent: End-User authentication is required
oidc-client.min.js?dd17:1 Uncaught (in promise) ErrorResponse: End-User authentication is required
at new e (oidc-client.min.js?dd17:1)
at t [as _processSigninParams] (oidc-client.min.js?dd17:1)
at t [as validateSigninResponse] (oidc-client.min.js?dd17:1)
at eval (oidc-client.min.js?dd17:1)

Thanks
Steven

@Samtronic
Copy link
Author

Samtronic commented Sep 18, 2020
edited
Loading

Hi,

I try version 3.10.0 and when I am not logged the event oidcError event is gone, but I have always the same error on authenticateOidcSilent. I never receice the event 'accessTokenExpiring' like before.

Thanks
Steven

@ghost
Copy link

ghost commented Oct 5, 2020
edited by ghost
Loading

Hi, I've just updated vuex-oidc from v. 1.14.0 to 3.10.0 and oidc-client 1.6.1 to 1.10.1 and I have the same problem. When I set expiration to 65 seconds in dev environment, silent renew works correctly and gets refreshed every time without any issue.

When standard token expires for users in staging environment after several hours, I receive the same error as Samtronic An error occured at authenticateOidcSilent: End-User authentication is required

It's pretty dificult to debug, because it works without any issue on my machine...

Debug log:

UserManager.getUser: user loaded						chunk-vendors.e4122be9.js:91
UserManager.getUser: user not found in storage				        chunk-vendors.e4122be9.js:91
Access token did expire							        store.js:49
ResponseValidator._processSigninParams: Response was error login_required	oidc-client.min.js:1
OIDC user is signed out							        store.js:46

@coolhome coolhome mentioned this issue Oct 6, 2020
Merged
@perarnborg
Copy link
Owner

Not certain, but could be fixed in v3.10.1.

@Samtronic
Copy link
Author

Again the same error for me

@coolhome
Copy link
Contributor

@Samtronic are the redirect and silent renew callback the same SPA or an external html file? I wonder if there is a different in the setup + config.

@ghost
Copy link

ghost commented Oct 12, 2020

@coolhome Your PR resolved my problem, thanks man! 👍

@Samtronic
Copy link
Author

@coolhome I took the example here. And I put my authentication info and I got the same error message.

Oidc config:
export const oidcSettings = {
authority: https://exemple.com/oauth2/auth,
client_id: 'gestionreseau',
redirect_uri: https://gestionreseau.localhost:8080/oidc-callback/,
response_type: 'id_token token',
scope: 'openid profile email roles',
automaticSilentRenew: true,
automaticSilentSignin: false,
the accessTokenExpiring event.
silent_redirect_uri: https://gestionreseau.localhost:8080/silent-renew-oidc.html,
post_logout_redirect_uri: https://gestionreseau.localhost:8080/,
loadUserInfo: true,
filterProtocolClaims: true,
metadata: {
issuer: https://exemple.com/oauth2,
jwks_uri: https://exemple.com/oauth2/certs,
end_session_endpoint: https://exemple.com/oauth2/session/end,
authorization_endpoint: https://exemple.com/oauth2/auth,
revocation_endpoint: https://exemple.comoauth2/token/revocation,
userinfo_endpoint: https://exemple.com/oauth2/userinfo
}
}

Server NodeOidc Settings
{
"client_id": "gestionreseau",
"grant_types": [
"implicit"
],
"response_types": [
"id_token token",
"id_token"
],
"redirect_uris": [
"https://gestionreseau.localhost:8080/oidc-callback/",
"https://gestionreseau.localhost:8080/silent-renew-oidc.html",
],
"post_logout_redirect_uris": [
"https://gestionreseau.localhost:8080/",
],
"token_endpoint_auth_method": "none",
"display_name": "Gestion du réseau"
},

@Samtronic
Copy link
Author

@cdshotels-liborpansky How you solve your issue ?

@coolhome
Copy link
Contributor

@Samtronic I see you have silent-renew-oidc.html and I'm wondering if this is part of the same Single Page Application or a separate html file like in the demo repo? I would suggest doing it the same way as the wiki instead of sample project.

Outside of that guess I am afraid I won't be much help.

@ux-engineer
Copy link

@coolhome you can use vue.config.js multipage setup:

module.exports = {
  // GENERAL CONFIGS
  pages: {
    app: {
      title,
      entry: 'src/main.ts',
      template: 'public/index.html',
      filename: 'index.html',
      excludeChunks: ['silentRenewOidc'],
    },
    silentRenewOidc: {
      entry: 'src/silentRenewOidc.ts',
      template: 'public/silent-renew.html',
      filename: 'silent-renew.html',
      excludeChunks: ['app'],
    },
  },
};

src/silentRenewOidc.ts

import 'core-js/features/promise';
import { vuexOidcProcessSilentSignInCallback } from 'vuex-oidc';

vuexOidcProcessSilentSignInCallback();

@Samtronic
Copy link
Author

Thanks everyone for your help, but I still have the same problem. I'll look at the logs on the OIDC server to see if I can't find something

@oznfc
Copy link

oznfc commented Dec 6, 2021

@Samtronic did you solve problem ?I have same issue.

@samtronic10
Copy link

no. I have not investigated further.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@perarnborg @coolhome @ux-engineer @Samtronic @oznfc @samtronic10