signinSilent() does not working correctly after restarting the browser (only in IE and Firefox)

[lexon0011]

To test my oidc implementation, I configure the AccessTokenLifetime to 120 (2 minutes). After authenticating in my application, the browser refresh the access token correctly after 2 minutes. For this the browser create a request with some cookies to the IdentityProvider

After closing the Internet Explorer and restarting it later, the application calls the signinSilent() methode of the oidc-client, because the AccessToken is expired, but this doesn't work. I believe that the problem is, that the IE creates now the request without the cookies (see RefreshAccessTokenRequestWithoutCookies.PNG).

In Chrome everything works fine. Any idea what could be wrong here?

[brockallen]

What's the error you get back? I suspect it's login_required: https://openid.net/specs/openid-connect-core-1_0.html#AuthError

[lexon0011]

Yes you are right, the error is 'login_required'
I check you link, but I am not sure what I have to change, to get it running in IE and Firefox?

[brockallen]

It means the user needs to login again - their session is no longer active at the token server.

[lexon0011]

To reach a high level of security, I use the IdentityServer in the following way:
--> my access tokens expires after 8 hours
--> my SPA Client refresh the access token via silent renew - signinSilent()

After 4 weeks the user need to login again. For this I set the following configuration on the server:

var cookieOptions = new IdentityServer3.Core.Configuration.CookieOptions()
{
   IsPersistent = true,
   ExpireTimeSpan = new TimeSpan(672, 0, 0)    // 24 h x 7 (1 week) x 4 (1 month) -> validity of refresh token
};

So in Chrome everything works as expected. I don't understand why in IE or Firefox the signinSilent() doesn't work after restarting the browser? Is there a way to archive my goal across IE, Firefox and Chrome?

Thanks for helping!

[brockallen]

Sorry, but you'll have to debug why those browsers are not honoring your cookie.

[lexon0011]

I try to find the problem since two days.Okay, a soon as I found a solution, I will post it ...

[lexon0011]

I found the problem and a workaround.

Problem: I use a custom view for my IdenityServer (for developing the custom view I used this sample as template). In the login template I remove the "rememberMe" checkbox, because I want to set the property always true. For this I add the following code in my CustomViewService:

public virtual async Task<Stream> Login(LoginViewModel model, SignInMessage message)
{
   model.RememberMe = true;    // set remember me always to true 
   var client = await this.clientStore.FindClientByIdAsync(message.ClientId);
   var name = client?.ClientName;
   return await this.Render(model, "login", name);
}

Workaround: Because setting the rememberMe property programmatically doesn't work in all browsers, I modify the default model (which is bound to the html controls). For this I add the following line code to the getModel() function in the app.js file

getModel: function () {
   ...
   model.rememberMe = true;
   return model;
}

Now the checkbox for rememberMe is checked as default and refreshing the access token also works after restarting the browser.

So if there is a better way to setting the rememberMe property to true as default, please tell me.

[brockallen]

All set on this issue -- can we close?

[lexon0011]

My workaround works. So you can close it! Thanks!