JS Client WebAPI call and token refresh

[mauroservienti]

We are using Identity Server v3, rc1, the client is a WebAPI project with an AngularJS app in front of it, the client is configured using OpneIdConnect.
At the first request the client is redirected to the login page, after login is redirected back as expected. We are requesting offline_access to have refresh tokens.

Once the access token has expired is there a way to renew the token without redirecting back to the login page?

We are observing the following:

• the SPA client issues a http request;
• the access token is expired;
• RedirectToIdentityProvider notification is called with a AuthenticateRequest type;
• the redirect fails because the js client ignores it, obviously;

If we understood correctly the flow given that we have a refresh token shouldn't we be able to get a new token and move on?
If the user hit F5 we are redirected to the login page and immediately redirected back without the need to re-enter user credentials. We need to achieve the same transparently from web api backend.

[brockallen]

Refresh tokens aren't allowed for implicit clients. So for an angular app you need to either use long lived access tokens, or keep obtaining new ones. We have a TokenManager JS helper library that can keep renewing tokens from an iframe. Check the OAuthJS project in the samples repo.

[mauroservienti]

@brockallen thanks for the response. By implicit client you mean that we are passing directly credentials or? we are not, by redirect I mean that we are redirected to the IdSrv login page.

I'll give a look to the sample.