fix: implicit flow bug reported on issue #76.

- Avoid the token update when the implicit flow is chosen. - It will perform a silent refresh as planned in issue #43.
mauriciovigolo · Jun 26, 2018 · b8aaec1 · b8aaec1
1 parent ea43c16
commit b8aaec1
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/projects/keycloak-angular/src/lib/core/services/keycloak.service.ts b/projects/keycloak-angular/src/lib/core/services/keycloak.service.ts
@@ -40,6 +40,11 @@ export class KeycloakService {
    * Flag to indicate if the bearer will not be added to the authorization header.
    */
   private _enableBearerInterceptor: boolean;
+  /**
+   * When the implicit flow is choosen there must exist a silentRefresh, as there is
+   * no refresh token.
+   */
+  private _silentRefresh: boolean;
   /**
    * Indicates that the user profile should be loaded at the keycloak initialization,
    * just after the login.
@@ -193,6 +198,7 @@ export class KeycloakService {
       this._bearerExcludedUrls = options.bearerExcludedUrls || [];
       this._authorizationHeaderName = options.authorizationHeaderName || 'Authorization';
       this._bearerPrefix = this.sanitizeBearerPrefix(options.bearerPrefix);
+      this._silentRefresh = options.initOptions.flow === 'implicit';
       this._instance = Keycloak(options.config);
       this.bindsKeycloakEvents();
       this._instance
@@ -384,8 +390,19 @@ export class KeycloakService {
    */
   updateToken(minValidity: number = 5): Promise<boolean> {
     return new Promise(async (resolve, reject) => {
+      // TODO: this is a workaround until the silent refresh (issue #43)
+      // is not implemented, avoiding the redirect loop.
+      if (this._silentRefresh) {
+        if (this.isTokenExpired()) {
+          reject('Failed to refresh the token, or the session is expired');
+        } else {
+          resolve(true);
+        }
+        return;
+      }
+
       if (!this._instance) {
-        reject(false);
+        reject();
         return;
       }