Immediate silent calls kill my session

[danielmdubois]

I have incorporated the vue-oidc-client into my Vue SPA. I can see in the Chrome network trace a successful flow (i.e. authorize?client_id, auth/signinwin/main?code, /connect/checksession, /connect/token, etc.) that results in a proper user session. The user session information, ala {{ $oidc.userProfile }}, even renders on the page in the Vue components -- very briefly.

But instantly afterwards, a new flow is being initiated. I can see two attempts in the Chrome network trace for another authorize?client_id, these with redirect_uri, the scope, and the prompt all being different than what was specified in my createOidcAuth object and my original flow. The "prompt: none", the auth/signinsilent redirect_uri, and my Google investigations indicates to me this some kind of "silent refresh". These silent refreshes are being rejected by the identity server, with error: login_required. This causes the session info to get blown away, and disappear off the screen.

(FWIW, the identity server is an existing, internal, deployed identity server our company created and used by several teams. It does some handover process to Microsoft Azure AD on the backend, and for that reason, I can see some extra redirects bouncing around, versus what might be normal for a trace, but the end result is good. I've used it for other web apps in other programming languages. My configuration of the client secret might be in doubt, but the correctness of the identity server shouldn't be.)

Do I need to add more code to handle these silent refreshes? Is it normal for them to occur so quickly, given the response to the /connect/token call includes an "expires_in":3600 with the JWT? Can I turn them off?

[heteth]

Hi @danielmdubois ,

I'm having the same issue. Did you manage to resolve it?