Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OidcUsermanger.currentuser returns null after some few days or hours #126

Open
Ianmuhia opened this issue Oct 19, 2024 · 12 comments
Open

OidcUsermanger.currentuser returns null after some few days or hours #126

Ianmuhia opened this issue Oct 19, 2024 · 12 comments
Labels
bug Something isn't working

Comments

@Ianmuhia
Copy link

Ianmuhia commented Oct 19, 2024

After login in , quering the current user returns null after some hours , or days

@Ianmuhia Ianmuhia added the bug Something isn't working label Oct 19, 2024
@ahmednfwela
Copy link
Member

perhaps the access token expired and no refresh token was provided by the idp?

check if you requested offline_access scope

@egfconnor
Copy link

I am seeing the same behavior even though I have a refresh token I'm getting back.

What's interesting is if I log the expiresIn from the currentUser's token it always shows it expires in 74 minutes even as time is passing by. Perhaps the auto refresh isn't working because of an issue with the logic that calculates the expiresIn duration?

@ahmednfwela
Copy link
Member

@egfconnor expiresIn does not change as time passes, it's instead added to expiresInReferenceDate to get the expiresAt date, where we check if it has passed now or not

@ahmednfwela
Copy link
Member

please provide your idp discovery document if possible

@egfconnor
Copy link

@ahmednfwela ah okay that makes more sense then. My idp discovery document includes offline_access in the scopes_supported section if that's what you're wondering about? I also specify that in my scope array in OidcUserManagerSettings.

@egfconnor
Copy link

Is there any ways you would recommend I could debug if it's attempting to refresh or not? I can use Flutter Dev Tools Network panel for instance to observe specific network requests, or enable some sort of log?

@ahmednfwela
Copy link
Member

can you also check the supported grants in the discovery document if they include refresh token?

@egfconnor
Copy link

Thanks for the help @ahmednfwela it turns out my discovery document for Microsoft Entra doesn't include a 'grant_types_supported' section at all. I manually added it via OidcProviderMetadata.fromJson() and refresh is working great now.

@ahmednfwela
Copy link
Member

that's great to hear @egfconnor !

@Ianmuhia
Copy link
Author

Ianmuhia commented Dec 6, 2024

@egfconnor .. mind providing a code sample for your solution please

@egfconnor
Copy link

  final OidcUserManager _oidcUserManager = OidcUserManager(
    discoveryDocument: OidcProviderMetadata.fromJson(
      {
        'issuer':
            '<issuer>',
        'authorization_endpoint':
            '<authorization_endpoint>',
        'token_endpoint':
            '<token_endpoint>',
        'end_session_endpoint':
            '<end_session_endpoint>',
        'grant_types_supported': [
          'authorization_code',
          'refresh_token',
        ],
      },
    ),
    clientCredentials: const OidcClientAuthentication.none(
      clientId: '<client_id>',
    ),
    store: OidcDefaultStore(),
    settings: OidcUserManagerSettings(
      prompt: ['login'],
      scope: ['openid', 'offline_access', '<a_custom_scope_we_have>'],
      options: const OidcPlatformSpecificOptions(
        ios: OidcPlatformSpecificOptions_AppAuth_IosMacos(
          // This disables "app_name" Wants to Use "domain_name" to Sign In on iOS
          preferEphemeralSession: true,
        ),
      ),
      redirectUri: Uri.parse('<our_redirect_uri>'),
      supportOfflineAuth: true,
    ),
  );

Then of course you need to call:

 await _oidcUserManager.init();

@ahmednfwela
Copy link
Member

another option is to also override the discovery document

https://bdaya-dev.github.io/oidc/oidc-usage/#overriding-the-discovery-document

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants