Description
I have verified that the legacy SPAHelper logic in the new @asgardeo/javascript SDK (specifically within @asgardeo/browser) contains a logic error regarding token auto-refresh limits.
The method refreshAccessTokenAutomatically calculates the refresh timer using only parseInt(sessionData.expires_in). Since expires_in is verifying to be the static duration (e.g. 3600), reloading the page effectively resets the timer to wait the full duration from the current time, ignoring how much time has already elapsed.
Location
packages/browser/src/legacy/helpers/spa-helper.ts
(Lines 46-51)
Steps to Reproduce
- User logs in (Access Token valid for 30m).
- User reloads page at T=15m.
- SDK retrieves expires_in (30m) and sets a new timer for T=45m.
- At T=30m, token expires. Auto-refresh fails to fire.
Please select the area the issue is related to
@asgardeo/react, @asgardeo/browser
Version
@asgardeo/react 0.10.0, @asgardeo/browser 0.2.5
Environment Details (with versions)
Browser
Reporter Checklist
Description
I have verified that the legacy SPAHelper logic in the new @asgardeo/javascript SDK (specifically within @asgardeo/browser) contains a logic error regarding token auto-refresh limits.
The method refreshAccessTokenAutomatically calculates the refresh timer using only parseInt(sessionData.expires_in). Since expires_in is verifying to be the static duration (e.g. 3600), reloading the page effectively resets the timer to wait the full duration from the current time, ignoring how much time has already elapsed.
Location
packages/browser/src/legacy/helpers/spa-helper.ts
(Lines 46-51)
Steps to Reproduce
Please select the area the issue is related to
@asgardeo/react, @asgardeo/browser
Version
@asgardeo/react 0.10.0, @asgardeo/browser 0.2.5
Environment Details (with versions)
Browser
Reporter Checklist