Aktivity „trannguyenphucanh“

Hello,

I am able to reproduce the error. The bug is related to version 5.3.5. Can you add the following lines to your package.json?

  "resolutions": { 
    "@abp/ng.components": "5.3.4", 
    "@abp/ng.core": "5.3.4", 
    "@abp/ng.setting-management": "5.3.4", 
    "@abp/ng.theme.lepton-x": "1.0.0-beta.3", 
    "@abp/ng.theme.shared": "5.3.4", 
    "@volo/abp.commercial.ng.ui": "5.3.4", 
    "@volo/abp.ng.account": "5.3.4", 
    "@volo/abp.ng.audit-logging": "5.3.4", 
    "@volo/abp.ng.gdpr": "5.3.4", 
    "@volo/abp.ng.identity": "5.3.4", 
    "@volo/abp.ng.identity-server": "5.3.4", 
    "@volo/abp.ng.language-management": "5.3.4", 
    "@volo/abp.ng.saas": "5.3.4", 
    "@volo/abp.ng.text-template-management": "5.3.4", 
    "@volo/abp.ng.theme.lepton": "5.3.4" 
  } 

Hi muhammedaltug, thank you for your supporting. But it doesn't work as I added the code and deployed it to the develop environment.

Am I missing something?

Hi, is there any update? Please look at it, this is very urgent.

There's nothing wrong with the data/API, only the UI is getting this error. But since I can't access the component as it belongs to the framework core, I'm not able to figure out what caused it.

Hi maliming,

I've changed SecurityStampValidatorOptions as you suggestion as well as set IdentityServerDataSeedContributor to default as below:

                        ClientName = name,
                        ProtocolType = "oidc",
                        Description = name,
                        AlwaysIncludeUserClaimsInIdToken = true,
                        AllowOfflineAccess = true,
                        AbsoluteRefreshTokenLifetime = 31536000, //365 days
                        AccessTokenLifetime = 31536000, //365 days
                        AuthorizationCodeLifetime = 300,
                        IdentityTokenLifetime = 300,
                        RequireConsent = false,
                        FrontChannelLogoutUri = frontChannelLogoutUri,
                        RequireClientSecret = requireClientSecret,
                        RequirePkce = requirePkce,
                        AccessTokenType = (int) AccessTokenType.Reference

Unfortunately, nothing happened.

I read the article you suggested, it's OK but still doesn't really help as SecurityStampValidatorOptions and ExpireTimeSpan are only able to re-issue when a request is made after halfway through the interval. What if the last request is made before of that?

I also did some research about token here, but it seems to be not applicable in my case. So until now, it's all about trial and error.

As I tested, the only 2 properties that actually affect to token's expiration are AccessTokenLifetime and AbsoluteRefreshTokenLifetime. Here are the steps:

1. Set options.ExpireTimeSpan = TimeSpan.FromSeconds(10); to make sure the page will log-out after refresh token expires.
2. Set AccessTokenLifetime and AbsoluteRefreshTokenLifetime = 60s.
3. First, the access token will be issued when user logged-in with expires_in = 60.
4. After that, the refresh token is issued with the same expiration time. Then 60s later, the site automatically redirects to login page, regardless of whether the user is inactivity or not.