AngularJS SPA. Our app.js contains call to webAuth.renewAuth.
We are using webAuth.redirect.loginWithCredentials & webAuth.renewAuth in parallel to achieve SSO with two applications with same clientID.
The issue occurs when user is logged out. On the login page -
that.login = function (email, password, loginRedirect) {
var deferred = $q.defer();
webAuth.redirect.loginWithCredentials({
connection: CONFIG_CONSTANTS.AUTH0_CONNECTION,
responseType: 'token',
username: email,
password: password,
scope: 'openid email',
redirectUri: loginRedirect
}, function (err, res) {
if (err) {
deferred.reject(err);
} else {
deferred.resolve(res);
}
});
After this call we get a callback with the token. We ignore this token. At this point the application reloads, in app.js a call is made to webAuth.renewAuth -
webAuth.renewAuth({
redirectUri: window.location.origin + '/silent-auth0-callback.html',
responseType: 'token',
responseMode: 'fragment',
scope: 'openid email'
}, function (err, res) { ... // }
Note: usePostMessage: true //this is not used.
Which results in the following error -
Object {error: "invalid_token", errorDescription: "The token was issued in the future. Please check your computed clock."}
error
:
"invalid_token"
errorDescription
:
"The token was issued in the future. Please check your computed clock."
__proto__
:
Object
Now if we refresh the page - webAuth.renewAuth does not throw this error and user is logged in. But if we enter user id & password again, this happens again.
silent-auth0-callback.html page source -
<!DOCTYPE html>
<html>
<head>
<script src="https://cdn.auth0.com/js/auth0/8.5.0/auth0.min.js"></script>
<script type="text/javascript">
var webAuth = new auth0.WebAuth({
domain: parent.AUTH0_DOMAIN,
clientID: parent.AUTH0_CLIENT_ID
});
var result = webAuth.parseHash(window.location.hash, function(err, data) {
parent.postMessage(err || data, window.location.origin);
});
</script>
</head>
<body></body>
</html>