Token lifetime angular-auth0 vs @auth0/auth0-angular

I currently have a hybrid Angular/AngularJS using the deprecated angular-auth0 package. In the process of upgrading to @auth0/auth0-angular, I noticed that the access token expiration is equal to the Maximum Access Token Lifetime (24 hours in our case), while angular-auth0 was equal to the Implicit / Hybrid Flow Access Token Lifetime (16 minutes in our case).

I would like the lifetime to use the implicit lifetime. How do I accomplish this?

I don’t want to change the Maximum Access Token Lifetime settings as we have several tenants and applications.

Old, angular-auth0 code:

    handleAuthentication() {
        return this.$q((resolve, reject) => {
            this.angularAuth0.parseHash((err, authResult) => {
                if (authResult && authResult.accessToken && authResult.idToken) {
                    this.localLogin(authResult);
                    resolve();
                } else if (err) {
                    reject(err);
                }
            });
        });
    }

    localLogin(authResult) {
        this.localStorageFactory.set("auth", {
            isLoggedIn: true,
            expiresAt: authResult.expiresIn * 1000 + new Date().getTime() // 16 minutes from now
        });
        this.expiresAt = authResult.expiresIn * 1000 + new Date().getTime();
        this.accessToken = authResult.accessToken;
        this.idToken = authResult.idToken;
    }

New auth0-angular code:

    public async renewTokens() {
        try {
            this.accessToken = await firstValueFrom(this.auth0Service.getAccessTokenSilently());
            const payloadBase64 = this.accessToken.split(".")[1];
            const decodedPayload = JSON.parse(atob(payloadBase64));

            this.localStorageFactory.set("auth", {
                isLoggedIn: true,
                expiresAt: DateTime.fromSeconds(decodedPayload.exp) // 24 hours from now
            });
            this.scheduleRenewTokens();
        } catch (err) {
            console.error("Error renewing tokens", err);
            return this.auth0Service.loginWithRedirect();
        }
    }

Hey there @dapp3rdand3v welcome to the community.

Unfortunately because the auth0-angular uses the authorization code flow as opposed to hybrid or implicit the access token lifetime will default to that of the Maximum Access Token Lifetime - The only way I really seeing being able to work around this would be to use a separate API in Auth0 with the desired lifetime. I’m not sure if this is feasible in your environment or not.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.