I currently have a hybrid Angular/AngularJS using the deprecated angular-auth0 package. In the process of upgrading to @auth0/auth0-angular, I noticed that the access token expiration is equal to the Maximum Access Token Lifetime (24 hours in our case), while angular-auth0 was equal to the Implicit / Hybrid Flow Access Token Lifetime (16 minutes in our case).
I would like the lifetime to use the implicit lifetime. How do I accomplish this?
I don’t want to change the Maximum Access Token Lifetime settings as we have several tenants and applications.
Old, angular-auth0 code:
handleAuthentication() {
return this.$q((resolve, reject) => {
this.angularAuth0.parseHash((err, authResult) => {
if (authResult && authResult.accessToken && authResult.idToken) {
this.localLogin(authResult);
resolve();
} else if (err) {
reject(err);
}
});
});
}
localLogin(authResult) {
this.localStorageFactory.set("auth", {
isLoggedIn: true,
expiresAt: authResult.expiresIn * 1000 + new Date().getTime() // 16 minutes from now
});
this.expiresAt = authResult.expiresIn * 1000 + new Date().getTime();
this.accessToken = authResult.accessToken;
this.idToken = authResult.idToken;
}
New auth0-angular code:
public async renewTokens() {
try {
this.accessToken = await firstValueFrom(this.auth0Service.getAccessTokenSilently());
const payloadBase64 = this.accessToken.split(".")[1];
const decodedPayload = JSON.parse(atob(payloadBase64));
this.localStorageFactory.set("auth", {
isLoggedIn: true,
expiresAt: DateTime.fromSeconds(decodedPayload.exp) // 24 hours from now
});
this.scheduleRenewTokens();
} catch (err) {
console.error("Error renewing tokens", err);
return this.auth0Service.loginWithRedirect();
}
}