Fix user state not updating during token refresh in OIDC with Keycloak and automaticSilentRenew: true configuration

ohif · October 16, 2023, 2:53pm

View in #ohif on Slack

@Shir: Hello,

I’ve observed a behavior in my application where, when using the OIDC configuration with Keycloak and automaticSilentRenew: true, the user state isn’t updated upon token refresh. This leads to authorization headers being sent with the old token, rather than the newly refreshed one.

Upon inspecting the code, I noticed in OpenIdConnectRoutes.tsx that in the redirect_uri route logic, there’s a call to userAuthenticationService.setUser(user). However, a similar call seems to be absent during the token refresh process.

To address this, I’ve implemented an event handler to ensure the user state is updated upon token renewal:
useEffect(() => {
    const userLoadedHandler = user => {
      console.log('New user loaded (or token renewed):', user);
      userAuthenticationService.setUser(user);
    };

    userManager.events.addUserLoaded(userLoadedHandler);

    // Cleanup on component unmount.
    return () => {
      userManager.events.removeUserLoaded(userLoadedHandler);
    };
  }, []);
Did I perhaps overlook something in my configuration, or is this user state update during silent renewal not present in the current codebase?

Thanks for your guidance!

@Alireza_Sedghi: which event is it?

@Shir: Im sorry I’m not sure what you refer to?

@Alireza_Sedghi: what event did you add

@Shir: In OpenIdConnectRoutes.tsx, I’ve set up an event listener using userManager.events.addUserLoaded(userLoadedHandler). This listens for the addUserLoaded event from the OIDC client. This specific event fires whenever a new user object is loaded, such as after a token refresh.

@Alireza_Sedghi: Hmm sounds correct, do you want to create a PR?

@Shir: Sure will do. thanks.

elawende · March 14, 2025, 11:07am

I take this PR has never been submitted or has not seen light of day. I have now submitted it as PR #4853.

andylinton · March 31, 2025, 4:08pm

Confirming that I am having what appears to be the same issue - when the viewer has been inactive for some time, pressing “back” to go to the patient list results in an error. Refreshing the page works. I’m also using Keycloak for authentication. Can I help test the update in the PR somehow?

Fix user state not updating during token refresh in OIDC with Keycloak and ﻿automaticSilentRenew: true configuration

Fix user state not updating during token refresh in OIDC with Keycloak and automaticSilentRenew: true configuration