Azure OpenId Access Token Expired but UD Session still active

I just received this error when trying to use the access token provided by the Azure OpenId Auth.

Seems the Azure token is expiring, but the UD Session is still active. Any way to have/force UD to re-authenticate?

Hmmm not at the moment. Seems like we need a way to request a refresh on the token. I’ll have to look into it and figure out if we need to introduce a cmdlet to do this. I think for the time being you’ll have to do any Invoke-UDRedirect to the /sign-out route and I think that will force a reauthentication.

so using signout does sign me out requiring me to log back in (using /signout not /sign-out), but first it takes me to /login-page which shows a JSON object. I need to remove the -page from /login-page then it will redirect to the Microsoft auth page.

I think we might need a cmdlet for this. Would you like me to open a bug on GitHub?

Bummer. Yep looks like we need one. Please open an issue. One more thing you can try until we get a proper cmdlet:

Invoke-UDJavaScript "$.get('/signout')" 
Start-Sleep 1
Invoke-UDRedirect "/login"

thanks Adam. I haven’t used the UDJavascript cmdlet before and when I paste in your code from above I get this error in the browser console. is there something else I need to define?

Hi @mylabonline

Invoke-UDJavaScript is new in 2.8, and is basically… “eval $javascript”
IE: any string you pass to the function will be executed clientside as javascript.
Sadly, you cannot run JQuery functions here i believe, without loading the required JQuery scripts.

Try this:

Invoke-UDJavaScript  'var Http = new XMLHttpRequest();
   var url = "/signout";
   Http.Open("GET", url);
   Http.send();'

Should work :slight_smile:

Thanks @BoSen29

I tried your Invoke-UDJavaScript from above and I get a similar error - and I am running 2.8.0

Apologies @mylabonline
The “o” in “Http.open” is case sensitive, and needs to be a lower case “o” :-/

Sorry for freehanding it :open_mouth:

Yup that did the trick. no worries on the sensitivity of the case, I was just searching around and saw other references of .open :slight_smile:

I need to start working on my Javascript skills.

So the code that im testing with now is

Invoke-UDJavaScript -JavaScript 'var Http = new XMLHttpRequest();
var url = "/signout";
Http.open("GET", url);
Http.send()'
Start-Sleep 1
Invoke-UDRedirect -Url "/"

Adam had /login in the UDRedirect but the Login page is undesirable - so I changed it to / which seems to be working quite nicely, I will continue to play around with it.

But as always, thank you!!

1 Like

done - https://github.com/ironmansoftware/universal-dashboard/issues/1405

2 Likes

Javascript is a pain no matter what…
Powerful, but unforgiving with typos.

Awesome!
Might have to implement the same once i get my oAuth v2 working on my side.

1 Like

Are there any updates on this? I’ve run into the same problem. Even when I’m signing out it’s holding onto the token still too.

@mylabonline did you manage to get it to do a logout when the token expires? If you did, would it be possible to share how you were able to check for the token expiration time to be able to know when to redirect to the sign out page?

Thanks :slight_smile:

I am continuing to use the Invoke-UDJavaScript workaround - Works as expected.

So when I try and make an API call to Azure RM using the token, and the response is from the API is 401 Unauthorized (due to token expiring) I do a catch then call the below function that invokes the signout using Javascript

function Invoke-UDLogout {

    param ($Url)

    Invoke-UDJavaScript -JavaScript 'var Http = new XMLHttpRequest();

    var url = "/signout";

    Http.open("GET", url);

    Http.send()'

    Start-Sleep 1

    Invoke-UDRedirect -Url $Url

}

The URL I sent to the function is the base URL of your Dashboard

1 Like

Excellent thank you, that’s really helpful :smiley: :+1: