diff --git a/lib/keycloak.d.ts b/lib/keycloak.d.ts index daa75f0..d120385 100644 --- a/lib/keycloak.d.ts +++ b/lib/keycloak.d.ts @@ -112,8 +112,10 @@ export interface KeycloakInitOptions { idToken?: string; /** - * Set an initial value for skew between local time and Keycloak server in - * seconds (only together with `token` or `refreshToken`). + * Set an initial value for skew between local and Keycloak server time (in + * seconds). This is also used to determine whether the initial + * token is still valid (only together with `token` or `refreshToken`). + * @default 60 */ timeSkew?: number; @@ -433,11 +435,11 @@ declare class Keycloak { idTokenParsed?: KeycloakTokenParsed; /** - * The estimated time difference between the browser time and the Keycloak - * server in seconds. This value is just an estimation, but is accurate + * The estimated time difference between the browser and the Keycloak + * server time (in seconds). This value is just an estimation, but is accurate * enough when determining if a token is expired or not. */ - timeSkew?: number; + timeSkew: number; /** * Whether the instance has been initialized by calling `.init()`. diff --git a/lib/keycloak.js b/lib/keycloak.js index e25c7f0..2cb0927 100755 --- a/lib/keycloak.js +++ b/lib/keycloak.js @@ -129,9 +129,7 @@ function Keycloak (config) { kc.flow = initOptions.flow; } - if (initOptions.timeSkew != null) { - kc.timeSkew = initOptions.timeSkew; - } + kc.timeSkew = initOptions.timeSkew ?? 60; if(initOptions.redirectUri) { kc.redirectUri = initOptions.redirectUri; @@ -299,7 +297,7 @@ function Keycloak (config) { }); }); } else { - kc.updateToken(-1).then(function() { + kc.updateToken().then(function() { kc.onAuthSuccess && kc.onAuthSuccess(); initPromise.setSuccess(); }).catch(function(error) { @@ -603,11 +601,6 @@ function Keycloak (config) { throw 'Not authenticated'; } - if (kc.timeSkew == null) { - logInfo('[KEYCLOAK] Unable to determine if token is expired as timeskew is not set'); - return true; - } - var expiresIn = kc.tokenParsed['exp'] - Math.ceil(new Date().getTime() / 1000) + kc.timeSkew; if (minValidity) { if (isNaN(minValidity)) { @@ -987,17 +980,15 @@ function Keycloak (config) { kc.timeSkew = Math.floor(timeLocal / 1000) - kc.tokenParsed.iat; } - if (kc.timeSkew != null) { - logInfo('[KEYCLOAK] Estimated time difference between browser and server is ' + kc.timeSkew + ' seconds'); + logInfo('[KEYCLOAK] Estimated time difference between browser and server is ' + kc.timeSkew + ' seconds'); - if (kc.onTokenExpired) { - var expiresIn = (kc.tokenParsed['exp'] - (new Date().getTime() / 1000) + kc.timeSkew) * 1000; - logInfo('[KEYCLOAK] Token expires in ' + Math.round(expiresIn / 1000) + ' s'); - if (expiresIn <= 0) { - kc.onTokenExpired(); - } else { - kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn); - } + if (kc.onTokenExpired) { + var expiresIn = (kc.tokenParsed['exp'] - (new Date().getTime() / 1000) + kc.timeSkew) * 1000; + logInfo('[KEYCLOAK] Token expires in ' + Math.round(expiresIn / 1000) + ' s'); + if (expiresIn <= 0) { + kc.onTokenExpired(); + } else { + kc.tokenTimeoutHandle = setTimeout(kc.onTokenExpired, expiresIn); } } } else {