+ Start a Discussion

renew access token in angular cli (web browser) (either with or without refresh token)


I have implemented an angular cli app which is currently running in localhost and I have several connections to Salesforce instances. I am using oauth2 to authorize the app. Currently I am getting the refresh token to the app and when the access token expires I renew it with the refresh token.
Here I hit a CORS issues:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://login.salesforce.com/services/oauth2/token. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
The funny thing is that I can see in the network tab that it makes the call and it returns me the new access token but in the console I get error:
ERROR_HTTP_400: Access Declined

I am using jsforce with the proxyUrl setting for the connection but still getting the error.
I get the same error if I make a direct http call and not using jsforce.
It works for other authenticated calls, in those I don't get the CORS issue.

Any idea how to fix this ?

If I don't have the refresh token (implicit flow), how do I renew the access token ? It would be better not to have the refresh token in the browser but I couldn't figure out any other way of getting a new access token when it expires.

Does Salesforce support silent authentication like described here: https://www.scottbrady91.com/OpenID-Connect/Silent-Refresh-Refreshing-Access-Tokens-when-using-the-Implicit-Flow