fix: fix auto accessToken renew

apps/webui/package.json

@@ -63,8 +63,8 @@
     "input-otp": "^1.4.2",
     "jotai": "^2.12.5",
     "jotai-signal": "^0.9.0",
-    "lucide-react": "^0.514.0",
-    "oidc-client-rx": "0.1.0-alpha.9",
+    "lucide-react": "^0.515.0",
+    "oidc-client-rx": "0.1.0-alpha.12",
     "react": "^19.1.0",
     "react-day-picker": "9.7.0",
     "react-dom": "^19.1.0",

apps/webui/src/app/auth/guard.ts

@@ -1,16 +1,20 @@
 import type { RouterContext } from '@/infra/routes/traits';
+import type { ParsedLocation } from '@tanstack/react-router';
 import { firstValueFrom } from 'rxjs';
 import { authContextFromInjector } from './context';
 
 export const beforeLoadGuard = async ({
   context,
-}: { context: RouterContext }) => {
+  location,
+}: { context: RouterContext; location: ParsedLocation }) => {
   const { isAuthenticated$, authProvider } = authContextFromInjector(
     context.injector
   );
   if (!(await firstValueFrom(isAuthenticated$))) {
     const isAuthenticated = await firstValueFrom(
-      authProvider.autoLoginPartialRoutesGuard()
+      authProvider.autoLoginPartialRoutesGuard({
+        location,
+      })
     );
     if (!isAuthenticated) {
       throw !isAuthenticated;

apps/webui/src/infra/auth/auth.provider.ts

@@ -1,4 +1,5 @@
 import { InjectionToken } from '@outposts/injection-js';
+import type { ParsedLocation } from '@tanstack/react-router';
 import type { CheckAuthResultEventType } from 'oidc-client-rx';
 import { type Observable, map } from 'rxjs';
 import type { AuthMethodType } from './defs';
@@ -10,7 +11,9 @@ export abstract class AuthProvider {
   abstract authData$: Observable<any>;
   abstract getAccessToken(): Observable<string | undefined>;
   abstract setup(): void;
-  abstract autoLoginPartialRoutesGuard(): Observable<boolean>;
+  abstract autoLoginPartialRoutesGuard({
+    location,
+  }: { location: ParsedLocation }): Observable<boolean>;
   getAuthHeaders(): Observable<Record<string, string>> {
     return this.getAccessToken().pipe(
       map((accessToken) =>

apps/webui/src/infra/auth/oidc/config.ts

@@ -21,6 +21,8 @@ export function buildOidcConfig(): OpenIdConfiguration {
     logLevel: LogLevel.Warn,
     autoUserInfo: !resource,
     renewUserInfoAfterTokenRenew: !resource,
+    ignoreNonceAfterRefresh: !!resource,
+    renewTimeBeforeTokenExpiresInSeconds: 30,
     customParamsAuthRequest: {
       prompt: 'consent',
       resource,

apps/webui/src/infra/auth/oidc/oidc-auth.provider.ts

@@ -1,5 +1,6 @@
 import { injectInjector } from '@/infra/di/inject';
 import { inject, runInInjectionContext } from '@outposts/injection-js';
+import type { ParsedLocation } from '@tanstack/react-router';
 import {
   CHECK_AUTH_RESULT_EVENT,
   OidcSecurityService,
@@ -15,20 +16,8 @@ export class OidcAuthProvider extends AuthProvider {
   checkAuthResultEvent$ = inject(CHECK_AUTH_RESULT_EVENT);
   injector = injectInjector();
 
-  private setupSilentRenew() {
-    const parent = document.defaultView?.parent;
-    if (parent) {
-      const event = new CustomEvent('oidc-silent-renew-message', {
-        detail: document.defaultView?.location!,
-      });
-      parent.dispatchEvent(event);
-    }
-  }
-
   setup() {
-    this.oidcSecurityService.checkAuth().subscribe(() => {
-      this.setupSilentRenew();
-    });
+    this.oidcSecurityService.checkAuth().subscribe(() => {});
   }
 
   get isAuthenticated$() {
@@ -45,9 +34,9 @@ export class OidcAuthProvider extends AuthProvider {
     return this.oidcSecurityService.getAccessToken();
   }
 
-  autoLoginPartialRoutesGuard() {
+  autoLoginPartialRoutesGuard({ location }: { location: ParsedLocation }) {
     return runInInjectionContext(this.injector, () =>
-      autoLoginPartialRoutesGuard()
+      autoLoginPartialRoutesGuard(undefined, { url: location.href })
     );
   }
 }