We use IdentityServer4 as our IDP. We also have an SSOLifetime set meaning that the user needs to re-authenticate after X amount of time.

The silent refresh works perfectly, except when it tries to refresh after passing the SSO expiration. It will redirect to the SessionLost component like expected, but then it will completely spam the connect/token endpoint.

The error in appinsight is simply that the refresh token is invalid, as expected since when the IDP logs you out, it also revokes all your tokens.

First, everything goes well, the first refresh works:

But then, once it tries to refresh after the SSO expires:

It seems to be stuck in a loop of begin > error

Configuration is nothing special:

Expected Behavior:
I would expect once we hit the SessionLost component that we either wait for a refresh of the browser to retrigger the flow, or query the connect endpoint at a set interval, but not crazy fast like it does right now.

Not exactly sure why it's looping like such, was hoping you'd have more insight.

Thank you!