diff --git a/apps/red-ui/src/app/app.module.ts b/apps/red-ui/src/app/app.module.ts
index 648792c13..7f674df20 100644
--- a/apps/red-ui/src/app/app.module.ts
+++ b/apps/red-ui/src/app/app.module.ts
@@ -2,7 +2,7 @@ import { BrowserModule } from '@angular/platform-browser';
 import { APP_INITIALIZER, NgModule } from '@angular/core';
 
 import { AppComponent } from './app.component';
-import { RouterModule } from '@angular/router';
+import {ActivatedRoute, ActivatedRouteSnapshot, Router, RouterModule} from '@angular/router';
 import { BrowserAnimationsModule } from '@angular/platform-browser/animations';
 import { ReactiveFormsModule, FormsModule } from '@angular/forms';
 import { HTTP_INTERCEPTORS, HttpClient, HttpClientModule } from '@angular/common/http';
@@ -168,4 +168,20 @@ export function HttpLoaderFactory(httpClient: HttpClient) {
   bootstrap: [AppComponent]
 })
 export class AppModule {
+
+  constructor(private router: Router,private route: ActivatedRoute) {
+    route.queryParamMap.subscribe(queryParams=>{
+      if(queryParams.has('code') || queryParams.has('state') || queryParams.has('session_state')) {
+        this.router.navigate([], {
+          queryParams: {
+            'state': null,
+            'session_state': null,
+            'code': null,
+          },
+          queryParamsHandling: 'merge'
+        })
+      }
+    })
+
+  }
 }
diff --git a/apps/red-ui/src/app/auth/auth.guard.ts b/apps/red-ui/src/app/auth/auth.guard.ts
index d5c3459c8..044c09dce 100644
--- a/apps/red-ui/src/app/auth/auth.guard.ts
+++ b/apps/red-ui/src/app/auth/auth.guard.ts
@@ -4,7 +4,6 @@ import {Observable} from "rxjs";
 import {AuthConfig, OAuthService} from "angular-oauth2-oidc";
 import {AppConfigKey, AppConfigService} from "../app-config/app-config.service";
 import {map} from "rxjs/operators";
-import {JwksValidationHandler} from "angular-oauth2-oidc-jwks";
 import {UserService} from "../user/user.service";
 
 
@@ -24,8 +23,17 @@ export class AuthGuard implements CanActivate {
     this._configured = true;
     const authConfig = await this._createConfiguration().toPromise();
     this._oauthService.configure(authConfig);
-    this._oauthService.tokenValidationHandler = new JwksValidationHandler();
     this._oauthService.setupAutomaticSilentRefresh();
+
+
+    window['silentRefresh'] =() =>{
+      this
+        ._oauthService
+        .silentRefresh()
+        .then(info => console.debug('refresh ok', info))
+        .catch(err => console.error('refresh error', err));
+    };
+
     return this._oauthService.loadDiscoveryDocumentAndTryLogin();
   }
 
@@ -38,7 +46,9 @@ export class AuthGuard implements CanActivate {
   }
 
   private async _checkToken() {
-    const expired = this._oauthService.getAccessTokenExpiration() - new Date().getTime() < 0;
+    const timeLeft= ((this._oauthService.getAccessTokenExpiration() - new Date().getTime()) / 1000);
+    const expired = timeLeft < 60;
+
     if (!this._oauthService.getAccessToken() || expired) {
       this._oauthService.initLoginFlow();
       return false;
@@ -56,7 +66,8 @@ export class AuthGuard implements CanActivate {
         issuer: config[AppConfigKey.OAUTH_URL],
         redirectUri: window.location.origin,
         clientId: config[AppConfigKey.OAUTH_CLIENT_ID],
-        scope: 'openid',
+        scope: 'openid profile email offline_access',
+        responseType: 'code',
         showDebugInformation: true,
         silentRefreshRedirectUri: window.location.origin + '/assets/oauth/silent-refresh.html',
         useSilentRefresh: true,