The access token will not be retrieved from SessionStorage #7453
Labels
b2c
Related to Azure B2C library-specific issues
bug-unconfirmed
A reported bug that needs to be investigated and confirmed
msal-angular
Related to @azure/msal-angular package
msal-browser
Related to msal-browser package
Needs: Attention 👋
Awaiting response from the MSAL.js team
public-client
Issues regarding PublicClientApplications
question
Customer is asking for a clarification, use case or information.
Core Library
MSAL.js (@azure/msal-browser)
Core Library Version
3.27.0
Wrapper Library
MSAL Angular (@azure/msal-angular)
Wrapper Library Version
3.1.0
Public or Confidential Client?
Public
Description
The access token will not be retrieved from SessionStorage. It will be refreshed before each http call triggered by the msal interceptor.
Error Message
"authority": "https://xxx.b2clogin.com/xxx.onmicrosoft.com/B2C_1A_STDSignInOnlyMFA",
The access token from the Session Storage has realm=xxx.onmicrosoft.com, but the filter to find the correct cached token has realm=b2c_1a_stdsigninonlymfa. Thats why the cached token won't be taken and a new token will be loaded in each call.
MSAL Logs
provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - MSAL Interceptor activated
14:18:40.327 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Interceptor - getting scopes for endpoint
14:18:40.328 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
14:18:40.329 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccountKeys called
14:18:40.329 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccount called
14:18:40.330 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getTokenKeys called
14:18:40.330 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - CacheManager - getIdToken called
14:18:40.331 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
14:18:40.332 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: config
14:18:40.332 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: hardcoded_values
14:18:40.333 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata: did not find cloud discovery metadata in hardcoded_values
14:18:40.333 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Info - CacheManager:getIdToken - Returning ID token
14:18:40.334 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Interceptor - active account selected
14:18:40.335 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
14:18:40.335 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccountKeys called
14:18:40.336 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccount called
14:18:40.336 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getTokenKeys called
14:18:40.337 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - CacheManager - getIdToken called
14:18:40.337 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
14:18:40.338 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: config
14:18:40.338 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: hardcoded_values
14:18:40.338 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata: did not find cloud discovery metadata in hardcoded_values
14:18:40.339 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Info - CacheManager:getIdToken - Returning ID token
14:18:40.339 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Info - Interceptor - 1 scopes found for endpoint
14:18:40.340 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : @azure/[email protected] : Verbose - acquireTokenSilent called
14:18:40.340 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : @azure/[email protected] : Verbose - acquireTokenSilent called for the first time, storing active request
14:18:40.341 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenSilentAsync
14:18:40.341 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Emitting event to callback 01939c1e-5260-70c4-b21a-e3c8dc3cb2d5: msal:acquireTokenStart
14:18:40.342 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function initializeSilentRequest
14:18:40.342 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function initializeBaseRequest
14:18:40.343 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Authentication Scheme wasn't explicitly set in request, defaulting to "Bearer" request
14:18:40.343 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Returning result from initializeBaseRequest
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Returning result from initializeSilentRequest
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - isNativeAvailable called
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - isNativeAvailable: allowNativeBroker is not enabled, returning false
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - acquireTokenSilent - attempting to acquire token from web flow
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenFromCache
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function silentCacheClientAcquireToken
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - initializeServerTelemetryManager called
14:18:40.345 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function standardInteractionClientGetClientConfiguration
14:18:40.345 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function standardInteractionClientGetDiscoveredAuthority
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function authorityFactoryCreateDiscoveredInstance
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function authorityResolveEndpointsAsync
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function authorityUpdateCloudDiscoveryMetadata
14:18:40.347 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Attempting to get cloud discovery metadata from authority configuration
14:18:40.347 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.
14:18:40.347 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Found cloud discovery metadata in authority configuration
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from authorityUpdateCloudDiscoveryMetadata
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function authorityUpdateEndpointMetadata
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Attempting to get endpoint metadata from authority configuration
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Found endpoint metadata in the cache.
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from authorityUpdateEndpointMetadata
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.setAuthorityMetadata called
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from authorityResolveEndpointsAsync
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from authorityFactoryCreateDiscoveredInstance
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from standardInteractionClientGetDiscoveredAuthority
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from standardInteractionClientGetClientConfiguration
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Silent auth client created
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function silentFlowClientAcquireCachedToken
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getTokenKeys called
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - CacheManager - getAccessToken called
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccessTokenCredential: cache hit
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: config
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: hardcoded_values
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata: did not find cloud discovery metadata in hardcoded_values
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Info - CacheManager:getAccessToken - No token found
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : @azure/[email protected] : Info - Token refresh is required due to cache outcome: 2
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Error occurred in silentFlowClientAcquireCachedToken
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Error occurred in silentCacheClientAcquireToken
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Error occurred in acquireTokenFromCache
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Emitting event to callback 01939c1e-5260-70c4-b21a-e3c8dc3cb2d5: msal:acquireTokenFromNetworkStart
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenByRefreshToken
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function silentRefreshClientAcquireToken
Network Trace (Preferrably Fiddler)
MSAL Configuration
Relevant Code Snippets
-
Reproduction Steps
1. After parsing the authority
msal-common/src/authority/Authorithy.ts -> tenant()
[0] "xxx.onmicrosoft.com" <----- will be taken as realm
[1] "b2c_1a_stdsigninonlymfa"
2. This realm xxx.onmicrosoft.com will be stored inside of the AccessTokenEntity in the SessionStorage
3. When retrieving the cached token from the SessionStorage, this realm will be taken for the filter
msal-common/src/authority/Authorithy.ts -> getTenantFromAuthorityString()
[0] "xxx.onmicrosoft.com"
[1] "b2c_1a_stdsigninonlymfa" <----- will be taken as realm
4. matchRealm always fails, so the token will never be taken from the cache
msal-common/src/cache/CacheManager.ts -> matchRealm()
"xxx.onmicrosoft.com" != "b2c_1a_stdsigninonlymfa"
Expected Behavior
The token call will only be triggered when the access token is invalid, otherwiese it will be taken from cache.
Identity Provider
Azure B2C Custom Policy
Browsers Affected (Select all that apply)
Chrome
Regression
@azure/msal-browser 3.0.2
The text was updated successfully, but these errors were encountered: