Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The access token will not be retrieved from SessionStorage #7453

Open
2 tasks
simon-ittmann opened this issue Dec 6, 2024 · 2 comments
Open
2 tasks

The access token will not be retrieved from SessionStorage #7453

simon-ittmann opened this issue Dec 6, 2024 · 2 comments
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@simon-ittmann
Copy link

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.27.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

3.1.0

Public or Confidential Client?

Public

Description

The access token will not be retrieved from SessionStorage. It will be refreshed before each http call triggered by the msal interceptor.

network

Error Message

"authority": "https://xxx.b2clogin.com/xxx.onmicrosoft.com/B2C_1A_STDSignInOnlyMFA",

The access token from the Session Storage has realm=xxx.onmicrosoft.com, but the filter to find the correct cached token has realm=b2c_1a_stdsigninonlymfa. Thats why the cached token won't be taken and a new token will be loaded in each call.

MSAL Logs

provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - MSAL Interceptor activated
14:18:40.327 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Interceptor - getting scopes for endpoint
14:18:40.328 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
14:18:40.329 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccountKeys called
14:18:40.329 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccount called
14:18:40.330 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getTokenKeys called
14:18:40.330 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - CacheManager - getIdToken called
14:18:40.331 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
14:18:40.332 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: config
14:18:40.332 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: hardcoded_values
14:18:40.333 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata: did not find cloud discovery metadata in hardcoded_values
14:18:40.333 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Info - CacheManager:getIdToken - Returning ID token
14:18:40.334 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Interceptor - active account selected
14:18:40.335 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
14:18:40.335 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccountKeys called
14:18:40.336 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccount called
14:18:40.336 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getTokenKeys called
14:18:40.337 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - CacheManager - getIdToken called
14:18:40.337 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
14:18:40.338 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: config
14:18:40.338 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: hardcoded_values
14:18:40.338 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata: did not find cloud discovery metadata in hardcoded_values
14:18:40.339 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Info - CacheManager:getIdToken - Returning ID token
14:18:40.339 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Info - Interceptor - 1 scopes found for endpoint
14:18:40.340 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : @azure/[email protected] : Verbose - acquireTokenSilent called
14:18:40.340 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : @azure/[email protected] : Verbose - acquireTokenSilent called for the first time, storing active request
14:18:40.341 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenSilentAsync
14:18:40.341 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Emitting event to callback 01939c1e-5260-70c4-b21a-e3c8dc3cb2d5: msal:acquireTokenStart
14:18:40.342 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function initializeSilentRequest
14:18:40.342 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function initializeBaseRequest
14:18:40.343 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Authentication Scheme wasn't explicitly set in request, defaulting to "Bearer" request
14:18:40.343 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Returning result from initializeBaseRequest
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Returning result from initializeSilentRequest
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - isNativeAvailable called
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - isNativeAvailable: allowNativeBroker is not enabled, returning false
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - acquireTokenSilent - attempting to acquire token from web flow
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenFromCache
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function silentCacheClientAcquireToken
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - initializeServerTelemetryManager called
14:18:40.345 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function standardInteractionClientGetClientConfiguration
14:18:40.345 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function standardInteractionClientGetDiscoveredAuthority
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function authorityFactoryCreateDiscoveredInstance
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function authorityResolveEndpointsAsync
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function authorityUpdateCloudDiscoveryMetadata
14:18:40.347 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Attempting to get cloud discovery metadata from authority configuration
14:18:40.347 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.
14:18:40.347 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Found cloud discovery metadata in authority configuration
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from authorityUpdateCloudDiscoveryMetadata
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function authorityUpdateEndpointMetadata
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Attempting to get endpoint metadata from authority configuration
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Found endpoint metadata in the cache.
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from authorityUpdateEndpointMetadata
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.setAuthorityMetadata called
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from authorityResolveEndpointsAsync
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from authorityFactoryCreateDiscoveredInstance
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from standardInteractionClientGetDiscoveredAuthority
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Returning result from standardInteractionClientGetClientConfiguration
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Verbose - Silent auth client created
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Executing function silentFlowClientAcquireCachedToken
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getTokenKeys called
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - CacheManager - getAccessToken called
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccessTokenCredential: cache hit
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: config
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: hardcoded_values
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata: did not find cloud discovery metadata in hardcoded_values
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Info - CacheManager:getAccessToken - No token found
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : @azure/[email protected] : Info - Token refresh is required due to cache outcome: 2
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - Error occurred in silentFlowClientAcquireCachedToken
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : [email protected] : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Error occurred in silentCacheClientAcquireToken
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Error occurred in acquireTokenFromCache
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Verbose - Emitting event to callback 01939c1e-5260-70c4-b21a-e3c8dc3cb2d5: msal:acquireTokenFromNetworkStart
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenByRefreshToken
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/[email protected] : Trace - Executing function silentRefreshClientAcquireToken

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

{
  "auth": {
    "clientId": "x9a4f53d-12d7-4df1-bc59-5e76dbb2f5e1",
    "authority": "https://xxx.b2clogin.com/xxx.onmicrosoft.com/B2C_1A_STDSignInOnlyMFA",
    "redirectUri": "https://localhost:4201",
    "knownAuthorities": [
      "xxx.b2clogin.com"
    ]
  },
  "protectedResourceMap": {},
  "authRequest": {
    "scopes": [
      "https://xxx.onmicrosoft.com/api-test/all"
    ]
  }
}

Relevant Code Snippets

-

Reproduction Steps

1. After parsing the authority
msal-common/src/authority/Authorithy.ts -> tenant()
[0] "xxx.onmicrosoft.com" <----- will be taken as realm
[1] "b2c_1a_stdsigninonlymfa"

2. This realm xxx.onmicrosoft.com will be stored inside of the AccessTokenEntity in the SessionStorage

3. When retrieving the cached token from the SessionStorage, this realm will be taken for the filter
msal-common/src/authority/Authorithy.ts -> getTenantFromAuthorityString()
[0] "xxx.onmicrosoft.com"
[1] "b2c_1a_stdsigninonlymfa" <----- will be taken as realm

4. matchRealm always fails, so the token will never be taken from the cache
msal-common/src/cache/CacheManager.ts -> matchRealm()
"xxx.onmicrosoft.com" != "b2c_1a_stdsigninonlymfa"

Expected Behavior

The token call will only be triggered when the access token is invalid, otherwiese it will be taken from cache.

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome

Regression

@azure/msal-browser 3.0.2

@simon-ittmann simon-ittmann added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Dec 6, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Dec 6, 2024
@github-actions github-actions bot added b2c Related to Azure B2C library-specific issues msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Dec 6, 2024
@sonironak172
Copy link

I am having issue like, when user came back next day at that logged in time, API stuck in the token call and token is in pending state and web app is reloading and reloading after that popup appears like exit page and continue,

I am not using the B2C but b2b using
are you having the similar kind of issue?
image

@simon-ittmann
Copy link
Author

@sonironak172 I guess it is a different issue. My only issue is the token will be refreshed before each http call and is not taken from the cache. From the functionality everything is working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Development

No branches or pull requests

2 participants