Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The access token will not be retrieved from SessionStorage #7453

Open
2 tasks
simon-ittmann opened this issue Dec 6, 2024 · 2 comments
Open
2 tasks

The access token will not be retrieved from SessionStorage #7453

simon-ittmann opened this issue Dec 6, 2024 · 2 comments
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@simon-ittmann
Copy link

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.27.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

3.1.0

Public or Confidential Client?

Public

Description

The access token will not be retrieved from SessionStorage. It will be refreshed before each http call triggered by the msal interceptor.

network

Error Message

"authority": "https://xxx.b2clogin.com/xxx.onmicrosoft.com/B2C_1A_STDSignInOnlyMFA",

The access token from the Session Storage has realm=xxx.onmicrosoft.com, but the filter to find the correct cached token has realm=b2c_1a_stdsigninonlymfa. Thats why the cached token won't be taken and a new token will be loaded in each call.

MSAL Logs

provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-angular@3.1.0 : Verbose - MSAL Interceptor activated
14:18:40.327 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-angular@3.1.0 : Verbose - Interceptor - getting scopes for endpoint
14:18:40.328 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
14:18:40.329 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getAccountKeys called
14:18:40.329 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getAccount called
14:18:40.330 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getTokenKeys called
14:18:40.330 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - CacheManager - getIdToken called
14:18:40.331 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
14:18:40.332 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - getAliasesFromMetadata called with source: config
14:18:40.332 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - getAliasesFromMetadata called with source: hardcoded_values
14:18:40.333 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - getAliasesFromMetadata: did not find cloud discovery metadata in hardcoded_values
14:18:40.333 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Info - CacheManager:getIdToken - Returning ID token
14:18:40.334 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-angular@3.1.0 : Verbose - Interceptor - active account selected
14:18:40.335 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
14:18:40.335 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getAccountKeys called
14:18:40.336 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getAccount called
14:18:40.336 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getTokenKeys called
14:18:40.337 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - CacheManager - getIdToken called
14:18:40.337 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
14:18:40.338 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - getAliasesFromMetadata called with source: config
14:18:40.338 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - getAliasesFromMetadata called with source: hardcoded_values
14:18:40.338 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - getAliasesFromMetadata: did not find cloud discovery metadata in hardcoded_values
14:18:40.339 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Info - CacheManager:getIdToken - Returning ID token
14:18:40.339 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-angular@3.1.0 : Info - Interceptor - 1 scopes found for endpoint
14:18:40.340 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : @azure/msal-browser@3.27.0 : Verbose - acquireTokenSilent called
14:18:40.340 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : @azure/msal-browser@3.27.0 : Verbose - acquireTokenSilent called for the first time, storing active request
14:18:40.341 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Executing function acquireTokenSilentAsync
14:18:40.341 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Verbose - Emitting event to callback 01939c1e-5260-70c4-b21a-e3c8dc3cb2d5: msal:acquireTokenStart
14:18:40.342 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Executing function initializeSilentRequest
14:18:40.342 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Executing function initializeBaseRequest
14:18:40.343 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Verbose - Authentication Scheme wasn't explicitly set in request, defaulting to "Bearer" request
14:18:40.343 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Returning result from initializeBaseRequest
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Returning result from initializeSilentRequest
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - isNativeAvailable called
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - isNativeAvailable: allowNativeBroker is not enabled, returning false
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Verbose - acquireTokenSilent - attempting to acquire token from web flow
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Executing function acquireTokenFromCache
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Executing function silentCacheClientAcquireToken
14:18:40.344 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Verbose - initializeServerTelemetryManager called
14:18:40.345 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Executing function standardInteractionClientGetClientConfiguration
14:18:40.345 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Executing function standardInteractionClientGetDiscoveredAuthority
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Executing function authorityFactoryCreateDiscoveredInstance
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Executing function authorityResolveEndpointsAsync
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
14:18:40.346 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Executing function authorityUpdateCloudDiscoveryMetadata
14:18:40.347 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Verbose - Attempting to get cloud discovery metadata from authority configuration
14:18:40.347 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.
14:18:40.347 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Verbose - Found cloud discovery metadata in authority configuration
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Returning result from authorityUpdateCloudDiscoveryMetadata
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Executing function authorityUpdateEndpointMetadata
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Verbose - Attempting to get endpoint metadata from authority configuration
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.
14:18:40.348 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Verbose - Did not find endpoint metadata in hardcoded values... Attempting to get endpoint metadata from the network metadata cache.
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Verbose - Found endpoint metadata in the cache.
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Returning result from authorityUpdateEndpointMetadata
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.setAuthorityMetadata called
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Returning result from authorityResolveEndpointsAsync
14:18:40.349 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Returning result from authorityFactoryCreateDiscoveredInstance
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Returning result from standardInteractionClientGetDiscoveredAuthority
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Returning result from standardInteractionClientGetClientConfiguration
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Verbose - Silent auth client created
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Executing function silentFlowClientAcquireCachedToken
14:18:40.350 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getTokenKeys called
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - CacheManager - getAccessToken called
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - BrowserCacheManager.getAccessTokenCredential: cache hit
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - getAliasesFromMetadata called with source: config
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - getAliasesFromMetadata called with source: hardcoded_values
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Trace - getAliasesFromMetadata: did not find cloud discovery metadata in hardcoded_values
14:18:40.351 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-common@14.16.0 : Info - CacheManager:getAccessToken - No token found
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : @azure/msal-common@14.16.0 : Info - Token refresh is required due to cache outcome: 2
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - Error occurred in silentFlowClientAcquireCachedToken
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [01939c1f-58d4-71c5-b725-23b5a91d69fb] : msal.js.browser@3.27.0 : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Error occurred in silentCacheClientAcquireToken
14:18:40.352 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Error occurred in acquireTokenFromCache
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Verbose - Emitting event to callback 01939c1e-5260-70c4-b21a-e3c8dc3cb2d5: msal:acquireTokenFromNetworkStart
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Executing function acquireTokenByRefreshToken
14:18:40.353 provideInitialize.ts:95 [Fri, 06 Dec 2024 13:18:40 GMT] : [] : @azure/msal-browser@3.27.0 : Trace - Executing function silentRefreshClientAcquireToken

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

{
  "auth": {
    "clientId": "x9a4f53d-12d7-4df1-bc59-5e76dbb2f5e1",
    "authority": "https://xxx.b2clogin.com/xxx.onmicrosoft.com/B2C_1A_STDSignInOnlyMFA",
    "redirectUri": "https://localhost:4201",
    "knownAuthorities": [
      "xxx.b2clogin.com"
    ]
  },
  "protectedResourceMap": {},
  "authRequest": {
    "scopes": [
      "https://xxx.onmicrosoft.com/api-test/all"
    ]
  }
}

Relevant Code Snippets

-

Reproduction Steps

1. After parsing the authority
msal-common/src/authority/Authorithy.ts -> tenant()
[0] "xxx.onmicrosoft.com" <----- will be taken as realm
[1] "b2c_1a_stdsigninonlymfa"

2. This realm xxx.onmicrosoft.com will be stored inside of the AccessTokenEntity in the SessionStorage

3. When retrieving the cached token from the SessionStorage, this realm will be taken for the filter
msal-common/src/authority/Authorithy.ts -> getTenantFromAuthorityString()
[0] "xxx.onmicrosoft.com"
[1] "b2c_1a_stdsigninonlymfa" <----- will be taken as realm

4. matchRealm always fails, so the token will never be taken from the cache
msal-common/src/cache/CacheManager.ts -> matchRealm()
"xxx.onmicrosoft.com" != "b2c_1a_stdsigninonlymfa"

Expected Behavior

The token call will only be triggered when the access token is invalid, otherwiese it will be taken from cache.

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome

Regression

@azure/msal-browser 3.0.2
@simon-ittmann simon-ittmann added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Dec 6, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Dec 6, 2024
@github-actions github-actions bot added b2c Related to Azure B2C library-specific issues msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Dec 6, 2024
@sonironak172
Copy link

I am having issue like, when user came back next day at that logged in time, API stuck in the token call and token is in pending state and web app is reloading and reloading after that popup appears like exit page and continue,

I am not using the B2C but b2b using
are you having the similar kind of issue?
image

@simon-ittmann
Copy link
Author

@sonironak172 I guess it is a different issue. My only issue is the token will be refreshed before each http call and is not taken from the cache. From the functionality everything is working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
b2c Related to Azure B2C library-specific issues bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simon-ittmann @sonironak172