Keep Me Signed In Not Working, x-ms-cpim-sso:{Id} Cookie Not Persisting #7288
Labels
b2c
Related to Azure B2C library-specific issues
bug-unconfirmed
A reported bug that needs to be investigated and confirmed
msal-browser
Related to msal-browser package
msal-react
Related to @azure/msal-react
Needs: Attention 👋
Awaiting response from the MSAL.js team
public-client
Issues regarding PublicClientApplications
question
Customer is asking for a clarification, use case or information.
Core Library
MSAL.js (@azure/msal-browser)
Core Library Version
^3.4.0
Wrapper Library
MSAL React (@azure/msal-react)
Wrapper Library Version
^2.0.7
Public or Confidential Client?
Public
Description
We are experiencing an issue where the user selects "Keep Me Signed In" (KMSI) when logging in. But the user is unable to get new tokens after 24 hours without interaction (acquiretokensilent VS acquiretokenredirect).
In the Microsoft documentation it is stated that the cookie used to persist the KMSI setting is called
x-ms-cpim-sso:{Id}
source: https://learn.microsoft.com/en-us/azure/active-directory-b2c/cookie-definitions
I verified that the token is being successfully stored in the browser:
The expiration date on the cookie is 90 days from today. However, when I close the browser and re-open, the cookie is no longer there. The fact that the cookie is getting deleted therefore is breaking the KMSI functionality. I have tested this in both Chrome and Edge.
Here are the SPA redirect URI's that we are using the in the app
We are using user flow
We have keep me signed in selected
Error Message
No response
MSAL Logs
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - useAccount - Updating account
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - useAccount - Updating account
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - Emitting event: msal:initializeStart
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - Emitting event: msal:initializeEnd
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - Emitting event: msal:handleRedirectStart
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - MsalProvider - msal:handleRedirectStart results in setting inProgress from startup to handleRedirect
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - useAccount - Updating account
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - useAccount - Updating account
jobs:1 GET https://(my-domain.com)/favicons/site.webmanifest 404 (Not Found)
site.webmanifest:1 Manifest: Line: 1, column: 1, Syntax error.
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - BrowserCacheManager: addTokenKey - idToken added to map
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - BrowserCacheManager: addTokenKey - refreshToken added to map
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - Emitting event: msal:loginSuccess
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - Emitting event: msal:handleRedirectEnd
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - MsalProvider - msal:handleRedirectEnd results in setting inProgress from handleRedirect to none
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - useAccount - Updating account
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - useAccount - Updating account
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - useAccount - Updating account
main.be3b1d23.js:2 GET https://(my-domain.com)/api/jobs/jobdetails 401 (Unauthorized)
(anonymous) @ main.be3b1d23.js:2
(anonymous) @ main.be3b1d23.js:2
xhr @ main.be3b1d23.js:2
HI @ main.be3b1d23.js:2
Promise.then (async)
request @ main.be3b1d23.js:2
QT.forEach.YI. @ main.be3b1d23.js:2
(anonymous) @ main.be3b1d23.js:2
makeGetRequest @ main.be3b1d23.js:2
getAPIResponseAsync @ main.be3b1d23.js:2
loadJobData @ main.be3b1d23.js:2
loadJobDataAsync @ main.be3b1d23.js:2
(anonymous) @ main.be3b1d23.js:2
ol @ main.be3b1d23.js:2
_c @ main.be3b1d23.js:2
cc @ main.be3b1d23.js:2
Wo @ main.be3b1d23.js:2
(anonymous) @ main.be3b1d23.js:2
Cc @ main.be3b1d23.js:2
ic @ main.be3b1d23.js:2
C @ main.be3b1d23.js:2
I @ main.be3b1d23.js:2
main.be3b1d23.js:2 Unauthorized, trying to get token and retrying request. Route: jobs/jobDetails
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - Emitting event: msal:acquireTokenStart
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getAccessToken - No token found
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getRefreshToken - returning refresh token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [3e0333b9-cdf7-4819-992f-b09dafa3560f] : @azure/msal-common@14.4.0 : Info - Token refresh is required due to cache outcome: 2
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - Emitting event: msal:acquireTokenFromNetworkStart
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getRefreshToken - returning refresh token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 GET https://(my-domain.com)/api/user/userrole 401 (Unauthorized)
(anonymous) @ main.be3b1d23.js:2
(anonymous) @ main.be3b1d23.js:2
xhr @ main.be3b1d23.js:2
HI @ main.be3b1d23.js:2
Promise.then (async)
request @ main.be3b1d23.js:2
QT.forEach.YI. @ main.be3b1d23.js:2
(anonymous) @ main.be3b1d23.js:2
makeGetRequest @ main.be3b1d23.js:2
getAPIResponseAsync @ main.be3b1d23.js:2
(anonymous) @ main.be3b1d23.js:2
(anonymous) @ main.be3b1d23.js:2
ol @ main.be3b1d23.js:2
_c @ main.be3b1d23.js:2
cc @ main.be3b1d23.js:2
Wo @ main.be3b1d23.js:2
(anonymous) @ main.be3b1d23.js:2
Cc @ main.be3b1d23.js:2
ic @ main.be3b1d23.js:2
C @ main.be3b1d23.js:2
I @ main.be3b1d23.js:2
main.be3b1d23.js:2 Unauthorized, trying to get token and retrying request. Route: User/UserRole
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - BrowserCacheManager: addTokenKey - accessToken added to map
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-browser@3.5.0 : Info - Emitting event: msal:acquireTokenSuccess
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:52 GMT] : [] : @azure/msal-react@2.0.7 : Info - useAccount - Updating account
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:55 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:55 GMT] : [] : @azure/msal-common@14.4.0 : Info - CacheManager:getIdToken - Returning id token
main.be3b1d23.js:2 [Tue, 03 Sep 2024 14:20:55 GMT] : [] : @azure/msal-react@2.0.7 : Info - useAccount - Updating account
Network Trace (Preferrably Fiddler)
MSAL Configuration
Relevant Code Snippets
in app.jsx, we wrap our /jobs route in a component we call .
here is the relevant code from RequireAuth
Here is the code from our API class that is responsible for getting a valid token and attaching it to network requests. After 24 hours, when a network request is made, the user is redirected to /notauthorized
If the users role is null, we we render a spinner, while the user is being redirected to B2C to sign in. You can see the scopes that are used to sign in from the MSAL Configuration above. Once the user comes back from being redirected to B2C, the user gets a token, which is then used to make an API call to get the role. Once the user has their role, they are let in to the app, which is rendered by {children}
Reproduction Steps
If you would like to reproduce this issue in our dev environment, please contact me and I will be able to get you access.
Expected Behavior
The expected behavior is that the cookie
x-ms-cpim-sso:{Id}
should not get deleted when the browser closes. it should stay in the cookies in the browser and allow the user to stay signed in for up to 90 days. What we are experiencing is that the user is again unable to retrieve a token after 24 hours without interaction.Identity Provider
Azure B2C Custom Policy
Browsers Affected (Select all that apply)
Chrome, Edge
Regression
No response
Source
External (Customer)
The text was updated successfully, but these errors were encountered: