Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CacheManager, not managing custom scopes? #7300

Closed
2 tasks
EenPOOL opened this issue Sep 9, 2024 · 3 comments
Closed
2 tasks

CacheManager, not managing custom scopes? #7300

EenPOOL opened this issue Sep 9, 2024 · 3 comments
Labels
adfs Related to ADFS bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@EenPOOL
Copy link

EenPOOL commented Sep 9, 2024
edited
Loading

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

2.38.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.5.10

Public or Confidential Client?

Public

Description

Setup:

  • ADFS 2019
  • Website & Api - part is configured
  • Login trigger: MsalGuard
  • Using the default MsalInterceptor

We do receive an access_token which is then used in the Authorization header
But the token is requested for each api call... => "@azure/msal-common@13.2.1 : Info - CacheManager:getIdToken - No token found"

Investigated the source code, in msal-common CacheManager.js (accessTokenKeyMatchesFilter function). The following is been checked:
CacheManager.js > accessTokenKeyMatchesFilter
image
Where the custom scope ("https://api-url.com/.default") should be included in the sessionStorage key, but only the "openid" scope has been cached?
sessionStorage keys:
image

The function accessTokenKeyMatchesFilter, does not allow to check on openid apparently.

Which is OK to me, but what about the custom scopes?

Error Message

CacheManager:getAccessToken - No token found

MSAL Logs


app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for standardInteractionClientGetDiscoveredAuthority added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Creating discovered authority with configured authority
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityResolveEndpointsAsync is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateCloudDiscoveryMetadata is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Attempting to get cloud discovery metadata in the config
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Found cloud discovery metadata in the config.
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateEndpointMetadata is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.setAuthorityMetadata called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for standardInteractionClientGetDiscoveredAuthority: 8.200000047683716 ms
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Authentication Scheme set to "Bearer" as configured in Auth request
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for silentCacheClientAcquireToken
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for silentCacheClientAcquireToken added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - initializeServerTelemetryManager called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for standardInteractionClientGetClientConfiguration is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getClientConfiguration called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for standardInteractionClientGetDiscoveredAuthority is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getDiscoveredAuthority called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for standardInteractionClientGetDiscoveredAuthority
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for standardInteractionClientGetDiscoveredAuthority added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Creating discovered authority with configured authority
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityResolveEndpointsAsync is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateCloudDiscoveryMetadata is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Attempting to get cloud discovery metadata in the config
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Found cloud discovery metadata in the config.
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateEndpointMetadata is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.setAuthorityMetadata called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for standardInteractionClientGetDiscoveredAuthority: 5.799999952316284 ms
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Silent auth client created
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getTokenKeys called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAccount called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-common@13.2.1 : Trace - CacheManager - getIdToken called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-common@13.2.1 : Info - CacheManager:getIdToken - Returning id token
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-common@13.2.1 : Trace - CacheManager - getAccessToken called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-common@13.2.1 : Info - CacheManager:getAccessToken - No token found
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-common@13.2.1 : Trace - CacheManager - getRefreshToken called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getRefreshTokenCredential: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-common@13.2.1 : Info - CacheManager:getRefreshToken - returning refresh token
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-common@13.2.1 : Info - SilentFlowClient:acquireCachedToken - No access token found in cache for the given properties.
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for silentCacheClientAcquireToken: 9180.900000095367 ms
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Info - Emitting event: msal:acquireTokenFromNetworkStart
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Verbose - Emitting event to callback 78543cf3-5e58-48b8-9ebc-18ce485a7635: msal:acquireTokenFromNetworkStart
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for acquireTokenByRefreshToken is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for silentRefreshClientAcquireToken is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for initializeBaseRequest is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Initializing BaseAuthRequest
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.getPreQueueTime: no pre-queue times found for correlationId: 565a1a29-4715-4b77-87e8-5db30739d21b, unable to add queue measurement
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getDiscoveredAuthority called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for standardInteractionClientGetDiscoveredAuthority
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for standardInteractionClientGetDiscoveredAuthority added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Creating discovered authority with configured authority
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityFactoryCreateDiscoveredInstance is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateCloudDiscoveryMetadata is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Attempting to get cloud discovery metadata in the config
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Found cloud discovery metadata in the config.
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateEndpointMetadata is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.setAuthorityMetadata called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for standardInteractionClientGetDiscoveredAuthority: 7.200000047683716 ms
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Authentication Scheme set to "Bearer" as configured in Auth request
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for silentRefreshClientAcquireToken
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for silentRefreshClientAcquireToken added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - initializeServerTelemetryManager called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for standardInteractionClientGetClientConfiguration is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getClientConfiguration called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getDiscoveredAuthority called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for standardInteractionClientGetDiscoveredAuthority
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for standardInteractionClientGetDiscoveredAuthority added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Creating discovered authority with configured authority
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityResolveEndpointsAsync is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Attempting to get cloud discovery metadata in the config
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host.
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Found cloud discovery metadata in the config.
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.setAuthorityMetadata called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for standardInteractionClientGetDiscoveredAuthority: 5.1000001430511475 ms
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Refresh token client created
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for refreshTokenClientAcquireTokenWithCachedRefreshToken is 0
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for refreshTokenClientAcquireTokenWithCachedRefreshToken
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for refreshTokenClientAcquireTokenWithCachedRefreshToken added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-common@13.2.1 : Verbose - RefreshTokenClientAcquireTokenWithCachedRefreshToken called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-common@13.2.1 : Trace - CacheManager - getRefreshToken called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getTokenKeys called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getRefreshTokenCredential: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-common@13.2.1 : Info - CacheManager:getRefreshToken - returning refresh token
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for refreshTokenClientAcquireTokenWithCachedRefreshToken: 5 ms
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for refreshTokenClientAcquireToken
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for refreshTokenClientAcquireToken added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-common@13.2.1 : Verbose - RefreshTokenClientAcquireToken called
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for refreshTokenClientExecuteTokenRequest
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for refreshTokenClientExecuteTokenRequest added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for baseClientCreateTokenRequestHeaders
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for baseClientCreateTokenRequestHeaders added/updated
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getServerTelemetry: called, no cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for baseClientCreateTokenRequestHeaders: 1.2000000476837158 ms
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getThrottlingCache: called, no cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:06:01 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getServerTelemetry: called, no cache hit
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:06:01 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for refreshTokenClientExecuteTokenRequest: 2135.5 ms
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:06:01 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Updating static fields
app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:06:01 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-common@13.2.1 : Verbose - Authority type is ADFS, creating ADFS account


Network Trace (Preferrably Fiddler)

  • Pending
  • Sent

MSAL Configuration

PublicClientApplication:
{
    auth: {
      clientId: "uri:myapplication.com/website",
      redirectUri: config.msalConfig.redirectUri,
      authority: "https://own-adfs-server.com/",
      knownAuthorities: "https://own-adfs-server.com/adfs/",
      postLogoutRedirectUri: "http://localhost:4200,
      protocolMode: ProtocolMode.OIDC,

    },
    cache: {
      cacheLocation: sessionStorage,
      storeAuthStateInCookie: false
    }
}

MsalInterceptorConfiguration:
protectedResourceMap.set("https://api-url.com", ["https://api-url.com/.default"])
{
    interactionType: InteractionType.Redirect,
    protectedResourceMap,
    authRequest: {
      authenticationScheme: AuthenticationScheme.BEARER
    }
}

MsalGuardConfiguration:
{
    interactionType: InteractionType.Redirect,
    authRequest: {
      scopes: ["https://api-url.com/.default"]
}

Relevant Code Snippets

providers: [
 {
      provide: HTTP_INTERCEPTORS,
      useClass: MsalInterceptor,
      multi: true
    },
    {
      provide: MSAL_INSTANCE,
      useFactory: MSALInstanceFactory
    },
    {
      provide: MSAL_GUARD_CONFIG,
      useFactory: MSALGuardConfigFactory
    },
    {
      provide: MSAL_INTERCEPTOR_CONFIG,
      useFactory: MSALInterceptorConfigFactory
    }
]

Reproduction Steps

  1. start angular app
  2. login triggered (redirect) => login on adfs
  3. do an api call (httpClient)
  4. log: CacheManager:getAccessToken - No token found
  5. post /token in network tab => grant_type: refresh_token

Expected Behavior

Following the logic
I would expect the let the sesstionStorage entry with scope openid to be reused.
Or that there would be a new sesstionStorage entry with the default scope (instead of openid)

Or is this really the inteded way of working?

Identity Provider

ADFS

Browsers Affected (Select all that apply)

Chrome, Firefox, Edge

Regression

No response

Source

External (Customer)
@EenPOOL EenPOOL added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Sep 9, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Sep 9, 2024
@github-actions github-actions bot added adfs Related to ADFS msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Sep 9, 2024
@sameerag
Copy link
Member

sameerag commented Sep 9, 2024

@EenPOOL Have you tried the same with 3.x? Please let us know if the issue is seen on the latest MSAL JS and we can follow up.

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Author Feedback Awaiting response from issue author and removed Needs: Attention 👋 Awaiting response from the MSAL.js team labels Sep 9, 2024
@EenPOOL
Copy link
Author

EenPOOL commented Sep 10, 2024

I have updated the packages, but still the same issue
"@azure/msal-angular": "^3.0.23",
"@azure/msal-browser": "^3.23.0",

Now I have found some logic... behind this issue, probably caused by ADFS
as the CacheManager will look at the response value, not what was originally requested
REQUEST
POST https://own-adfs-server.com/adfs/oauth2/token/
payload:
image

RESPONSE
image

ADFS is not returning the res:xyz/.default scope in the response
Which prevent reading the access_token from browser storage

I have monkey patched this behaviour by overriding the AuthorizationCodeClient async acquireToken
not the nicest fix, but it's working :)
image

Meanwhile we will see if ADFS could return the missing scope

@microsoft-github-policy-service microsoft-github-policy-service bot added Needs: Attention 👋 Awaiting response from the MSAL.js team and removed Needs: Author Feedback Awaiting response from issue author labels Sep 10, 2024
@sameerag
Copy link
Member

Yes, @EenPOOL msal js always caches and matches the response scopes. Thanks for the follow up. Closing the issue, let us know if you need it open.

@microsoft-github-policy-service microsoft-github-policy-service bot removed the Needs: Attention 👋 Awaiting response from the MSAL.js team label Sep 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
adfs Related to ADFS bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@EenPOOL @sameerag