react-aad icon indicating copy to clipboard operation
react-aad copied to clipboard

Published 20 hours ago verified publisher icon syncweek-react-aad

Token renewal operation failed due to timeout.

Open janandreschweiger opened this issue 5 years ago • 5 comments
trafficstars

Library versions)

  • react-aad-msal: 2.3.5 (latest) and 2.2.1
  • msal: 1.4.0 (latest) and 1.2.0

Describe the bug 1-10 minutes after the initial login, we and our clients get redirected to the Microsoft login screen. From there on the only way to login again is to delete the cookies. image

Additionally, the following error is logged multiple times to the console: MSAL Authentication Error! Error-Code: token_renewal_error | Error-Message: Token renewal operation failed due to timeout.

Interesting Notes

  1. Our react-msal setup worked fine for 5 months. Now from one day to another this error occurred. We didn't modify the code or change any package versions.
  2. We experience this issue primarily on Firefox. Still some of our clients have reported this issue for Chrome.
  3. We upgraded both packages to the latest versions, as noted at the beginning. The issue remains.

Our Setup: Our setup is almost the same as described in your documentation.

  1. We have a static served auth.html.
  2. We have added both http://localhost:3000 and http://localhost:3000/auth.html to the Redirect URLs.
  3. This is our msal configuration:
import { MsalAuthProvider, LoginType } from 'react-aad-msal';
import { Logger, LogLevel } from 'msal';

const origin = "http://localhost:3000";
const config = {
    auth: {
      authority: 'https://login.microsoftonline.com/' + tenant,
      clientId: clientId,
      postLogoutRedirectUri: origin,
      redirectUri: origin,
      validateAuthority: true,
      navigateToLoginRequestUrl: false
    },
    system: {
      logger: new Logger(
        (logLevel, message, containsPii) => {
          console.log(logLevel, message);
        {
          level: LogLevel.Warning,
          piiLoggingEnabled: false
        }
      )
    },
    cache: {
      cacheLocation: 'localStorage', // we also tried 'sessionStorage',
      storeAuthStateInCookie: false
    }
  };

  const authenticationParameters = {
    scopes: ['openid']
  };

  const options = {
    loginType: LoginType.Redirect,
    tokenRefreshUri: origin + "/auth.html"
  };

  return new MsalAuthProvider(config, authenticationParameters, options);  // provider
  1. Then we use the provider from above like this:
<AzureAD provider={provider} forceLogin>
  ...
</AzureAD>

Desktop:

  • OS: Ubuntu
  • Browser Firefox and Chrome
  • Version 80.0 (Firefox)

I am grateful for any help. :)

janandreschweiger avatar Sep 03 '20 16:09 janandreschweiger

I face the same error. Unfortunately, this problem makes my whole application useless. Any ideas on this?

ace-kay-law-neo avatar Sep 03 '20 16:09 ace-kay-law-neo

I am also facing this issue, it seems like this library is using MSAL v1 endpoint which utilizes iframe to renew the tokens now discouraged by modern browsers. for this MSAL.js v2.0 endpoint was introduced to resolve it. checkout https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow

htariq-nisum-com avatar Sep 03 '20 17:09 htariq-nisum-com

It's pretty weird. I haven't experienced this issue for one day. But now the token-renewal fails like before.

@AndrewCraswell could you please have a look on this?

ace-kay-law-neo avatar Sep 05 '20 06:09 ace-kay-law-neo

Should be resolved by #238

GraemeF avatar Sep 15 '20 07:09 GraemeF

@GraemeF thanks for your respond. It helped me a lot. Is there any way we can fix it ourselves or should we still wait for another update?

janandreschweiger avatar Sep 24 '20 07:09 janandreschweiger