Typescript sample doesn't work with MSAL 1.4.2

[aadhoc]

trafficstars

Library versions

• react-aad-msal: Current (2.3.5)
• msal: Current (1.4.2)

Describe the bug The typescript sample doesn't work with current v1.4.2 MSAL. Clicking on the redirect checkbox counts down, allows login via login.microsoftonline.com, then goes back to sample page with header saying "Welcome to the react-aad-msal sample", and nothing but white under the header. The Javascript console scrolls with MSAL output for several minutes before freezing the browser window. A good portion of the console output is pasted at bottom of this report.

Expected behavior Expected typescript sample to work in redirect mode.

To Reproduce Steps to reproduce the behavior:

1. Download github repo
2. Put the typescript sample into a Visual Studio 2019 project so it can be easily run with https on localhost https://github.com/syncweek-react-aad/react-aad/tree/master/samples/react-typescript
3. npm install
4. Set clientId and subscription in authProvider.
5. Ensure https://localhost:44300 is a valid Redirect URI in Azure.
6. Run the project
7. View https://localhost:44300
8. Click the redirect checkbox

Desktop (please complete the following information):

• Browser: Chrome
• Version 85.0.4183.121

Portion of console log (Identity guids obfuscated) [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose LoginRedirect has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose AcquireTokenInteractive has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Account set from MSAL Cache authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose ExtractADALIdToken has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Login call but no token found, proceed to login authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose AcquireTokenHelper has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Interaction type: redirectInteraction. isLoginCall: true authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose No cached metadata for authority authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Telemetry Event started: 4ea0d12c-f3e4-4373-ac54-22bfd3a6396c_9677ee2b-c4ed-41ca-91e9-ede2b5f95efa-msal.http_event authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Telemetry Event stopped: 4ea0d12c-f3e4-4373-ac54-22bfd3a6396c_9677ee2b-c4ed-41ca-91e9-ede2b5f95efa-msal.http_event authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Telemetry Event started: 4ea0d12c-f3e4-4373-ac54-22bfd3a6396c_763e0781-8bb9-4c63-a617-5b2293af20cc-msal.http_event authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Telemetry Event stopped: 4ea0d12c-f3e4-4373-ac54-22bfd3a6396c_763e0781-8bb9-4c63-a617-5b2293af20cc-msal.http_event authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Finished building server authentication request authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Updating cache entries authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Query parameters populated from account authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Interaction type redirect but login call is true. State not cached authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:03 GMT:1.4.2-Verbose Navigating window to urlNavigate Navigated to https://login.microsoftonline.com/228b7439-b611-4fed-8b27-0e01c8ab240c/oauth2/v2.0/authorize?response_type=id_token&scope=openid%20profile&client_id=82e95efb-44ee-119c-b4be-17ba87b4a609&redirect_uri=https%3A%2F%2Flocalhost%3A44300&state=eyJpZCI6Ime2ZWFhYTM1LTQ0STQtNGFlMS1iNzY1LTgzYTFmMmQzMTUxMCIsInRzEjoxNjAzMzIzMDY0LCJtZXRob2QiOjJyZWRpcmVjdEludGVyYWN3aW9uIn0%3D&nonce=aa6a9c62-6330-42d5-a7d8-210c06056eb2&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.2&client-request-id=4eb0d92c-f0e4-4373-eb81-22bfd6a6396c&response_mode=fragment OldConvergedLogin_PCore_fFtwwZpFwv7Xp1qQQ4qiQg2.js:36 [Violation] 'setTimeout' handler took 56ms Navigated to https://localhost:44300/ log.js:24 [HMR] Waiting for update signal from WDS... react-dom.development.js:24994 Download the React DevTools for a better development experience: https://fb.me/react-devtools authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose GetResponseState has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Hash contains state. Creating stateInfo object authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose State matches cached state, setting requestType to login authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Info Returned from redirect url authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose HandleRedirectAuthenticationResponse has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Window.location.hash cleared authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose GetResponseState has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Hash contains state. Creating stateInfo object authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose State matches cached state, setting requestType to login authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Default navigation to start page after login turned off authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Info ProcessCallBack has been called. Processing callback from redirect response authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose SaveTokenFromHash has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Info State status: true; Request type: LOGIN authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Server returns success authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Info State is right authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Fragment has session state, caching authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Info Fragment has idToken authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose PopulateAuthority has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Fragment has clientInfo authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Account object created from response authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose IdToken has nonce authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Nonce matches, saving idToken to cache authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose SaveIdToken has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Saving ID token to cache authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose New expiration set for token authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Status set to complete, temporary cache cleared authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Response tokenType set to id_token authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Setting redirectResponse authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose AcquireTokenSilent has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Telemetry Event started: e5f28fb9-944e-49b2-a31f-b39323b808bf_9447b3f3-68ab-43e0-8886-5d79f34d018f-msal.api_event authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Account set from MSAL Cache authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Response type: id_token authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Finished building server authentication request authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Query parameters populated from existing SSO or account authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose GetCachedToken has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Getting all cached tokens of type ID Token authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Evaluating ID token found authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose ID token expiration is within offset, using ID token found in cache authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose ID Token found in cache is valid and unexpired authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Getting all cached tokens of type Access Token authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose No matching tokens of type access_token found authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose No matching token found when filtering by scope and authority authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose GetUniqueAuthority has been called authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Single authority used, setting authorityInstance authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Token found in cache lookup authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Successfully acquired token authProvider.ts:6 [MSAL] Wed, 21 Oct 2020 23:31:11 GMT:1.4.2-Verbose Telemetry Event stopped: e5f21fb9-984e-4db2-a31f-b3912b808bf_9447b3f3-68ab-43e0-8666-5d79934d018f-msal.api_event

[aadhoc]

The MSAL output shown appears to be an infinite loop, BUT it appears to have worked!!

In Chrome Dev Tools, if I pause the script, the web page finally displays and shows that it DOES have an Authenticate ID Token, and no Errors are reported.

Also note that this happens with and without the policies: BlockThirdPartyCookies and DefaultPopupsSettings=2 (don't allow popups). I just posted a defect about those policies, and if this infinite loop can be resolved, it looks like it will probably work with those restrictive policies too!