microsoft-authentication-library-for-android icon indicating copy to clipboard operation
microsoft-authentication-library-for-android copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

AcqureTokenSilently gives old access token. Access token returned is from previous 2-3 days

Open FarazJelani opened this issue 2 years ago • 3 comments

Describe the bug Is your app live and in production or is this a development issue? Provide a clear and concise description of what the bug is.

Smartphone (please complete the following information):

  • Device: [e.g. Pixel, OnePlus 6, etc]
  • Android Version: [e.g. API Level, Build Number]
  • Browser [e.g. Chrome, Edge]
  • MSAL Version

Stacktrace If a crash occurs, include the stacktrace.

To Reproduce Steps to reproduce the behavior:

If related to user experience, use the format:

  1. Go to '...'
  2. Click on '....'
  3. Scroll down to '....'
  4. See error

If related to development, please provide relevant configuration details necessary to understand your problem including any relevant traces, logs, or otherwise.

Expected behavior A clear and concise description of what you expected to happen.

Actual Behavior A description of what actually happened.

Screenshots If applicable, add screenshots to help explain your problem.

Additional context Add any other context about the problem here.

Please note: Do not include sensitive information like PII, OII, credentials, secrets, and tokens.

For privacy/security issues please see instructions here

FarazJelani avatar Sep 23 '22 18:09 FarazJelani

Due to security issue, i cannot include the logs. Let me explain issue again. 1> User logged in successfully 2> Next time login happens via acquire token silently. This works fine some few days and then it returned access token 2 days back(by seeing, it already expired.)

FarazJelani avatar Sep 27 '22 13:09 FarazJelani

@FarazJelani Do you mean it is returning an expired access token?

negoe avatar Oct 10 '22 04:10 negoe

Yes, the access token was expired already. As we know it last for about 1 to 1.5 hrs. The access token was from past. i got a logs from one user on 10/06/2022 and while going through logs i came to know that its expiry time is 09/20/2022. She was calling acquire token silently.

FarazJelani avatar Oct 10 '22 05:10 FarazJelani

@FarazJelani Can you share the repro steps and the version of MSAL lib you are using?

negoe avatar Oct 17 '22 18:10 negoe

MSAL Version - 4.0.0 Reproducible steps:- 1> Acquire token interactively (first login). 2> Acquire token silently (consecutive login) 3> Returned expired token (after few days of login via acquire token silently)

FarazJelani avatar Oct 18 '22 11:10 FarazJelani

We created a hotfix and have released it in the September 2022 Broker release and should be distributed to 100% by end of October 2022.

negoe avatar Feb 27 '23 04:02 negoe