microsoft-authentication-library-for-js icon indicating copy to clipboard operation
microsoft-authentication-library-for-js copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Cache miss

Open vkt-kmd opened this issue 1 year ago • 5 comments
trafficstars

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.0.9

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

3.6.0

Public or Confidential Client?

Public

Description

Method getTenantFromAuthorityString (used to read cache) returns different value than Authority.tenant (used to store cache) results in missing cache. Those methods are used when token doesn't have tif or tfp or acr claims.

Error Message

No response

MSAL Logs

No response

MSAL Configuration

{ not relevant }

Relevant Code Snippets

not relevant

Reproduction Steps

  1. Token without tif, tfp, acr claims

Expected Behavior

Cache is hit when using fallback.

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome, Edge

Regression

No response

Source

External (Customer)

vkt-kmd avatar Mar 01 '24 12:03 vkt-kmd

To fix this issue, you can either downgrade your MSAL.js library to version 3.0.9 or update your code to handle the new Authority.tenant property. Here's an example of how you can update your code to handle the new property:

import { PublicClientApplication, Configuration } from '@azure/msal-browser';

const msalConfig: Configuration = { auth: { clientId: 'your-client-id', authority: 'https://your-authority-url', knownAuthorities: ['your-authority-url'], redirectUri: 'your-redirect-uri', }, cache: { cacheLocation: 'localStorage', storeAuthStateInCookie: false, }, };

const msalInstance = new PublicClientApplication(msalConfig);

// Check if the authority URL has a tenant ID if (msalConfig.auth.authority.includes('your-tenant-id')) { // Use the tenant ID from the authority URL const tenantId = msalConfig.auth.authority.split('/')[3]; } else { // Use the tenant ID from the Authority.tenant property const tenantId = msalConfig.auth.authority.tenant; }

By checking if the authority URL contains a tenant ID, you can use the appropriate tenant ID for your cache. This will ensure that your cache is hit when using the fallback method.

akyllus avatar Mar 02 '24 13:03 akyllus

I am not sure what should we do with that tenantid. Cache is handled by library itself.

Also version 3.0.9 of @azure/msal-browser doesn't exists image

vkt-kmd avatar Mar 04 '24 06:03 vkt-kmd

I tested overwriting Authority.tenant the [0] with .at(-1):

    public get tenant(): string {
        return this.canonicalAuthorityUrlComponents.PathSegments.at(-1)!;
    }

Works for me, however, I am not sure if there could be consequences.

ghost avatar Apr 29 '24 14:04 ghost

Any updates on this?

seawave23 avatar Apr 30 '24 08:04 seawave23

Thanks for raising this, looks like a potential bug on our end. Marked to track internally. cc @hectormmg

sameerag avatar May 07 '24 11:05 sameerag