microsoft-authentication-library-for-js icon indicating copy to clipboard operation
microsoft-authentication-library-for-js copied to clipboard
verified publisher icon AzureAD

Auth request is sent before each api call after update msal-browser from v3.5.0 to v3.6.0

Open mojesto opened this issue 1 year ago • 13 comments

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.10.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

3.0.13

Public or Confidential Client?

Public

Description

Access token is not used from cache, auth request is sent before each api call after update from msal-browser v3.5.0 to msal-browser v3.6.0

Error Message

No response

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

  • [ ] Sent
  • [ ] Pending

MSAL Configuration

{
    auth: {
      clientId: auth.clientId,
      authority: auth.authority,
      knownAuthorities: auth.knownAuthorities,
      redirectUri: auth.redirectUri,
      navigateToLoginRequestUrl: true,
      postLogoutRedirectUri: auth.logoutUri,
    },
    cache: {
      cacheLocation: BrowserCacheLocation.LocalStorage,
      storeAuthStateInCookie: isIE,
    },
    system: {
      loggerOptions: {
        loggerCallback,
        logLevel: LogLevel.Error,
        piiLoggingEnabled: false,
      },
    },
  }

Relevant Code Snippets

export function MSALGuardConfigFactory(auth: IAuthConfiguration): MsalGuardConfiguration {
  return {
    interactionType: InteractionType.Redirect,
    authRequest: {
      extraQueryParameters: auth.extraQueryParameters,
    },
  };
}

Reproduction Steps

If there are several api calls, auth request is sent to 'https://byoidpoc.b2clogin.com/...' before each of them

Expected Behavior

Auth request is sent once to 'https://byoidpoc.b2clogin.com/...' and uses cached value while access token is valid

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Chrome, Firefox, Edge

Regression

@azure/msal-browser 3.5.0

Source

External (Customer)

mojesto avatar Mar 13 '24 16:03 mojesto

The cacheLocation should be set to BrowserCacheLocation.LocalStorage or BrowserCacheLocation.SessionStorage, depending on your requirements. Also, verify that the storeAuthStateInCookie option is correctly configured based on your application's needs and the browser being used

Alijavedofficial avatar Mar 13 '24 16:03 Alijavedofficial

There was a known regression in 3.6/3.7, please update to the latest (3.10.0) and if the issue persists please provide trace level logs

tnorling avatar Mar 13 '24 17:03 tnorling

auth: { clientId: auth.clientId, authority: auth.authority, knownAuthorities: auth.knownAuthorities, redirectUri: auth.redirectUri, navigateToLoginRequestUrl: true, postLogoutRedirectUri: auth.logoutUri, }, cache: { cacheLocation: BrowserCacheLocation.LocalStorage, storeAuthStateInCookie: isIE, }, system: { loggerOptions: { loggerCallback: (level, message, containsPii) => { if (containsPii) { return; } switch (level) { case LogLevel.Error: console.error(message); return; case LogLevel.Info: console.info(message); return; case LogLevel.Verbose: console.debug(message); return; case LogLevel.Warning: console.warn(message); return; case LogLevel.Trace: console.trace(message); return; default: console.log(message); return; } }, logLevel: LogLevel.Trace, // Set to Trace for detailed logs piiLoggingEnabled: false, // Set to true if you need to log personal identifiable information (PII) }, },

Alijavedofficial avatar Mar 13 '24 17:03 Alijavedofficial

Trace level logs: trace-logs.txt

mojesto avatar Mar 13 '24 20:03 mojesto

This only contains Trace level logs - could you please share a set of logs that includes all levels? Thanks!

tnorling avatar Mar 14 '24 16:03 tnorling

Sure, all levels log is attached, thank you console-export.txt

mojesto avatar Mar 14 '24 18:03 mojesto

I see the same issue, here are the packages I installed


{

    "@azure/msal-angular": "^3.0.13",
    "@azure/msal-browser": "^3.10.0"
}

reboottime avatar Apr 10 '24 14:04 reboottime

Hi @tnorling we are experiencing the same issue. Could we get an update on this? This is a performance impact having to retrieve tokens before every call.

dboulet01 avatar Apr 10 '24 17:04 dboulet01

Based on the logs and when this started breaking this looks related to environment matching but I don't have enough detail to see what precisely is happening, nor does this repro with our own B2C sample/tenant. What would be really helpful is if you could check local/sessionStorage for your tokens and see what the "environment" property is. It should match the domain part of your authority url & what you pass to knownAuthorities.

tnorling avatar Apr 22 '24 21:04 tnorling

@tnorling this looks correct for our "environment" property and what we're using for authority url and passing into knownAuthorities. all match

dboulet01 avatar Apr 23 '24 05:04 dboulet01

@tnorling Yes, "environment" property matches the domain part of the authority url and what we pass to knownAuthorities.

mojesto avatar Apr 26 '24 10:04 mojesto

hmm ok are you able to reproduce with our sample? Or could you please share a link to a minimal reproduction?

tnorling avatar Apr 26 '24 22:04 tnorling

@mojesto This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.

microsoft-github-policy-service[bot] avatar May 02 '24 08:05 microsoft-github-policy-service[bot]