vue-msal icon indicating copy to clipboard operation
vue-msal copied to clipboard

Published 20 hours ago verified publisher icon mvertopoulos

null_or_empty_id_token errors on newer versions of msal

Open tbaart435 opened this issue 4 years ago • 5 comments

Vue-msal always targets the latest version of msal, according to its package.json. We didn't know this, so to our surprise, in a new release, our authentication suddenly broke without us changing anything to the authentication. This happened when opening our app, closing the tab, and then opening the app in a new tab again. It would give an authentication error, but it wouldn't reauthenticate automatically.

Turns out that the newer version of msal changed quite a bit in how the cookies and storage caches its data. In a new tab, this causes an error of null_or_empty_id_token if you were already logged in. This is because msal recognizes the user is logged in (it can find the account and access token in the cookie), but it can't access the session storage, as that is unique to every tab. It throws a null_or_empty_id_token, because it tries to look for the id token in the session storage.

This error type is not in the list of "requiresInteraction", so it will just silently fail, and won't try to log back in. We aren't sure if the problem is that this error should also require interaction, or if the problem is that the app shouldn't think it is logged in when you open a new tab. In other words, we aren't sure if this problem is in msal itself, or in the "requiresInteraction" method.

We solved this by manually resolving an old version of msal, but (for our own reasons) we would really like to use the latest version of msal. Not sure if there's a way for us to temporarily get around this issue, or if we should just wait for this to be fixed. Regardless, we thought it was worth adding this issue here, because as it is now, the interaction between msal and vue-msal seems to be a factor in this issue, even if it turns out that the root of the problem is in msal itself.

tbaart435 avatar Jul 27 '20 08:07 tbaart435

I confirm, version 3.2.0 of vue-msal doesn't work correctly with 1.3.3 of msla.js

bcourteaud avatar Jul 27 '20 11:07 bcourteaud

Could you give more details on the versions of msal and vue-msal you managed to make work together? I'm also experiencing issues regarding token retrieving from cookies, as well as this guy. Thanks for your insights.

cqueinnec avatar Nov 04 '20 03:11 cqueinnec

We're experiencing this issue as well. Is there any plan to fix this in the near future?

skrtech avatar Nov 20 '20 13:11 skrtech

@tbaart435 @zalken I suppose you are using "cacheLocation": "sessionStorage"? Have you ever tried switching to "localStorage"?

Tiiinky avatar Dec 03 '20 16:12 Tiiinky

I've always been using cacheLocation: 'localStorage'.

cqueinnec avatar Dec 03 '20 17:12 cqueinnec