search

AzureAD / azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/adal-angular
Apache License 2.0
627 stars 372 forks source link

Token renewal operation failed due to timeout & User login required errors #703

Closed dvm-2k1 closed 6 years ago

dvm-2k1 commented 6 years ago

Hi All,

We are getting "Token renewal operation failed due to timeout" error when we tried to consume AAD authentication and authorization enabled WebAPI service from our SharePoint Site. This error comes every time when we browse our SharePoint site and it comes when at authContext.acquireToken() method even when we get user details when called var user = authContext.getCachedUser();.

We also get "User login required" error when authContext.getCachedUser(); returns null user even when user was authenticated to our SharePoint site.

We referred to following link https://github.com/AzureAD/azure-activedirectory-library-for-js/issues/391, but there was no concrete solution provided in that thread hence opening up this new thread for follow up on these issues.... Please let us know solutions about how to fix these errors in order to consume our AAD authorization based WebAPIs from SharePoint application.

rohitnarula7176 commented 6 years ago

@dvm-2k1 The above error can be caused due to a number of reasons such as not receiving the redirect response within the specified time interval of 6 seconds, specifying an invalid redirectUri for your app, calling acquireToken without a signed in user, etc. Can you please attach the fiddler trace for the issue. It will be great if you could create a repo for your code that I can run and compile.

dvm-2k1 commented 6 years ago

@rohitnarula7176, thanks for your response. This is a SharePoint WebPart javascript code which is provided below...

`var isErrorMessageDislpayed = false; function defer(method) { if (window.jQuery) { method(); } else { setTimeout(function () { getServiceApiResults(method) }, 50); } } //Binds results onto the page function bindAPIResults(Results) { var RelatedTermsSection = ""; if(Results.length > 0) { RelatedTermsSection = "

Related Searches :"; $(Results).each(function (index) { if (index != Results.length - 1) RelatedTermsSection = RelatedTermsSection + "" + Results[index] + ","; else RelatedTermsSection = RelatedTermsSection + "" + Results[index] + "
"; }); } else { isErrorMessageDislpayed = true; RelatedTermsSection = "
No results found.";
} $("#Result ").children("#UpScopeLinkTop").after(RelatedTermsSection); }

getServiceApiResults(function () {
if(isErrorMessageDislpayed) { return; } 

function getQueryValue(url) {
        var query = '';
        if (url.indexOf("k=") > -1) {
            var queryIndex = window.location.href.lastIndexOf('k=') + 2;
            var slice = window.location.href.substring(queryIndex);
            if (slice.indexOf("#") > -1) {
                query = slice.substring(0, slice.indexOf("#"));
            }
            else {
                query = slice;
            }
        }
        return query;
    }

function getRelatedTermsFromAPI(KeyWord) {                       
        var endpointUrl = '<end point url>';
        var webAPIUrl = '<web api url>' + KeyWord;
        //ADAL Configuration
        window.config = {
            instance: 'https://login.microsoftonline.com/',
            tenant: 'microsoft.onmicrosoft.com',
            clientId: '<Your Api Client Id>',
            postLogoutRedirectUri: window.location.origin,
            endpoints: {endpointUrl},                
            cacheLocation: 'localStorage' // enable this for IE, as sessionStorage does not work for localhost.
        };
        var authContext = new AuthenticationContext(config);
        // Check For & Handle Redirect From AAD After Login
        var isCallback = authContext.isCallback(window.location.hash);
        authContext.handleWindowCallback();
        if (isCallback && !authContext.getLoginError()) {
            window.location = authContext._getItem(authContext.CONSTANTS.STORAGE.LOGIN_REQUEST);
        }
        // If not logged in force login
        var user = authContext.getCachedUser();
        if (user) {
            // Logged in already
            console.log(user);
        }
        else {
            // NOTE: you may want to render the page for anonymous users and render
            // a login button which runs the login function upon click.
            authContext.login();
        }
        // Acquire token for Files resource.
        var authToken = '';
        authContext.acquireToken(window.config.clientId, function (error, token) {
            // Handle ADAL Errors.
            if (error || !token) {
                var adalError = 'ADAL error occurred: ' + error;
                //alert(adalError);
                console.log(adalError);
                return;
            }
            console.log(token);                
            getAPIResults(token);                     
        }); //acquire token end
        function getAPIResults(authToken) {
            if (authToken) {
                $.ajax({
                    type: "GET",
                    crossDomain: true,
                    url: webAPIUrl,
                    //async:false,
                    contentType: "application/json;",
                    headers: {
                        'Authorization': 'Bearer ' + authToken,
                    },
                }).done(function (response) {
                    alert('Successfully called API.');
                    console.log('Successfully called API.');
                    console.log(response);
                    bindAPIResults(response);
                }).fail(function (jqXHR, textStatus, errorThrown) {
                    //alert("Calling API failed");
                    console.log('Calling API failed');
                    var title, message;
                    console.log("Status Code" + jqXHR.status);
                    console.log(" Error: " + jqXHR.responseJSON);
                    switch (jqXHR.status) {
                        case 403:
                            title = jqXHR.responseJSON.errorSummary;
                            message = 'Please login before running the test';
                            break;
                        default:
                            title = 'Invalid URL or Cross-Origin Request Blocked';
                            message = 'You must explictly add this site (' + window.location.origin + ') to the list of allowed websites in your Azure website';
                            break;
                    }
                    console.log(title + ': ' + message);
                }); //End of ajax call - failure method end                    
            }
        }
    } // End method

$(document).ready(function(){
    $.getScript("https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js", function () {
        console.log("Running bootstrap");
    });
    //Onload case
    //debugger;
    if(window.location.href.indexOf("?k=") > -1)
    {
        var keyword = getQueryValue(window.location.href);                  
        if (keyword) {
            getRelatedTermsFromAPI(keyword);
        }
     }
     else
     {
       return;
     }
}); //onload  

$('body').on('load', setTimeout(function () {
 $(".searchLink").click(function () {           
        var keyword = getQueryValue(window.location.href);
        if(keyword)            
            getRelatedTermsFromAPI(keyword);            
    });         

    //When search textbox is clicked using keyboard
    $('#txtSearchBox').find('input').keyup(function (e) {         
        if(e.keyCode == 13) {               
            var keyword = getQueryValue(window.location.href);
            if(keyword)
            {
                getRelatedTermsFromAPI(keyword);
            }
        }
    });  
  }, 3000));

});`

rohitnarula7176 commented 6 years ago

@dvm-2k1 Can you please create a repo with the code that can reproduce the issue along with instructions on how to run it. The above snippet is not that easy to run directly.

rohitnarula7176 commented 6 years ago

@dvm-2k1 Closing this issue for now. Please reopen once you have a repro for this issue.

ongun23 commented 6 years ago

The issue is going on!

`// In order to call the Graph API, an access token needs to be acquired. // Try to acquire the token used to Query Graph API silently first userAgentApplication.acquireTokenSilent(graphAPIScopes) .then(function (token) { //After the access token is acquired, call the Web API, sending the acquired token callWebApiWithToken(graphApiEndpoint, token, graphCallResponseElement, document.getElementById("accessToken"));

        }, function (error) {
            // If the acquireTokenSilent() method fails, then acquire the token interactively via acquireTokenRedirect().
            // In this case, the browser will redirect user back to the Azure Active Directory v2 Endpoint so the user 
            // can re-type the current username and password and/ or give consent to new permissions your application is requesting.
            // After authentication/ authorization completes, this page will be reloaded again and callGraphApi() will be called.
            // Then, acquireTokenSilent will then acquire the token silently, the Graph API call results will be made and results will be displayed in the page.
            if (error) {
                console.log("Failed on errur promise:" + error);
                userAgentApplication.acquireTokenRedirect(graphAPIScopes);
            }
        });

`

On the acquireTokenRedirect line it redirects for twice to get the token again to consent page!