Closed rdkleine closed 4 years ago
@rdkleine Can you please provide some code snippet or repro of how you are using the library to login, acquire the token and to renew it?
Hi Navya,
I've identified the problem. There are multiple user identities available for the current request. When providing a 'login_hint' using the extraQueryParameter - which feels a bit hacky - this is circumvented.
A better solution would be to add the username in the _addHintParameters method when the upn is not available. (see issue 580)
var config: AuthenticationContext.Options = {
instance: 'https://login.microsoftonline.com/',
tenant: process.env.tenant,
clientId: process.env.clientId,
cacheLocation: 'sessionStorage',
navigateToLoginRequestUrl: false,
popUp: false
};
// >> Add login_hint based on cached user <<
var context = new AuthenticationContext(config);
var user = context.getCachedUser();
if (user) {
context.config.extraQueryParameter = 'login_hint=' + user.userName;
}
adalAuthenticationServiceProvider.init(config, $httpProvider);
Closing this issue as it seems this is no longer a problem.
Additionally, all current authentication work from Microsoft is delivered through the msal js
library here. adal js
is still supported only for security fixes. We recommend moving to msal js
for any advanced feature requests and bugfixes.
Library Name
Library version
Library version: 1.0.17
Current behavior
When the Token is expired and the _renewIdToken is called I get the error below. When I log in there is no problem but .. I just don't understand what seems to be wrong?
"AADSTS16000: User account 'XXX' from identity provider 'live.com' does not exist in tenant 'TENANTNAME' and cannot access the application '4101a745-7d14-44a7-bd64-e901b6c63fe4' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account. Trace ID: f3202d86-0ebd-42e6-a77f-7d2d0b4e3200 Correlation ID: 9b19e5c7-82f2-4edb-b2dd-488393a1f0ed Timestamp: 2018-11-07 19:28:44Z"
This is the request url: https://login.microsoftonline.com/TENANTNAME.onmicrosoft.com/oauth2/authorize ?response_type=id_token &client_id=4101a745-7d14-44a7-bd64-e901b6c63fe4 &redirect_uri=https%3A%2F%2Flocalhost%3A44300%2FIndex2.html &state=3afc1b26-f133-4a91-89b2-8ff227275913%7C4101a745-7d14-44a7-bd64-e901b6c63fe4 &client-request-id=a126a5c8-617f-4d83-86d6-71cddeb1d7cd &x-client-SKU=Js &x-client-Ver=1.0.17 &prompt=none &nonce=de7da6d3-bc3c-45d5-a34f-ad7b5a0bceb1