Token is not updated in acquireToken

[ashnygaard]

I'm submitting a...

[ ] Regression (a behavior that used to work and stopped working in a new release)
[ x] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:

Browser:

• [ x] Chrome version XX
• [ ] Firefox version XX
• [x ] IE version XX
• [ ] Edge version XX
• [ ] Safari version XX

Library Name

• [ ] adal.js XX
• [ x] adal-angular XX

Library version

Library version:1.0.17 Angular: 4.4 @types/adal-angular: "^1.0.1"

Current behavior

When the token expires, adal service calls acquireToken(). An iframe is opened to get the renewal token via implict flow. The iframe is a simple page that needs no authentication. The authorize redirect 302 occurs and the redirect page is run. The token is never returned and the adal.idtoken value is now empty in localStorage. The url brings the user back to the root of the application and displays a white page.

This issue does happen on the first login. Only during the token refresh.

Expected behavior

After the iframe is opened and receives the new token, the application should be updated with the new token value. The user should remain on the page where the token refresh started, and should not know an iframe was loaded.

Minimal reproduction of the problem with instructions

Service calls acquireToken

acquireTokenFresh() {    
       this.context.acquireToken('ClientID here', function(error, token){
           if (error || !token){
               console.log('Could not get token, 'error');
               return;
           }
          else {
               return token;
         }
    });

redirect.html

<!doctype html>
<html>
<head>
    <meta charset="utf-8">
    <title>Frame Redirect</title>
    <script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.17/js/adal.min.js"></script>
</head>
<body>
<script>
    var adalConfig = {
        clientId: "client id here",
        cacheLocation: 'localStorage'
    };
    var authContext = new AuthenticationContext(adalConfig);
    authContext.handleWindowCallback();

    if (window === window.parent) { window.location.replace(location.origin + location.hash); }
</script>
</body>
</html>

[negoe]

@sameerag Can you please take a look?

[sameerag]

@ashnygaard Is this a new issue?

Also is there a specific reason you are using ADAL JS for your authentication needs? We are currently focused on msal js which is a more enhanced version of ADAL with better support and more features. Is it is a possibility to try out that instead?

[ashnygaard]

@sameerag No I don't think this is new, I have seen other people have the same issue. It appears during the token renewal it responds with a 'invalid_state' error.

I can take a look at Msal

[ashnygaard]

@sameerag I have confirmed that we cannot use the MSAL solution because of architecture. We have to stay with ADAL

[sameerag]

@ashnygaard Thanks for the follow up. Can you please help us understand why the architecture blocks MSAL's usage? If you are not comfortable in a public forum, you can email us.

[ashnygaard]

What email address should I use?

[sameerag]

cc @pkanher617

[sameerag]

Please email sameera.gajjarapu@microsoft.com;

[HarpreetHans]

any progress on this?

[andreav]

Hello I have the same problem. I'm using adal.js because I'm on Windows Server 2016.

Any update?

Thank you

[andreav]

I had the same problem and #290 gave me the solution. For me, token was not updated because there was no need to update it, it was not expired. After setting expireOffsetSeconds config option acquireToken works as expected and token is renewed.

[jasonnutter]

Closing due to inactivity.