AzureAD / azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/adal-angular
Apache License 2.0
627 stars 372 forks source link

Token is not updated in acquireToken #888

Closed ashnygaard closed 4 years ago

ashnygaard commented 5 years ago

I'm submitting a...


[ ] Regression (a behavior that used to work and stopped working in a new release)
[ x] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:

Browser:

Library Name

Library version

Library version:1.0.17 Angular: 4.4 @types/adal-angular: "^1.0.1"

Current behavior

When the token expires, adal service calls acquireToken(). An iframe is opened to get the renewal token via implict flow. The iframe is a simple page that needs no authentication. The authorize redirect 302 occurs and the redirect page is run. The token is never returned and the adal.idtoken value is now empty in localStorage. The url brings the user back to the root of the application and displays a white page.

This issue does happen on the first login. Only during the token refresh.

Expected behavior

After the iframe is opened and receives the new token, the application should be updated with the new token value. The user should remain on the page where the token refresh started, and should not know an iframe was loaded.

Minimal reproduction of the problem with instructions

Service calls acquireToken

acquireTokenFresh() {    
       this.context.acquireToken('ClientID here', function(error, token){
           if (error || !token){
               console.log('Could not get token, 'error');
               return;
           }
          else {
               return token;
         }
    });

redirect.html

<!doctype html>
<html>
<head>
    <meta charset="utf-8">
    <title>Frame Redirect</title>
    <script src="https://secure.aadcdn.microsoftonline-p.com/lib/1.0.17/js/adal.min.js"></script>
</head>
<body>
<script>
    var adalConfig = {
        clientId: "client id here",
        cacheLocation: 'localStorage'
    };
    var authContext = new AuthenticationContext(adalConfig);
    authContext.handleWindowCallback();

    if (window === window.parent) { window.location.replace(location.origin + location.hash); }
</script>
</body>
</html>

negoe commented 5 years ago

@sameerag Can you please take a look?

sameerag commented 5 years ago

@ashnygaard Is this a new issue?

Also is there a specific reason you are using ADAL JS for your authentication needs? We are currently focused on msal js which is a more enhanced version of ADAL with better support and more features. Is it is a possibility to try out that instead?

ashnygaard commented 5 years ago

@sameerag No I don't think this is new, I have seen other people have the same issue. It appears during the token renewal it responds with a 'invalid_state' error.

I can take a look at Msal

ashnygaard commented 5 years ago

@sameerag I have confirmed that we cannot use the MSAL solution because of architecture. We have to stay with ADAL

sameerag commented 5 years ago

@ashnygaard Thanks for the follow up. Can you please help us understand why the architecture blocks MSAL's usage? If you are not comfortable in a public forum, you can email us.

ashnygaard commented 5 years ago

What email address should I use?

sameerag commented 5 years ago

cc @pkanher617

sameerag commented 5 years ago

Please email sameera.gajjarapu@microsoft.com;

HarpreetHans commented 4 years ago

any progress on this?

andreav commented 4 years ago

Hello I have the same problem. I'm using adal.js because I'm on Windows Server 2016.

Any update?

Thank you

andreav commented 4 years ago

I had the same problem and #290 gave me the solution. For me, token was not updated because there was no need to update it, it was not expired. After setting expireOffsetSeconds config option acquireToken works as expected and token is renewed.

jasonnutter commented 4 years ago

Closing due to inactivity.