AzureAD / azure-activedirectory-library-for-js

The code for ADAL.js and ADAL Angular has been moved to the MSAL.js repo. Please open any issues or PRs at the link below.
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/maintenance/adal-angular
Apache License 2.0
627 stars 372 forks source link

Requesting an $on alert when a token is refreshed to update app headers appropriately. #901

Closed austingriff closed 4 years ago

austingriff commented 4 years ago

Is it possible to get an alert on the token refresh to trigger an update for our application? Something like $on(adal:acquireRefreshTokenSuccess) so we can update our global headers when our token is refreshed. Or could you provide guidance on how to handle this situation?

I'm submitting a...


[ ] Regression (a behavior that used to work and stopped working in a new release)
[ ] Bug report  
[ ] Performance issue
[ x] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:

Browser:

Library Name

Library version

Library version: v1.0.17

Current behavior

Currently, we are not alerted when a token is refresh so my app still has an old token in the header and causes an error response due to old token. My solution is to catch a bad request with $on(adal:errorResponse). When it catches a bad request, it acquires a new token, re initializes my application, and tries the request again.

Expected behavior

I'm looking for a way to be alerted when the "silent" refresh occurs. Currently, after I successful acquire a token, I store it into the global $http.headers for all my requests to my backend api. However, I'm not sure of a way to update this header when a refresh occurs. I thought I would be able to use $on(adal:acquireTokenSuccess) to update this, but it doesn't seem to be triggered during a refresh.

Minimal reproduction of the problem with instructions

1) login with adal (AngularJS application using adal-angular directive) 2) set $http.defaults.headers.common.Authorization to ("Bearer " + token) when $on("adal:acquireTokenSuccess") is triggered 3) wait for token to expire 4) make a request to a protected backend (header still has old token since I don't know when it is renewed) 5) this should trigger an adal:errorResponse which handles the error

jasonnutter commented 4 years ago

@austingriff Apologies for the delay. Generally speaking, we recommend calling acquireTokenSilent right before you need a token, and ADAL will handle retrieving a token from the cache or making a network request to get a new token.

austingriff commented 4 years ago

Thanks @jasonnutter ! I'll update my application by following your recommendation.