Closed shyam2794 closed 3 years ago
Hi @shyam2794 .
The acquireTokenSilent
API does the following:
acquireTokenSilent
attempts to request a new Access Token and Refresh Token pair by opening a hidden iframe. This is the case in which 3rd-party cookies being disabled would cause an error.A small clarification: Your method is called "refreshAccessToken", however, it would be more appropriate to call it "getToken". The acquireTokenSilent
API is designed to retrieve tokens when they are cached and refresh them through a network call when they expire, but the token refreshing is abstracted away so you don't have to worry about it.
The expiration time for an Access Token is 1hr and the refresh token has a 24 hour, non-sliding expiration time. That means that even if you renew a refresh token before it expires, the new refresh token will have the same expiration time as the previous one.
In order to be able to investigate your specific issue (the error shown on the token request), we'd need a network trace so we can see what went wrong. You can e-mail me a Fiddler trace (e-mail is on my profile) and I'll take a look!
@hectormmg Currently we are seeing some issues were the users are getting kicked out to the login page in a random way . I am pretty confident that its not because of the access token issue coz if that's the case then the user will be kicked out for every 1 hour ( access token expires for every 1 hour ) . So need to check whether this has to do with getting the account .
const getAccountInfo = () => {
const accounts = msalInstance.getAllAccounts();
return accounts[0]; // Is this the correct way ? .
};
const refreshAccessToken = async () => {
const account = getAccountInfo();
try {
const token = await msalInstance.acquireTokenSilent({
account,
scopes: loginRequest.scopes,
});
return token.accessToken;
} catch (error) {
if (error instanceof InteractionRequiredAuthError) {
return msalInstance
.acquireTokenPopup(loginRequest)
.then((resp) => {
return resp.accessToken;
})
.catch((err) => {
routeToHome();
console.log(err);
});
} else {
routeToHome();
console.log(error);
}
}
};
msalInstance.getAllAccounts()
give ? .That means that even if you renew a refresh token before it expires, the new refresh token will have the same expiration time as the previous one.
So if i clear the cache in the browser after 22hours and hit the app again will the new refresh token will have only 2 hours left to expire ?
@shyam2794 No, it will only do this if you attempt to renew the token with a refresh token. If you make an authorize call with either login/acquireTokenRedirect, login/acquireTokenPopup or ssoSilent, you will receive a refresh token with a new full 24hr lifetime. If you only attempt to renew the token with the refresh token (calling acquireTokenSilent) you will not receive a refresh token for a full 24 hour lifetime, only the duration left on the original token call. Hope this makes sense.
This issue has not seen activity in 14 days. If your issue has not been resolved please leave a comment to keep this open. It will be closed in 7 days if it remains stale.
This issue has been closed due to inactivity. If this has not been resolved please open a new issue. Thanks!
Library
msal@1.x.x
or@azure/msal@1.x.x
@azure/msal-browser@2.8.0
@azure/msal-node@1.x.x
@azure/msal-react@^1.0.0-alpha.1
@azure/msal-angular@0.x.x
@azure/msal-angular@1.x.x
@azure/msal-angular@2.x.x
@azure/msal-angularjs@1.x.x
Description
Need clarification in understanding the acquireTokenSilent process . And the recommended approach to use renew the access token.
This is my auth Config
we are using axios for firing API's , have added the token refresh logic before making the API call's ( gone through the docs and this was the recommended approach ) . Below is my axios interceptor code
Below is the util we have for the refreshAccessToken
Question
The acquireTokenSilent seems to work fine when we are disabling the 3rd party cookies in the browser. But i see some errors in the console . Why we see these errors ?
If we disable the 3rd party cookies option in browser acquireTokenSilent fails and the user gets re-directed to the login page for every 1 hr. Is there an alternate approach to do silent token refresh without wanting the user to enable the cookies ?
What is the expiration time for the refresh token and access token ? . what will happen if the refresh token fails in the middle of a session and if the user is trying to make a API Call ?
Source