Closed cagricaymaz closed 3 years ago
I had the same issue. In my case it was with msal version 2.x. The problem was the scope. The answer had a different scope than that which had been requested. In this case, no token is found in the cache for the requested scope and a new token is requested. So check if the response contains a token for your requested scope.
@cagricaymaz Can you share your usage where you make your token and API call? acquireTokenSilent
does lookup tokens in the cache first before making a network request. Enabling verbose logs would also be helpful here. Instructions for enabling logs
Hi, @devInterests My token response's scope is the same as the requested scope.
Hi @tnorling
Can you help me to understand these logs?
[Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-angular@2.0.0-beta.0 : Verbose - MSAL Interceptor activated
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-angular@2.0.0-beta.0 : Verbose - Interceptor - getting scopes for endpoint
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - getActiveAccount: No active account
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-angular@2.0.0-beta.0 : Verbose - Interceptor - no active account, fallback to first account
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - getAllAccounts called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-angular@2.0.0-beta.0 : Info - Interceptor - 1 scopes found for endpoint
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - preflightBrowserEnvironmentCheck started
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - acquireTokenSilent called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - Initializing BaseAuthRequest
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Info - Emitting event: msal:acquireTokenStart
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - Emitting event to callback e43a83f7-1961-420f-8ad5-c04f5a3fe005: msal:acquireTokenStart
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - initializeServerTelemetryManager called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - createSilentFlowClient called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - getClientConfiguration called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - getDiscoveredAuthority called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - Creating discovered authority with request authority
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.setAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Info - Emitting event: msal:acquireTokenFromNetworkStart
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - Emitting event to callback e43a83f7-1961-420f-8ad5-c04f5a3fe005: msal:acquireTokenFromNetworkStart
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - Initializing BaseAuthRequest
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - initializeServerTelemetryManager called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - createRefreshTokenClient called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - getClientConfiguration called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - getDiscoveredAuthority called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - Creating discovered authority with request authority
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.setAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getServerTelemetry called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:49 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getThrottlingCache called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getServerTelemetry called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.setAccount called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.setIdTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getIdTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAccessTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getRefreshTokenCredential: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.getAuthorityMetadata: cache hit
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.setAccessTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - BrowserCacheManager.setRefreshTokenCredential called
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Info - Emitting event: msal:acquireTokenSuccess
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-browser@2.12.0 : Verbose - Emitting event to callback e43a83f7-1961-420f-8ad5-c04f5a3fe005: msal:acquireTokenSuccess
app-config.ts:36 [Mon, 15 Mar 2021 17:02:50 GMT] : : @azure/msal-angular@2.0.0-beta.0 : Verbose - Interceptor - setting authorization headers
@cagricaymaz As far as I understood, your scope in the example is ''https://xxx/Scope.Read''. But in the response the scope is "https://..../466". So there is a token in the cache for "https://..../466" but not for ''https://xxx/Scope.Read" scope. But I am not sure about that. However, what I did was debugging through msal js lib. I started by acquireTokenSilent call and get inside the call stack. There I saw what was in the cache and what I was requesting.
I have debugged all steps in msal-angular and found my solution I think. There is a system.Options.tokenRenewalOffsetSeconds set for 300seconds.
...
else if (!cachedAccessToken || TimeUtils.isTokenExpired(cachedAccessToken.expiresOn,this.config.systemOptions.tokenRenewalOffsetSeconds)) {
// Must refresh due to expired or non-existent access_token
return true;
}
...
In my development environment, the access tokens expire in 300 seconds. So in my case, it is always expired. Changed it to 15 minutes and it is working as expected. I will now update the "tokenRenewalOffsetSeconds" in the settings.
Thanks for your help guys.
I have fixed the issue that I am having so I can close the topic. Thank you.
Library
msal@1.x.x
or@azure/msal@1.x.x
@azure/msal-browser@2.x.x
@azure/msal-node@1.x.x
@azure/msal-react@1.x.x
@azure/msal-angular@0.x.x
@azure/msal-angular@1.x.x
@azure/msal-angular@2.x.x
@azure/msal-angularjs@1.x.x
Description
MSAL requests access token on every backend API call. I have seen similar topics but I couldn't find my answer. I think requesting the token on every API call is not necessary. I assume there is a way to cache it and only request when needed.
I have also checked that the access token is always changing.
Maybe, I am missing some settings part. I hope you guys can help me with this situation.
Source