Closed yousourceinc closed 3 years ago
Hi @yousourceinc . Could you send me a network trace from a tool like Fiddler so we can inspect the requests your app is making and have more context on your issue? You can send it to the e-mail on my profile.
Also, please consider upgrading to @azure/msal-angular v2, which does a better job of handling this type of scenario. Thanks!
yousourceinc This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has not been resolved please leave a comment to keep this open. It will be closed in 7 days if it remains stale.
Core Library
@azure/msal or msal
Core Library Version
1.4.8
Wrapper Library
@azure/msal-angular
Wrapper Library Version
1.1.2
Description
We are receiving an invalid accessToken with empty scopes on the first grant of admin consent. If the user retries again - we call the acquireTokenPopup and the accessToken becomes valid. We can't call acquireTokenPopup when the accessToken is invalid since it results in a popup_window_error
Once the user grants the admin consent, we will request for all users in their AD. (User.Read.All)
If the current user is not an admin, and the admin consent was granted by another person via an admin consent link, the user does not have any issue accessing the User.Read.All endpoints on the first login.
Error Message
Insufficient privileges to complete the operation.
Msal Logs
No response
MSAL Configuration
Relevant Code Snippets
Reproduction Steps
Step 1: Admin clicks the log in button (loginPopup) Step 2: MS prompts login and admin consent page (We need User.Read.All) Step 3: We call acquireTokenSilent() to acquire for Access Token as the AuthenticationProvider of our Graph Client Step 4: Graph API /users request returns 403 - insufficient permission
Expected Behavior
Received access token already has the correct rights/permission at least at the getAccessToken() endpoint.
Identity Provider
Azure AD / MSA
Browsers Affected (Select all that apply)
Chrome
Regression
No response
Source
Internal (Microsoft)