search

AzureAD / microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS
http://aka.ms/aadv2
MIT License
3.68k stars 2.65k forks source link

Can we get the fresh token through loginPopup() method? #3970

Closed zhshqzyc closed 3 years ago

zhshqzyc commented 3 years ago

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.14.2

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

^2.0.0

Description

I want to get refresh-token when user login from loginPopup. The return value doesn't include it. I have to call another method to get the fresh token. It is inconvenient to the user. And I don't know which method to call it. The best way is to get all one time. All code is from [https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-angular-v2-samples/angular11-sample-app/src/app](msal-angular-v2 example).

MSAL Configuration

No response

Relevant Code Snippets

constructor(
    @Inject(MSAL_GUARD_CONFIG) private msalGuardConfig: MsalGuardConfiguration,
    private authService: MsalService,
    private msalBroadcastService: MsalBroadcastService,
    private location: Location
  ) {}

loginPopup() {
    if (this.msalGuardConfig.authRequest){
      this.authService.loginPopup({...this.msalGuardConfig.authRequest} as PopupRequest)
        .subscribe((response: AuthenticationResult) => {
          console.log(response); // want response contains refresh token as well
          this.authService.instance.setActiveAccount(response.account);
        });
      } else {
        this.authService.loginPopup()
          .subscribe((response: AuthenticationResult) => {
            this.authService.instance.setActiveAccount(response.account);
      });
    }
  }

Identity Provider

Azure AD / MSA

Source

External (Customer)

tnorling commented 3 years ago

@zhshqzyc The refresh token is not returned by any MSAL API by design. If you can explain why you need it, I can try to suggest alternative ways to achieve what you're trying to achieve.

zhshqzyc commented 3 years ago

I thought the fresh token was for the token expired or handling 401 unauthorized error in angular interceptor. If MSAL API is unnecessary to use the refresh token, please let me know. Otherwise would you please guide me the right direction?

tnorling commented 3 years ago

@zhshqzyc The acquireTokenSilent API uses the refresh token under the hood when the access token is expired. The msal-angular interceptor uses acquireTokenSilent before it calls an API. Are you getting token expired or 401 errors unexpectedly? If so please share an example.

zhshqzyc commented 3 years ago

No, I can get the token by calling this.authService.loginPopup({...this.msalGuardConfig.authRequest} as PopupRequest). But I can't find an example put acquireTokenSilent and authService.loginPopup together. Did you mean I need call acquireTokenSilent first then call authService.loginPopup?

tnorling commented 3 years ago

@zhshqzyc loginPopup should be used when no user is signed in. After that acquireTokenSilent can be used instead (until an InteractionRequiredAuthError is thrown). If you're using the msal-angular Interceptor it will call acquireTokenSilent for you under the hood and you do not need to do this yourself. All of our samples demonstrate using the Interceptor. Please check those out and let me know if you have any specific questions.

zhshqzyc commented 3 years ago

Thanks for the nice hint. The specific question is that I don't use msal-angular Interceptor. I created [interceptor] (https://angular.io/api/common/http/HttpInterceptor) by myself. Also I use loginPopup in MSAL. So in this case there is no refresh token available.

tnorling commented 3 years ago

@zhshqzyc Any particular reason you are not using the provided interceptor? Since you are writing your own you will need to call acquireTokenSilent in the Interceptor and fallback to acquireTokenPopup when it fails. loginPopup is only used when the user initially needs to sign in for the first time. You can take a look at the provided interceptor's code to see how we do this here

zhshqzyc commented 3 years ago

Thank you!

zhshqzyc commented 3 years ago

try https://github.com/zhshqzyc/FullStack

On Mon, Aug 16, 2021 at 7:17 PM Thomas Norling @.***> wrote:

@zhshqzyc https://github.com/zhshqzyc Any particular reason you are not using the provided interceptor? Since you are writing your own you will need to call acquireTokenSilent in the Interceptor and fallback to acquireTokenPopup when it fails. loginPopup is only used when the user initially needs to sign in for the first time. You can take a look at the provided interceptor's code to see how we do this here https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-angular/src/msal.interceptor.ts

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/3970#issuecomment-899879093, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABXHUSVKKQW23AVIJ767LHLT5GMBFANCNFSM5CEGESFQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&utm_campaign=notification-email .