acquireTokenSilent results in 400 and "infinite" loop

[badsyntax]

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.17.0

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

1.0.2

Description

When calling acquireTokenSilent a 400 is returned from the token endpoint and the library gets stuck in a loop.

Here are the auth and request logs:

Here's the code where I call acquireTokenSilent:

authLogger.debug('Trying to acquire access token...');
const { accessToken } = await this.acquireTokenSilent(accessTokenRequest);
authLogger.debug('Acquired access token');

As you can see from the logs:

• The token request is failing
• acquireTokenSilent does not throw

Error Message

The token request is failing with this error message

{"error":"invalid_grant","error_description":"AADB2C90080: The provided grant has expired. Please re-authenticate and try again. Current time: 1631520871, Grant issued time: 1630673102, Grant expiration time: 1630742547\r\nCorrelation ID: 08108291-d7d9-4173-980f-48e8291e2f8d\r\nTimestamp: 2021-09-13 08:14:31Z\r\n"}

Msal Logs

MSAL Configuration

export const msalConfig: Configuration = {
  auth: {
    clientId: config.AUTH.CLIENT_ID,
    authority: b2cPolicies.authorities.signUpSignIn.authority,
    knownAuthorities: [b2cPolicies.authorityDomain],
    redirectUri: config.AUTH.REDIRECT_URL,
    postLogoutRedirectUri: '/',
    navigateToLoginRequestUrl: false,
  },
  cache: {
    cacheLocation: 'localStorage',
    storeAuthStateInCookie: false,
  },
  system: {
    loggerOptions: {
      loggerCallback: authLoggerCallback,
    },
  },
};

Relevant Code Snippets

authLogger.debug('Trying to acquire access token...');
const { accessToken } = await this.acquireTokenSilent(accessTokenRequest);
authLogger.debug('Acquired access token');

Reproduction Steps

As I don't know the cause I can't provide reproduction steps. I'm only experiencing this issue in a particular environment and I don't know what's causing it.

Expected Behavior

I would expect acquireTokenSilent to throw an error if it can't get a token.

Identity Provider

Azure B2C Basic Policy

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Source

External (Customer)

[badsyntax]

The odd thing is it seems to be sending 2 requests to get a token. The first request succeeds and the second request fails:

Could this be due to some weird localstorage state? This is what's in my localstorage:

{
  "12345-b2c_1_signupsignin1.12345-exampletenant.b2clogin.com-accesstoken-12345--https://exampletenant.onmicrosoft.com/123456abcdef/access_as_user": "{\"homeAccountId\":\"12345-b2c_1_signupsignin1.12345\",\"credentialType\":\"AccessToken\",\"secret\":\"123456.ABCD\",\"cachedAt\":\"1631521966\",\"expiresOn\":\"1631525566\",\"extendedExpiresOn\":\"1631525566\",\"environment\":\"exampletenant.b2clogin.com\",\"clientId\":\"12345\",\"realm\":\"\",\"target\":\"https://exampletenant.onmicrosoft.com/123456abcdef/access_as_user\",\"tokenType\":\"Bearer\"}",
  "54321-b2c_1_signupsignin1.12345-exampletenant.b2clogin.com-": "{\"authorityType\":\"MSSTS\",\"clientInfo\":\"CLIENT_ID_1\",\"homeAccountId\":\"54321-b2c_1_signupsignin1.12345\",\"environment\":\"exampletenant.b2clogin.com\",\"realm\":\"\",\"idTokenClaims\":{\"exp\":1630676702,\"nbf\":1630673102,\"ver\":\"1.0\",\"iss\":\"https://exampletenant.b2clogin.com/12345/v2.0/\",\"sub\":\"54321\",\"aud\":\"12345\",\"nonce\":\"ba5263e9-8f41-4a29-8235-870b7f653deb\",\"iat\":1630673102,\"auth_time\":1630656147,\"given_name\":\"Richard\",\"family_name\":\"Willis\",\"idp\":\"google.com\",\"oid\":\"54321\",\"emails\":[\"email@example.com\"],\"tfp\":\"B2C_1_signupsignin1\",\"at_hash\":\"WBNK3CxB9fhvV2C13B9L5g\"},\"localAccountId\":\"54321\",\"username\":\"email@example.com\",\"cloudGraphHostName\":\"\",\"msGraphHost\":\"\"}",
  "54321-b2c_1_signupsignin1.12345-exampletenant.b2clogin.com-accesstoken-12345--https://exampletenant.onmicrosoft.com/123456abcdef/access_as_user": "{\"homeAccountId\":\"54321-b2c_1_signupsignin1.12345\",\"credentialType\":\"AccessToken\",\"secret\":\"123456.ABCD\",\"cachedAt\":\"1630673102\",\"expiresOn\":\"1630676702\",\"extendedExpiresOn\":\"1630676702\",\"environment\":\"exampletenant.b2clogin.com\",\"clientId\":\"12345\",\"realm\":\"\",\"target\":\"https://exampletenant.onmicrosoft.com/123456abcdef/access_as_user\",\"tokenType\":\"Bearer\"}",
  "12345-b2c_1_signupsignin1.12345-exampletenant.b2clogin.com-": "{\"authorityType\":\"MSSTS\",\"clientInfo\":\"CLIENT_ID_2\",\"homeAccountId\":\"12345-b2c_1_signupsignin1.12345\",\"environment\":\"exampletenant.b2clogin.com\",\"realm\":\"\",\"idTokenClaims\":{\"exp\":1631525565,\"nbf\":1631521965,\"ver\":\"1.0\",\"iss\":\"https://exampletenant.b2clogin.com/12345/v2.0/\",\"sub\":\"12345\",\"aud\":\"12345\",\"nonce\":\"5a1192b8-6acb-449e-b999-a9ec3731211d\",\"iat\":1631521965,\"auth_time\":1631521965,\"oid\":\"12345\",\"emails\":[\"emai@example.com\"],\"tfp\":\"B2C_1_signupsignin1\",\"at_hash\":\"leEFFBXqdL1C5CHzslGgkw\"},\"localAccountId\":\"12345\",\"username\":\"email@example.com\"}",
  "12345-b2c_1_signupsignin1.12345-exampletenant.b2clogin.com-refreshtoken-12345--": "{\"clientId\":\"12345\",\"credentialType\":\"RefreshToken\",\"environment\":\"exampletenant.b2clogin.com\",\"homeAccountId\":\"12345-b2c_1_signupsignin1.12345\",\"secret\":\"12345..ABCD\"}",
  "54321-b2c_1_signupsignin1.12345-exampletenant.b2clogin.com-idtoken-12345--": "{\"credentialType\":\"IdToken\",\"homeAccountId\":\"54321-b2c_1_signupsignin1.12345\",\"environment\":\"exampletenant.b2clogin.com\",\"clientId\":\"12345\",\"secret\":\"123456ABC\",\"realm\":\"\"}",
  "54321-b2c_1_signupsignin1.12345-exampletenant.b2clogin.com-refreshtoken-12345--": "{\"clientId\":\"12345\",\"credentialType\":\"RefreshToken\",\"environment\":\"exampletenant.b2clogin.com\",\"homeAccountId\":\"54321-b2c_1_signupsignin1.12345\",\"secret\":\"12345..ABCD\"}",
  "12345-b2c_1_signupsignin1.12345-exampletenant.b2clogin.com-idtoken-12345--": "{\"credentialType\":\"IdToken\",\"homeAccountId\":\"12345-b2c_1_signupsignin1.12345\",\"environment\":\"exampletenant.b2clogin.com\",\"clientId\":\"12345\",\"secret\":\"123456.ABC\",\"realm\":\"\"}"
}

It seems that I have 2 different clientInfo's. How it it possible to get into this state?

[ghost]

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @pkanher617 please follow up.

[ghost]

This issue requires attention from the MSAL.js team and has not seen activity in 5 days. @pkanher617 please follow up.

[tnorling]

@badsyntax So sorry this went unanswered for so long. Based on the logs it looks like your components are being re-rendered which is likely what's causing the loop. I see many handleRedirectStart events being emitted, suggesting the MsalProvider component is being re-rendered with a new instance of PublicClientApplication. Can you please confirm your PublicClientApplication instance is not being initialized inside a react component but rather outside your render path?

[ghost]

@badsyntax This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.

[badsyntax]

@tnorling I will double-check how i'm rendering things but I don't think that's the issue. In my follow up comment I mentioned the weird state of localstorage. How is it possible for local storage to have 2 different refresh tokens for the same auth user and the same tenant? Is this expected?

[badsyntax]

@tnorling I definately only have one instance. This is how I construct the instance:

export class AuthClient extends PublicClientApplication {
  /*...*/
}

export const authClient = new AuthClient(msalConfig);

I don't ever construct a new instance of PublicClientApplication and this construction happens outside of the render path.

[tnorling]

@badsyntax The logs show your MsalProvider component is being unmounted and re-mounted. Tracking down what is causing that will likely resolve your issue. In particular this log message is what's tipping me off that this is what's happening:

MsalProvider - msal:handleRedirectStart results in setting inProgress from startup to handleRedirect

This will only be output one time when the MsalProvider component is rendered for the first time.

In my follow up comment I mentioned the weird state of localstorage. How is it possible for local storage to have 2 different refresh tokens for the same auth user and the same tenant? Is this expected?

This can happen for a number of reasons and is not necessarily unexpected. Take a look at the keys and try to determine which part differs. For B2C in particular, each policy (signIn, signUp, forgotPassword, etc) is treated as a distinct tenant and a distinct user. If your application makes requests for more than 1 B2C policy you can end up with multiple sets of tokens and this is expected behavior.

In any event the localstorage state is not as much of concern to me as the rerenders I mentioned above.

[badsyntax]

@tnorling thanks for your continued support.

The logs show your MsalProvider component is being unmounted and re-mounted. Tracking down what is causing that will likely resolve your issue.

I am doing something slightly different from the suggested implemented. To prevent unwanted re-authentications during a HTTP request (eg if acquireTokenSilent) fails, we instead ensure we can get an access token during app bootstrap.

Here's a very condensed overview of my app setup:

App.tsx:

export const App: React.FC = () => {
  return (
    <MsalProvider instance={authClient}>
      <AppBootstrap>
        <Routes />
      </AppBootstrap>
    </MsalProvider>
  );
};

AppBootstrap.tsx:

export const AppBootstrap: React.FC = ({ children }) => {
  const isAppBootstrapped = useAppBootstrap();
  return isAppBootstrapped ? <>{children}</> : <SignedOutPageShell />;
};

useAppBootstrap:

export function useAppBootstrap(): boolean {
  const accessToken = useAccessToken();
  return !!accessToken;
}

useAccessToken.ts:

export function useAccessToken(): string | void {
  const authClient = useAuthClient();
  const account = useAuthAccount();
  const isAuthenticated = useIsAuthenticated();

  const [accessToken, setAccessToken] = useState<string>();

  useEffect(() => {
    async function getToken() {
      if (!isAuthenticated || !account) {
        return;
      }
      const accessToken = await authClient.getAccessToken('redirect');
      setAccessToken(accessToken);
    }
    void getToken();
  }, [account, authClient, isAuthenticated]);
  return accessToken;
}

(authClient is an instance of PublicClientApplication) and is constructed once outside the render path.

This works well for us because now you just need to re-authenticate when the app loads instead of having to (maybe) re-authenticated "during" (before) a http request which is a terrible UX. (Note we still call acquireTokenSilent before every request.)

Do you think this logic could somehow be interfering with the msal library logic?

[tnorling]

I do not see anything here that would cause the behavior you describe. Like I said, your MsalProvider component is being rerendered which is most likely causing your loop. If you can share what your component tree looks like above your App component, or, better yet, a link to a minimal reproduction I can help you narrow down what might be causing this.

[badsyntax]

Thanks again for the suggestions. I've added some logs in the parent component that renders <MsalProvider> and it's only logged once (look for RENDER COMPONENT THAT RENDERS), and I can now only see msal:handleRedirectStart being logged once:

It should be noted it's not sending me into a login redirect loop now. It can successfully retrieve an access token for the current user, but it looks like it attempts to get other access tokens (and those requests fail).

Also note that I am building and testing an app and logging in and logging out with different accounts.

This is what's in my local storage (anonymized):

123456-2520-4925-b0a1-188c0825af67-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-: "{\"authorityType\":\"MSSTS\",\"clientInfo\":\"1234567iOiIxMGZlZGY2MS0yNTIwLTQ5MjUtYjBhMS0xODhjMDgyNWFmNjctYjJjXzFfc2lnbnVwc2lnbmluMSIsInV0aWQiOiJkYzNmNmZjMi0zOWU5LTQ2MWMtYTE0Yi04ZDJmOGE0YmM1ZmQifQ\",\"homeAccountId\":\"123456-2520-4925-b0a1-188c0825af67-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"environment\":\"tenant.b2clogin.com\",\"realm\":\"\",\"idTokenClaims\":{\"exp\":1633597919,\"nbf\":1633594319,\"ver\":\"1.0\",\"iss\":\"https://tenant.b2clogin.com/12345bc-39e9-461c-a14b-8d2f8a4bc5fd/v2.0/\",\"sub\":\"123456-2520-4925-b0a1-188c0825af67\",\"aud\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"nonce\":\"88881c5e-00ab-4d99-b68f-3322c84a3ef9\",\"iat\":1633594319,\"auth_time\":1633594318,\"given_name\":\"Richard\",\"family_name\":\"Willis\",\"idp\":\"google.com\",\"oid\":\"123456-2520-4925-b0a1-188c0825af67\",\"emails\":[\"email@example.com\"],\"tfp\":\"B2C_1_signupsignin1\",\"at_hash\":\"JGRSXtT9O3UnxUUTXjXGig\"},\"localAccountId\":\"123456-2520-4925-b0a1-188c0825af67\",\"username\":\"email@example.com\"}"
123456-2520-4925-b0a1-188c0825af67-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-accesstoken-12340d2-2407-41f8-aed6-efbfd984298e--https://tenant.onmicrosoft.com/123456-e3a4-4656-a851-1c464347065f/access_as_user: "{\"homeAccountId\":\"123456-2520-4925-b0a1-188c0825af67-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"credentialType\":\"AccessToken\",\"secret\":\"123456iOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL25leHRnZW5mbGVldHdhdmUuYjJjbG9naW4uY29tL2RjM2Y2ZmMyLTM5ZTktNDYxYy1hMTRiLThkMmY4YTRiYzVmZC92Mi4wLyIsImV4cCI6MTYzMzU5NzkxOSwibmJmIjoxNjMzNTk0MzE5LCJhdWQiOiJhZjUwZTM5NS1lM2E0LTQ2NTYtYTg1MS0xYzQ2NDM0NzA2NWYiLCJnaXZlbl9uYW1lIjoiUmljaGFyZCIsImZhbWlseV9uYW1lIjoiV2lsbGlzIiwiaWRwIjoiZ29vZ2xlLmNvbSIsIm9pZCI6IjEwZmVkZjYxLTI1MjAtNDkyNS1iMGExLTE4OGMwODI1YWY2NyIsInN1YiI6IjEwZmVkZjYxLTI1MjAtNDkyNS1iMGExLTE4OGMwODI1YWY2NyIsImVtYWlscyI6WyJ3aWxsaXMucmhAZ21haWwuY29tIl0sInRmcCI6IkIyQ18xX3NpZ251cHNpZ25pbjEiLCJub25jZSI6Ijg4ODgxYzVlLTAwYWItNGQ5OS1iNjhmLTMzMjJjODRhM2VmOSIsInNjcCI6ImFjY2Vzc19hc191c2VyIiwiYXpwIjoiYTM4YmUwZDItMjQwNy00MWY4LWFlZDYtZWZiZmQ5ODQyOThlIiwidmVyIjoiMS4wIiwiaWF0IjoxNjMzNTk0MzE5fQ.SQ7ac_EeGMvWlkRaSlquLSNuipRoJebAcVVrERG51c8kexYkLpYEvP3YyC2dZgkr31X9vrL-f1uf-ihYL3ZzMfD7b-uYrbMemlaDTybI6cJOaa9vy_j-nJlZI-6GGVyK0iZdk6QbrAp7xvavjU2Zoe9WaIrwD6aE-xkldnvDtTD-ozNX-HBqZ6NNmT28siLwsFQWU6KslsvLzoEMF9w5MSiEwOZyy6YlU30-EEO8HV3IbRjaSJdf9BjsHXbZ4Ltfi7M4NMzKhnAvwwGTAFGKeEP502lZQCmfNuNymfPc70C7VT6mi_Bhh00yZKz9L84a5wY5vyJdjiy-BOhQaJ2b1g\",\"cachedAt\":\"1633594319\",\"expiresOn\":\"1633597919\",\"extendedExpiresOn\":\"1633597919\",\"environment\":\"tenant.b2clogin.com\",\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"realm\":\"\",\"target\":\"https://tenant.onmicrosoft.com/123456-e3a4-4656-a851-1c464347065f/access_as_user\",\"tokenType\":\"Bearer\"}"
123456-2520-4925-b0a1-188c0825af67-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-idtoken-12340d2-2407-41f8-aed6-efbfd984298e--: "{\"credentialType\":\"IdToken\",\"homeAccountId\":\"123456-2520-4925-b0a1-188c0825af67-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"environment\":\"tenant.b2clogin.com\",\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"secret\":\"123456iOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzM1OTc5MTksIm5iZiI6MTYzMzU5NDMxOSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9uZXh0Z2VuZmxlZXR3YXZlLmIyY2xvZ2luLmNvbS9kYzNmNmZjMi0zOWU5LTQ2MWMtYTE0Yi04ZDJmOGE0YmM1ZmQvdjIuMC8iLCJzdWIiOiIxMGZlZGY2MS0yNTIwLTQ5MjUtYjBhMS0xODhjMDgyNWFmNjciLCJhdWQiOiJhMzhiZTBkMi0yNDA3LTQxZjgtYWVkNi1lZmJmZDk4NDI5OGUiLCJub25jZSI6Ijg4ODgxYzVlLTAwYWItNGQ5OS1iNjhmLTMzMjJjODRhM2VmOSIsImlhdCI6MTYzMzU5NDMxOSwiYXV0aF90aW1lIjoxNjMzNTk0MzE4LCJnaXZlbl9uYW1lIjoiUmljaGFyZCIsImZhbWlseV9uYW1lIjoiV2lsbGlzIiwiaWRwIjoiZ29vZ2xlLmNvbSIsIm9pZCI6IjEwZmVkZjYxLTI1MjAtNDkyNS1iMGExLTE4OGMwODI1YWY2NyIsImVtYWlscyI6WyJ3aWxsaXMucmhAZ21haWwuY29tIl0sInRmcCI6IkIyQ18xX3NpZ251cHNpZ25pbjEiLCJhdF9oYXNoIjoiSkdSU1h0VDlPM1VueFVVVFhqWEdpZyJ9.QVxxwXV90P3GNgJSjTrFjomvJcBP5XiuCH57aIhLUtC7xQg3oxHYVelh_Ey6S6qpMLYxuZ5-nao4_3_ur28zKBr6BJCyiiQJgy7r2piJfHr2T9aOqOUaDJ53IeoLC7peGYNuLHMvzqOAA8N5KQpvq6qNolClYzvpQMF11KV8CbvrO4sfJYIKN--Y6B7iTsNP2UWnfcTDI2MJa7c2ikU8OFySYojLGyC4gQcjwGSlkxQk_-7_eZFloQZK1wjbZkhj3xdIGqM7W1HQ9431KtvQZQIwQAgyVDpCfUm1YUTjYNHJWJYu_GCzERBpPmYrRkJGg3pc0i2oBapTIV8N6-WoXA\",\"realm\":\"\"}"
123456-2520-4925-b0a1-188c0825af67-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-refreshtoken-12340d2-2407-41f8-aed6-efbfd984298e--: "{\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"credentialType\":\"RefreshToken\",\"environment\":\"tenant.b2clogin.com\",\"homeAccountId\":\"123456-2520-4925-b0a1-188c0825af67-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"secret\":\"123456WQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..hnj3KkXIJrcxBZB5.XF34NJSZ-q2bzW_2lgdlN6_4b3OK4sGq_BQbbjWvdeSw7gkx44cFvSV7fyuBxGSYTZmBeeC3_OC_z_5Ziubl1sx6khCZ80kGDgl62lyEGJeXWY0wdJanfaMsUT1S1ZPhDVXzHKvjdf7SEU1AXMHcgYhNHhRCAqiHKRRHn53GvmL0q76oc3rCw7ulIuMYqy2ye3hKDkCn3HPTyNt-smfGS4LJBDx4XE3pyajzPnDh-JbR7Fbuo0OaPfpmQg97IwULkoEjIAXlj3cqvjrFGh77Rc7BFhhiK610xpLho25559io7hrU-fgyMjUagBskf88fkdMRKfXu_gHV81zhph3W-vkGwQuqHp5ZNXfhCgwLaneJZuB4t1NHI9uK5-FZ0EjTomapeiZcUcC7pdsHTb2GGi-tsqFStoHMqRh1q3M32MKAioi7EoAQtBWCXsOoChvfag_LsOlvNE47taH4GJfvBKuHRNnuuFXK9WrL2a5oWHKW0OBik2kPN7sTyuPh1Xb-5jPNrae-1U5iZH0oPRWsNvAN_NmGqU-79OP-b7g7ptla1hqrq9N6AQCOkm2Cva5724a44QYUdsn4eDaQStw5LUMxpNW-1pGvMyJvr6IsM1Ugt7HvjIjOQDFsoV2MQfECqe_bfLIipH0eH8TFQDkiRz04ncUvk2MYjJnAtmBNduYiZQAVHeh4_f3e0J4Ed-U-GKm28QOl0YHkzvi50hd-3VduKTNjhLfvIdUcdD14gMj0hfQIWFHpUz8bpzbDrlmF6MB5YByPRSOjlHt2V98AVwDkfBC-0X0K.YFrSEyxcbqoAwWAy1VNe3g\"}"
789abc-6ea4-4627-be7b-9358596a9226-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-: "{\"authorityType\":\"MSSTS\",\"clientInfo\":\"1234567iOiIyOGIwNmQyNi02ZWE0LTQ2MjctYmU3Yi05MzU4NTk2YTkyMjYtYjJjXzFfc2lnbnVwc2lnbmluMSIsInV0aWQiOiJkYzNmNmZjMi0zOWU5LTQ2MWMtYTE0Yi04ZDJmOGE0YmM1ZmQifQ\",\"homeAccountId\":\"789abc-6ea4-4627-be7b-9358596a9226-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"environment\":\"tenant.b2clogin.com\",\"realm\":\"\",\"idTokenClaims\":{\"exp\":1633758105,\"nbf\":1633754505,\"ver\":\"1.0\",\"iss\":\"https://tenant.b2clogin.com/12345bc-39e9-461c-a14b-8d2f8a4bc5fd/v2.0/\",\"sub\":\"789abc-6ea4-4627-be7b-9358596a9226\",\"aud\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"nonce\":\"cd387040-713d-40bd-8992-aca5eaea4aaa\",\"iat\":1633754505,\"auth_time\":1633754505,\"given_name\":\"Richard\",\"family_name\":\"Willis\",\"idp\":\"google.com\",\"oid\":\"789abc-6ea4-4627-be7b-9358596a9226\",\"emails\":[\"richard.willis@chevinfleet.com\"],\"tfp\":\"B2C_1_signupsignin1\",\"at_hash\":\"us8wgWwK-KdBCBnYbVBP3Q\"},\"localAccountId\":\"789abc-6ea4-4627-be7b-9358596a9226\",\"username\":\"richard.willis@chevinfleet.com\"}"
789abc-6ea4-4627-be7b-9358596a9226-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-accesstoken-12340d2-2407-41f8-aed6-efbfd984298e--https://tenant.onmicrosoft.com/123456-e3a4-4656-a851-1c464347065f/access_as_user: "{\"homeAccountId\":\"789abc-6ea4-4627-be7b-9358596a9226-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"credentialType\":\"AccessToken\",\"secret\":\"123456iOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL25leHRnZW5mbGVldHdhdmUuYjJjbG9naW4uY29tL2RjM2Y2ZmMyLTM5ZTktNDYxYy1hMTRiLThkMmY4YTRiYzVmZC92Mi4wLyIsImV4cCI6MTYzMzc1ODEwNSwibmJmIjoxNjMzNzU0NTA1LCJhdWQiOiJhZjUwZTM5NS1lM2E0LTQ2NTYtYTg1MS0xYzQ2NDM0NzA2NWYiLCJnaXZlbl9uYW1lIjoiUmljaGFyZCIsImZhbWlseV9uYW1lIjoiV2lsbGlzIiwiaWRwIjoiZ29vZ2xlLmNvbSIsIm9pZCI6IjI4YjA2ZDI2LTZlYTQtNDYyNy1iZTdiLTkzNTg1OTZhOTIyNiIsInN1YiI6IjI4YjA2ZDI2LTZlYTQtNDYyNy1iZTdiLTkzNTg1OTZhOTIyNiIsImVtYWlscyI6WyJyaWNoYXJkLndpbGxpc0BjaGV2aW5mbGVldC5jb20iXSwidGZwIjoiQjJDXzFfc2lnbnVwc2lnbmluMSIsIm5vbmNlIjoiY2QzODcwNDAtNzEzZC00MGJkLTg5OTItYWNhNWVhZWE0YWFhIiwic2NwIjoiYWNjZXNzX2FzX3VzZXIiLCJhenAiOiJhMzhiZTBkMi0yNDA3LTQxZjgtYWVkNi1lZmJmZDk4NDI5OGUiLCJ2ZXIiOiIxLjAiLCJpYXQiOjE2MzM3NTQ1MDV9.VVU2FoRTYwqEcGdIn2lhy-G1K4NKOShINKCQPjO4L22te680DFCJI9DT2JVoLQ5vpjkrfg-aCmprVaigEGqpj37XvEzj6zEyZ4RRM8hRiWH61lpmyv7xpD88PBl61fYaSgKqo8-DlrqoFLSDBCXS-iD09Zk9bIniE5CcxeYBV7rw2A2H7IHB5yILDIjP8DB4UYDolpMcQHLH3A12AsGAu6hRGoIh1gltZDNMq_ZuyueU_U4IXM2YPKdqUgnPpVEvakjWP1FTXLckqycl7D7u-sUwZ9zcBn-CCbjV9R3AtG89_Fr27K_drgE99PEalqj2N_Y3IEg0BKrSy1gVuT27hQ\",\"cachedAt\":\"1633754506\",\"expiresOn\":\"1633758106\",\"extendedExpiresOn\":\"1633758106\",\"environment\":\"tenant.b2clogin.com\",\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"realm\":\"\",\"target\":\"https://tenant.onmicrosoft.com/123456-e3a4-4656-a851-1c464347065f/access_as_user\",\"tokenType\":\"Bearer\"}"
789abc-6ea4-4627-be7b-9358596a9226-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-idtoken-12340d2-2407-41f8-aed6-efbfd984298e--: "{\"credentialType\":\"IdToken\",\"homeAccountId\":\"789abc-6ea4-4627-be7b-9358596a9226-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"environment\":\"tenant.b2clogin.com\",\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"secret\":\"123456iOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzM3NTgxMDUsIm5iZiI6MTYzMzc1NDUwNSwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9uZXh0Z2VuZmxlZXR3YXZlLmIyY2xvZ2luLmNvbS9kYzNmNmZjMi0zOWU5LTQ2MWMtYTE0Yi04ZDJmOGE0YmM1ZmQvdjIuMC8iLCJzdWIiOiIyOGIwNmQyNi02ZWE0LTQ2MjctYmU3Yi05MzU4NTk2YTkyMjYiLCJhdWQiOiJhMzhiZTBkMi0yNDA3LTQxZjgtYWVkNi1lZmJmZDk4NDI5OGUiLCJub25jZSI6ImNkMzg3MDQwLTcxM2QtNDBiZC04OTkyLWFjYTVlYWVhNGFhYSIsImlhdCI6MTYzMzc1NDUwNSwiYXV0aF90aW1lIjoxNjMzNzU0NTA1LCJnaXZlbl9uYW1lIjoiUmljaGFyZCIsImZhbWlseV9uYW1lIjoiV2lsbGlzIiwiaWRwIjoiZ29vZ2xlLmNvbSIsIm9pZCI6IjI4YjA2ZDI2LTZlYTQtNDYyNy1iZTdiLTkzNTg1OTZhOTIyNiIsImVtYWlscyI6WyJyaWNoYXJkLndpbGxpc0BjaGV2aW5mbGVldC5jb20iXSwidGZwIjoiQjJDXzFfc2lnbnVwc2lnbmluMSIsImF0X2hhc2giOiJ1czh3Z1d3Sy1LZEJDQm5ZYlZCUDNRIn0.h2XDKpTRV5_VA5MDYbu4QCoTfdxKSjTq-WdSMd1ArG1-I03sz40GxtT9tNe46HpyYcUgzjXg2CsehUIfELKJhhWWNhmsk_yo2YeT5mR8Iv_HoKMSVOLzVo_2r6CAUoZ78Ph60ZoYs81ShceHEC7X6CsESMx7DmyOARjeJ7BGl7-yajM_Lf0vVUgJGDrrk6XmaFO5fr55xaMRShWocwHZ9h5vU1KwXTGg0Ay5XUtW48KT8QfsViYVG0LgTz4aJrbqz0fuWmCldballGzdi08NYf3EhdbQtv3nVTIifmhBthMIoYpmpgfMl9n22kihWWeD4ajT3BlbC8ifYeKR8P_DHw\",\"realm\":\"\"}"
789abc-6ea4-4627-be7b-9358596a9226-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-refreshtoken-12340d2-2407-41f8-aed6-efbfd984298e--: "{\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"credentialType\":\"RefreshToken\",\"environment\":\"tenant.b2clogin.com\",\"homeAccountId\":\"789abc-6ea4-4627-be7b-9358596a9226-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"secret\":\"123456WQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..sS5B_piJVrcM9s2y.O49ZP5jlMkEh3cuQWVx2ZTW4196-JdjMB4eWUDrqVQKna6GaiOSEPmS0pXQs7O9aD_IKvxBybSawlUP7pNAq6A11ZdY312q23QGw7Kd9O1skbHxjqaeRa7Iqcw5dXcjAPKeZLfgxscMKY89WKg4nGaYaeD8kch627YR6ZRdGvSHcKWsD11Tt3tDU0BWfL6gWvMZIMRVTR58TH3I7U97a7qNsirkFd3LPY5GjYvcgH1-0ryjMmKIry2ejk2s8SVMZK-Dc98kFJIproF9hbV_6bNPuYypMvz0FsB2Y-mhThpoCkqK5UpBfFvnrqbuX1HDzsTa29elDHlOIZRfnQp53L2qWVMxvl1HA_etvToubZO4BX6zX5QO138KyRYb4J1IZqVBFceAAs3lIJUCP_K2GMylIgpdpsCD7nciecmpeuxMKHEN4vrWSVZSdVs_Kc7Cek6D1qK5bYk7-E1nwIdw5RJtRAphuk4sTeT48rem5yZ_ZD1fFVVz-UXnI0KMKcpP6a_qtMGnB63QNovHD4vbIjKqvTt0NyzIcF4xUiGj-lDbXw8aoQLa8M7JKSwBMEAas_9zI4FgBLo3J__oGpVDkaMn6-xnex4Bphi0fpzlHl8srXBCWQFzGoKFzAiCiGbe-VgMi1LikbWOH2-stTf6JCUIsGMTFZ0QbQYC_KG6E5KdgbciycWacip2iVqhhsor27jpluTANASXdKb7o3o9rtfuW_XkbzudzuIKxtxJJKnCwwpvIqM41POCM2rXVrXmLWXrTHGd8ud1UByXzJ5Y-xS5O5gNN6TBPvXTl.T0Rn1LlMm-lhM0pDGJzf6Q\"}"
defghi-102c-4844-beb1-557f6f743e68-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-: "{\"authorityType\":\"MSSTS\",\"clientInfo\":\"1234567iOiJiYTI3NWRmMC0xMDJjLTQ4NDQtYmViMS01NTdmNmY3NDNlNjgtYjJjXzFfc2lnbnVwc2lnbmluMSIsInV0aWQiOiJkYzNmNmZjMi0zOWU5LTQ2MWMtYTE0Yi04ZDJmOGE0YmM1ZmQifQ\",\"homeAccountId\":\"defghi-102c-4844-beb1-557f6f743e68-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"environment\":\"tenant.b2clogin.com\",\"realm\":\"\",\"idTokenClaims\":{\"exp\":1633615370,\"nbf\":1633611770,\"ver\":\"1.0\",\"iss\":\"https://tenant.b2clogin.com/12345bc-39e9-461c-a14b-8d2f8a4bc5fd/v2.0/\",\"sub\":\"defghi-102c-4844-beb1-557f6f743e68\",\"aud\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"nonce\":\"8bb1e56e-c1d4-42ea-af0f-e671bd69fa33\",\"iat\":1633611770,\"auth_time\":1633611770,\"given_name\":\"Richard\",\"family_name\":\"Willis\",\"idp\":\"google.com\",\"oid\":\"defghi-102c-4844-beb1-557f6f743e68\",\"emails\":[\"email@example.com\"],\"tfp\":\"B2C_1_signupsignin1\",\"at_hash\":\"tkwEJHcXCNOciH_iDMlFeQ\"},\"localAccountId\":\"defghi-102c-4844-beb1-557f6f743e68\",\"username\":\"email@example.com\"}"
defghi-102c-4844-beb1-557f6f743e68-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-accesstoken-12340d2-2407-41f8-aed6-efbfd984298e--https://tenant.onmicrosoft.com/123456-e3a4-4656-a851-1c464347065f/access_as_user: "{\"homeAccountId\":\"defghi-102c-4844-beb1-557f6f743e68-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"credentialType\":\"AccessToken\",\"secret\":\"123456iOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL25leHRnZW5mbGVldHdhdmUuYjJjbG9naW4uY29tL2RjM2Y2ZmMyLTM5ZTktNDYxYy1hMTRiLThkMmY4YTRiYzVmZC92Mi4wLyIsImV4cCI6MTYzMzYxNTM3MCwibmJmIjoxNjMzNjExNzcwLCJhdWQiOiJhZjUwZTM5NS1lM2E0LTQ2NTYtYTg1MS0xYzQ2NDM0NzA2NWYiLCJnaXZlbl9uYW1lIjoiUmljaGFyZCIsImZhbWlseV9uYW1lIjoiV2lsbGlzIiwiaWRwIjoiZ29vZ2xlLmNvbSIsIm9pZCI6ImJhMjc1ZGYwLTEwMmMtNDg0NC1iZWIxLTU1N2Y2Zjc0M2U2OCIsInN1YiI6ImJhMjc1ZGYwLTEwMmMtNDg0NC1iZWIxLTU1N2Y2Zjc0M2U2OCIsImVtYWlscyI6WyJ3aWxsaXMucmhAZ21haWwuY29tIl0sInRmcCI6IkIyQ18xX3NpZ251cHNpZ25pbjEiLCJub25jZSI6IjhiYjFlNTZlLWMxZDQtNDJlYS1hZjBmLWU2NzFiZDY5ZmEzMyIsInNjcCI6ImFjY2Vzc19hc191c2VyIiwiYXpwIjoiYTM4YmUwZDItMjQwNy00MWY4LWFlZDYtZWZiZmQ5ODQyOThlIiwidmVyIjoiMS4wIiwiaWF0IjoxNjMzNjExNzcwfQ.EeCZuS81Z2YT7vyvJlgfS0c4_JC1AkzziX99d6nfNoi079LKPra_kYD_Sokh3K_gToXg3HhTkxJzWC2yU0NUtyDjkAarP1lxn9BsckaVKpWs52-eUDPBhHvg43K57U7ENLri-VGITdH52THrP9ROeUSlIF4A-dkwnK8-0xGnY4IF2jfAbkWztnfE-CyKGUcmM9azDJKtq4-htrxlliOYFo26UJKKxR2YxSWRStOTn0cT-CzBd3mJ96GgK9-RHqcqFoou37aVKOA1hCOxW3Exxh9dy9mVCrkwXB_WlAUmgGlyYYdEiiT7cZsgQ2Kce870nOlRuD74a-hyywNQrnYauw\",\"cachedAt\":\"1633611771\",\"expiresOn\":\"1633615370\",\"extendedExpiresOn\":\"1633615370\",\"environment\":\"tenant.b2clogin.com\",\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"realm\":\"\",\"target\":\"https://tenant.onmicrosoft.com/123456-e3a4-4656-a851-1c464347065f/access_as_user\",\"tokenType\":\"Bearer\"}"
defghi-102c-4844-beb1-557f6f743e68-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-idtoken-12340d2-2407-41f8-aed6-efbfd984298e--: "{\"credentialType\":\"IdToken\",\"homeAccountId\":\"defghi-102c-4844-beb1-557f6f743e68-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"environment\":\"tenant.b2clogin.com\",\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"secret\":\"123456iOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzM2MTUzNzAsIm5iZiI6MTYzMzYxMTc3MCwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9uZXh0Z2VuZmxlZXR3YXZlLmIyY2xvZ2luLmNvbS9kYzNmNmZjMi0zOWU5LTQ2MWMtYTE0Yi04ZDJmOGE0YmM1ZmQvdjIuMC8iLCJzdWIiOiJiYTI3NWRmMC0xMDJjLTQ4NDQtYmViMS01NTdmNmY3NDNlNjgiLCJhdWQiOiJhMzhiZTBkMi0yNDA3LTQxZjgtYWVkNi1lZmJmZDk4NDI5OGUiLCJub25jZSI6IjhiYjFlNTZlLWMxZDQtNDJlYS1hZjBmLWU2NzFiZDY5ZmEzMyIsImlhdCI6MTYzMzYxMTc3MCwiYXV0aF90aW1lIjoxNjMzNjExNzcwLCJnaXZlbl9uYW1lIjoiUmljaGFyZCIsImZhbWlseV9uYW1lIjoiV2lsbGlzIiwiaWRwIjoiZ29vZ2xlLmNvbSIsIm9pZCI6ImJhMjc1ZGYwLTEwMmMtNDg0NC1iZWIxLTU1N2Y2Zjc0M2U2OCIsImVtYWlscyI6WyJ3aWxsaXMucmhAZ21haWwuY29tIl0sInRmcCI6IkIyQ18xX3NpZ251cHNpZ25pbjEiLCJhdF9oYXNoIjoidGt3RUpIY1hDTk9jaUhfaURNbEZlUSJ9.GoFu57sHHWO-1Z11e4rQVceDhPjfWlxoriZFb2DK1GughUoMNYNWoOS3z44pL393Dk5rrPkA4HbcaOoS2_XN_tEhQAkA7BRpvdyn3sp7dTAu3G1wzteM7CCbXVWGBTY3aAkT_HtD3sMGf2Iui12UWLs0xFOsmtbV7QK4pNexEiyUdmn_oUHzqfaSpG2dQyT-MTiRAAVLjrle4cygPRr4AI0fEJs_GRtVwyctPOKE9A1tnShbwspuY8O_CiR78vnDQxiXQuQrIZ_KRS0deFXhwA3aaZe0Mm_LY5nD2UzXZF0MId4dpW70vKHc21jLl-EqyTDX1NUFdwrB1m1c-grX8g\",\"realm\":\"\"}"
defghi-102c-4844-beb1-557f6f743e68-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-refreshtoken-12340d2-2407-41f8-aed6-efbfd984298e--: "{\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"credentialType\":\"RefreshToken\",\"environment\":\"tenant.b2clogin.com\",\"homeAccountId\":\"defghi-102c-4844-beb1-557f6f743e68-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"secret\":\"123456WQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..3MQGt_12Q7BOhVhQ.pLdfZaq781jVjKr-_NGj1OAMk7DHS4sRf18K4ldvUvWznl2hZiMp0SwUn3VNY6CDacFcm4s0QQrpjTgSYu5NPq3GJTW0QZjwcrq9v57U6Vgf8wehwOK7ZG6uMM_-dTeeXsQrU2STYALp_d1t-uWdT8jz4_MwK1En3Kg1av-YEy4Cr1OxrgrC3XnR7kT8qKB5Wu-gEwYi491-1fkVKeKnQA5LDybBGSp_-20wUhNuabCgpdKz49H5-nADai_AOD98JvIct9VhklvGXsx8kIZmcDR37WQ-WjhbgyKSN9LxiXu7XGjOYNN5M-Apwf424fw-JGcRbUDS0IU7Wm6b1MOINmADYjl8EsMmb2_CY47O_yeVjkWTS_dllnveFy3SW4stbxftFj9W8rAPE-XsuJDiifkitxPW2BlXTZDEjuv9Z_n3Iajwj0vOPqcd4OOzgG-UtbqvaeuVbW9_yxc_r9y5Yys-nhVwChFFcL0WtMBDilb5qoEnJHn7lr7IsSH2riM2ESk6aPtYZFV5YAnc_ENBdbirAzmfcQzRiQvukZHt2RLZRTXTSaJr7pMI3LTeD7MSFcCkQSu2y2XBRKmoE39T0SUfzeDvP9IWy_4u_sWOHh741MgdAQP90YvcQ3-OqLWG8AYM2CwkVUwtToHeAzARNOCV8rNPGiV_sPlAMrehNx5J9-3b8Zrslvx30AZbpV4wuq1j1PDYpLb4oivlKEn9Eea9UfaV4-KBqInkuIJlsKmLkpXCBME79MiXhpeT_nqiINqsEdwKTqy3bdZ9Z-dsFWV2xDwEEcRPm3ck.wyCazjOse4cQ0TY7sZKiAA\"}"
jklmno-2a44-4c8d-b2e2-511476d2b400-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-: "{\"authorityType\":\"MSSTS\",\"clientInfo\":\"1234567iOiJjNDQ0N2FkMS0yYTQ0LTRjOGQtYjJlMi01MTE0NzZkMmI0MDAtYjJjXzFfc2lnbnVwc2lnbmluMSIsInV0aWQiOiJkYzNmNmZjMi0zOWU5LTQ2MWMtYTE0Yi04ZDJmOGE0YmM1ZmQifQ\",\"homeAccountId\":\"jklmno-2a44-4c8d-b2e2-511476d2b400-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"environment\":\"tenant.b2clogin.com\",\"realm\":\"\",\"idTokenClaims\":{\"exp\":1633509116,\"nbf\":1633505516,\"ver\":\"1.0\",\"iss\":\"https://tenant.b2clogin.com/12345bc-39e9-461c-a14b-8d2f8a4bc5fd/v2.0/\",\"sub\":\"jklmno-2a44-4c8d-b2e2-511476d2b400\",\"aud\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"nonce\":\"2c6c5b42-1cc3-461a-be68-ba64a73e678d\",\"iat\":1633505516,\"auth_time\":1633505515,\"given_name\":\"Richard\",\"family_name\":\"Willis\",\"idp\":\"google.com\",\"oid\":\"jklmno-2a44-4c8d-b2e2-511476d2b400\",\"emails\":[\"email@example.com\"],\"tfp\":\"B2C_1_signupsignin1\",\"at_hash\":\"Yh_3PtXDOUBXNgA9DQDE3A\"},\"localAccountId\":\"jklmno-2a44-4c8d-b2e2-511476d2b400\",\"username\":\"email@example.com\"}"
jklmno-2a44-4c8d-b2e2-511476d2b400-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-accesstoken-12340d2-2407-41f8-aed6-efbfd984298e--https://tenant.onmicrosoft.com/123456-e3a4-4656-a851-1c464347065f/access_as_user: "{\"homeAccountId\":\"jklmno-2a44-4c8d-b2e2-511476d2b400-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"credentialType\":\"AccessToken\",\"secret\":\"123456iOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJpc3MiOiJodHRwczovL25leHRnZW5mbGVldHdhdmUuYjJjbG9naW4uY29tL2RjM2Y2ZmMyLTM5ZTktNDYxYy1hMTRiLThkMmY4YTRiYzVmZC92Mi4wLyIsImV4cCI6MTYzMzUwOTExNiwibmJmIjoxNjMzNTA1NTE2LCJhdWQiOiJhZjUwZTM5NS1lM2E0LTQ2NTYtYTg1MS0xYzQ2NDM0NzA2NWYiLCJnaXZlbl9uYW1lIjoiUmljaGFyZCIsImZhbWlseV9uYW1lIjoiV2lsbGlzIiwiaWRwIjoiZ29vZ2xlLmNvbSIsIm9pZCI6ImM0NDQ3YWQxLTJhNDQtNGM4ZC1iMmUyLTUxMTQ3NmQyYjQwMCIsInN1YiI6ImM0NDQ3YWQxLTJhNDQtNGM4ZC1iMmUyLTUxMTQ3NmQyYjQwMCIsImVtYWlscyI6WyJ3aWxsaXMucmhAZ21haWwuY29tIl0sInRmcCI6IkIyQ18xX3NpZ251cHNpZ25pbjEiLCJub25jZSI6IjJjNmM1YjQyLTFjYzMtNDYxYS1iZTY4LWJhNjRhNzNlNjc4ZCIsInNjcCI6ImFjY2Vzc19hc191c2VyIiwiYXpwIjoiYTM4YmUwZDItMjQwNy00MWY4LWFlZDYtZWZiZmQ5ODQyOThlIiwidmVyIjoiMS4wIiwiaWF0IjoxNjMzNTA1NTE2fQ.DXL52Q6zZBoD91VsTR8BzCN9kNxi5l7s3txd2qTcoUmrE5OyJOFszSMs3g4QtrZIE_EXV_gNIoslusNhE2yBzArMosEmC9PrqjR6Q5MAfE0eAPD1xKsYCrlKQCZuBnSTdGT9EklCT7fb2AKO-ytMKzHnD_cIps0QuTEuIh0xRFtdCjhRr1_RZH6HQqlwywfUxiND-j-We_u3rFrqZ6bYqr0xost7CowhOLRlTwaxn-jq8EYiw7-lXRMTOIslkZXjQXkWrvIQRm3tXlA7WUETMxKmVQRuqbB_qdWjYorV80FKi2RNTiPJ73qHp8GqpdC0konNF6UdnhAvPoNVmOZGfQ\",\"cachedAt\":\"1633505516\",\"expiresOn\":\"1633509116\",\"extendedExpiresOn\":\"1633509116\",\"environment\":\"tenant.b2clogin.com\",\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"realm\":\"\",\"target\":\"https://tenant.onmicrosoft.com/123456-e3a4-4656-a851-1c464347065f/access_as_user\",\"tokenType\":\"Bearer\"}"
jklmno-2a44-4c8d-b2e2-511476d2b400-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-idtoken-12340d2-2407-41f8-aed6-efbfd984298e--: "{\"credentialType\":\"IdToken\",\"homeAccountId\":\"jklmno-2a44-4c8d-b2e2-511476d2b400-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"environment\":\"tenant.b2clogin.com\",\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"secret\":\"123456iOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Ilg1ZVhrNHh5b2pORnVtMWtsMll0djhkbE5QNC1jNTdkTzZRR1RWQndhTmsifQ.eyJleHAiOjE2MzM1MDkxMTYsIm5iZiI6MTYzMzUwNTUxNiwidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9uZXh0Z2VuZmxlZXR3YXZlLmIyY2xvZ2luLmNvbS9kYzNmNmZjMi0zOWU5LTQ2MWMtYTE0Yi04ZDJmOGE0YmM1ZmQvdjIuMC8iLCJzdWIiOiJjNDQ0N2FkMS0yYTQ0LTRjOGQtYjJlMi01MTE0NzZkMmI0MDAiLCJhdWQiOiJhMzhiZTBkMi0yNDA3LTQxZjgtYWVkNi1lZmJmZDk4NDI5OGUiLCJub25jZSI6IjJjNmM1YjQyLTFjYzMtNDYxYS1iZTY4LWJhNjRhNzNlNjc4ZCIsImlhdCI6MTYzMzUwNTUxNiwiYXV0aF90aW1lIjoxNjMzNTA1NTE1LCJnaXZlbl9uYW1lIjoiUmljaGFyZCIsImZhbWlseV9uYW1lIjoiV2lsbGlzIiwiaWRwIjoiZ29vZ2xlLmNvbSIsIm9pZCI6ImM0NDQ3YWQxLTJhNDQtNGM4ZC1iMmUyLTUxMTQ3NmQyYjQwMCIsImVtYWlscyI6WyJ3aWxsaXMucmhAZ21haWwuY29tIl0sInRmcCI6IkIyQ18xX3NpZ251cHNpZ25pbjEiLCJhdF9oYXNoIjoiWWhfM1B0WERPVUJYTmdBOURRREUzQSJ9.L_OEX34Gns-VIFJDPyu0ERnMTxb3RKtR4EfanyiA7awqiiZuv-CGMo-hzYePpu_UzXNUfGHic9BP8xLAyKqY_xW_SAiYkcP_wS0NUAO5dqL0p3S9ToTUo5l8u9DfNZmKb5g3fl-EfOPcsZmSrX_Gae3gcb_sR1G8RMvNZjTOS-Q3XZmcRHBpWlzJEfvFllEwYU1BKm3WTAJJL5J0QD43okVKNZKzeaGo02WRSp86Md5qp5p6ErCMty-qjNv00innEi4hz3xJ_lLPySXGTQeIPIbVp-xObBN1fpEupOY4HeAolM2UvCIEzXNClJN_w8voXWhtpkZLxe86GpTQhT5yrA\",\"realm\":\"\"}"
jklmno-2a44-4c8d-b2e2-511476d2b400-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd-tenant.b2clogin.com-refreshtoken-12340d2-2407-41f8-aed6-efbfd984298e--: "{\"clientId\":\"12340d2-2407-41f8-aed6-efbfd984298e\",\"credentialType\":\"RefreshToken\",\"environment\":\"tenant.b2clogin.com\",\"homeAccountId\":\"jklmno-2a44-4c8d-b2e2-511476d2b400-b2c_1_signupsignin1.12345bc-39e9-461c-a14b-8d2f8a4bc5fd\",\"secret\":\"123456WQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..DWuRbMcM9-nTNdPZ.lcxgcQQFxrG1RCxpmq5p_Rq0ZnztvaOGgnq1gBcbdWtBmW2xb-_ZJ8HVRo-7xtlxjOtvGfomd6rU8YVGC6uD1SB9FNAIszBdj5_3dH6vYTtkAsQCDwR8a4amxkY84LRC1hoJ_HcHdaZuV_lC7JWXvSAeQ0SyVhCZpzDwD-mWOWUXU_C5Ilxzbif8eHZVSizoNQVeHdL0kxl-SXGoHfwcMO1MvZiMUzmspeH84E5b9RlqtzcJ1VeXGgrUJEz3jQsunBYXzanzdKdTn5p2REurP1cAfuk0_7BYnQlK4xSUGyaOQTx-smXJHD2_ZVQC_ob0zD3bTTCcm7MHk8UqJXlGkuHbTehrENFMnGgjyoPA0KHOAo_t3R1nR5BeGZGe9-2XaiUgyFUN19t_7DlyyU3y8BlJXYbLRZEc-SRwESbZHE7fh1iXS7lS5zSsilHLFBxb3eEFD3GbPW6w5sEB28M7aETrD-bYR024OOvHdZ8eTR2otEAoQWrV_8wHYlKkAhGSBBZGUoYLV91RINW3Pq851bMmpayMex-QRVtqMmMIF7OK2rdl9hHSclBplSyMa7YUH6AwRpKM7PLbxq92SO-OmgfgWEPBnXVbvGc6wl2rWWdyAlyerjRlWVX8v1JfJn6p4yPuXOqmdtEri1_LTnh7xgsWrnewmMGliQLwF8O-oxyZeFLtz_5IKcTj1BeVZP3y5hX1-J1ij7tmu_auX7-6qmiOGCsHaJe0o9yvuZo48alvsjnobck0TVlutPB3_dScZ1qnukfi9acU2DEkBXO51fhEJKGWyi8m.BRcbraavpq1clTqlflBOWQ\"}"

This is the error from the failing token requests:

To fix this I logged out and logged back in. I then looked at my localStorage and there is now only one user account in there.

I've tried to replicate by logging in with a different user but my localStorage always ends up containing details for one user account, so I don't know how to replicate this.

If you can share what your component tree looks like above your App

I have index.tsx:

ReactDOM.render(<App />, document.getElementById('root'));

And this is my App:

const prefetchDomains = [
  `https://${config.AUTH.AUTHORITY_DOMAIN}`,
  config.API.REST_URL,
];

export const App: React.FC = () => {
  console.log(
    'RENDER COMPONENT THAT RENDERS <MsalProvider instance={authClient} />'
  );
  return (
    <React.StrictMode>
      <MsalProvider instance={authClient}>
        <StoreProvider store={store}>
          <ThemeProvider>
            <HelmetProvider>
              <Helmet>
                {prefetchDomains.map((domain) => (
                  <link rel="dns-prefetch" href={domain} key={domain} />
                ))}
              </Helmet>
              <ApiClientProvider client={apiClient}>
                <QueryClientProvider client={queryClient}>
                  <AppProgress />
                  <ErrorBoundary>
                    <AuthEvents />
                    <AppBootstrap>
                      <Routes />
                    </AppBootstrap>
                  </ErrorBoundary>
                </QueryClientProvider>
              </ApiClientProvider>
            </HelmetProvider>
          </ThemeProvider>
        </StoreProvider>
      </MsalProvider>
    </React.StrictMode>
  );
};

or, better yet, a link to a minimal reproduction I can help you narrow down what might be causing this.

I will attempt to build a mini app to replicate.

[tnorling]

@badsyntax Does your app use more than one B2C user flow? i.e. SignIn and EditProfile? Each policy your app uses will have a separate set of account, refresh token, id token and access tokens and if you try to pass the account object from policy A while trying to acquire a token for policy B you may get the 400 error you shared above.

[badsyntax]

@tnorling at the moment it's just using SignUpSignIn flow. The same B2C tenant is shared between different app versions (eg local, dev, test, prod etc).

For the meantime I've added a hack to restore the localStorage state and this fixes things for my users:

const b2cLocalStorageKeyRegExp =
  /^([a-z0-9]+-[a-z0-9]+-[a-z0-9]+-[a-z0-9]+-[a-z0-9]+)-b2c.*/;

const b2cLocalStorageAccountKeys: string[] = [];

// #2417
function fixB2CLoginBug() {
  let b2cAccountKey = '';
  let hasBug = false;
  for (const key in window.localStorage) {
    if (!b2cLocalStorageKeyRegExp.test(key)) {
      continue;
    }
    b2cLocalStorageAccountKeys.push(key);
    const id = key.replace(b2cLocalStorageKeyRegExp, '$1');
    if (!!b2cAccountKey && b2cAccountKey !== id) {
      hasBug = true;
    } else {
      b2cAccountKey = id;
    }
  }
  if (hasBug) {
    b2cLocalStorageAccountKeys.forEach((key) => {
      window.localStorage.removeItem(key);
    });
  }
  return hasBug;
}

The hack basically determines if you have more than 1 b2c account in localStorage, and if so, deletes all user accounts from localStorage. I then call authClient.logoutRedirect (PublicClientApplication).

[tnorling]

@badsyntax Could you please email me (email on my profile) the network trace and the contents of localstorage when you get into this bad state? I'd like to better understand the multiple account issue and what the difference is between the "accounts" that causes them to populate more than once. We definitely don't want you to have to write and maintain logic like this to make your app work.

[ghost]

@badsyntax This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.

[badsyntax]

I've been communicating with @tnorling over email. Currently still not fixed. I'm meant to contact Azure B2C support but this is currently not possible for me as I don't have the correct Visual Studio subscription to open a support ticket. So this issue will stagnate until someone else experiences the same AND can contact Azure B2C support. There's not much more I can do other than rely on the hack.

[tnorling]

@badsyntax I'm still waiting for a fiddler trace from you. I can follow up with B2C internally but I need something to show them.

[badsyntax]

@tnorling more than happy to provide more info. i have no idea what a fiddler trace is though. do you have any reference documentation on how to generate this trace? i will give it a bash but this is completely new to me, never used fiddler before.

[badsyntax]

@tnorling i've had a play with fiddler and it looks fairly straightforward. i will remove the hack to attempt to replicate, at which point i'll record a fiddler trace. it might take a little while to replicate the issue again.

[ghost]

@badsyntax This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.