>2MB Refresh Tokens

[nic-co]

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.21.0

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

1.2.0

Public or Confidential Client?

Public

Description

February 14th (6:30am to 5:00pm UTC), we began inconsistently receiving 2.5MB refresh tokens when performing authentication requests.

When the new token was cached, the size would cause the token to fail to store, resulting in subsequent requests failing.

Error Message

Downstream effect was this on our console logs:

["DOMException: Failed to execute 'setItem' on 'Storage': Setting the value of '{...}' exceeded the quota."]

Msal Logs

No response

MSAL Configuration

{
  auth: {
    clientId: "d2b1edae-f701-47a9-9cf4-87d46cbcd828",
    authority: "",
    knownAuthorities: ...,
    redirectUri: '/',
  },
  cache: {
    cacheLocation: 'sessionStorage',
    storeAuthStateInCookie: false,
  },
}

Relevant Code Snippets

N/A - Issue was caused by request's response.

Reproduction Steps

N/A - Bug occurred for a brief period and seems

Expected Behavior

Expected refresh tokens are ~1.5KB.

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome, Firefox

Regression

No response

Source

External (Customer)

[sameerag]

@nic-co Can you please share what is the backend service you are using? Is it B2C? The token sizes are not determined by MSAL JS but by the issuing service. I would like you to raise an issue on the service help desk than the client library.

[nic-co]

The back-end service is Azure AD B2C. Where would I find the issues for this service?

[sameerag]

Here are the instructions.