Cache miss - Githubissues

AzureAD / microsoft-authentication-library-for-js

Microsoft Authentication Library (MSAL) for JS

http://aka.ms/aadv2

MIT License

3.63k stars 2.64k forks source link

Cache miss #6931

Open vkt-kmd opened 7 months ago

vkt-kmd commented 7 months ago

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.0.9

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

3.6.0

Public or Confidential Client?

Public

Description

Method getTenantFromAuthorityString (used to read cache) returns different value than Authority.tenant (used to store cache) results in missing cache. Those methods are used when token doesn't have tif or tfp or acr claims.

Error Message

No response

MSAL Logs

No response

MSAL Configuration

{ not relevant }

Relevant Code Snippets

not relevant

Reproduction Steps

Token without tif, tfp, acr claims

Expected Behavior

Cache is hit when using fallback.

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome, Edge

Regression

No response

Source

External (Customer)

akyllus commented 7 months ago

To fix this issue, you can either downgrade your MSAL.js library to version 3.0.9 or update your code to handle the new Authority.tenant property. Here's an example of how you can update your code to handle the new property:

import { PublicClientApplication, Configuration } from '@azure/msal-browser';

const msalConfig: Configuration = { auth: { clientId: 'your-client-id', authority: 'https://your-authority-url', knownAuthorities: ['your-authority-url'], redirectUri: 'your-redirect-uri', }, cache: { cacheLocation: 'localStorage', storeAuthStateInCookie: false, }, };

const msalInstance = new PublicClientApplication(msalConfig);

// Check if the authority URL has a tenant ID if (msalConfig.auth.authority.includes('your-tenant-id')) { // Use the tenant ID from the authority URL const tenantId = msalConfig.auth.authority.split('/')[3]; } else { // Use the tenant ID from the Authority.tenant property const tenantId = msalConfig.auth.authority.tenant; }

By checking if the authority URL contains a tenant ID, you can use the appropriate tenant ID for your cache. This will ensure that your cache is hit when using the fallback method.

vkt-kmd commented 6 months ago

I am not sure what should we do with that tenantid. Cache is handled by library itself.

Also version 3.0.9 of @azure/msal-browser doesn't exists

PetrasJaug commented 5 months ago

I tested overwriting Authority.tenant the [0] with .at(-1):

    public get tenant(): string {
        return this.canonicalAuthorityUrlComponents.PathSegments.at(-1)!;
    }

Works for me, however, I am not sure if there could be consequences.

seawave23 commented 5 months ago

Any updates on this?

sameerag commented 4 months ago

Thanks for raising this, looks like a potential bug on our end. Marked to track internally. cc @hectormmg