Closed hsalla923 closed 5 months ago
This is expected behavior as the Refresh Token has a 24 hour lifetime. The 400 is caught and handled by MSAL and fallback to a different method of getting a token. That will result in either a successful response or a different error thrown by the API, if an interaction_required error is thrown you will need to catch it and invoke an interactive API.
Please don't close this issue asap once you responded.
Can I know if there is a reference of implementation of " if an interaction_required error is thrown you will need to catch it and invoke an interactive API." as you mentioned please
Core Library
MSAL.js (@azure/msal-browser)
Core Library Version
2.4.1
Wrapper Library
MSAL Angular (@azure/msal-angular)
Wrapper Library Version
none
Public or Confidential Client?
Public, Confidential
Description
Core Library MSAL.js v2 (@azure/msal-browser)
Core Library Version 2.4.1
Wrapper Library Not Applicable
Wrapper Library Version None
Description When trying to renew the token with acquireTokenSilent getting 400 status for "/token" call.
Error Message {"error":"invalid_grant","error_description":"AADSTS700084: The refresh token was issued to a single page app (SPA), and therefore has a fixed, limited lifetime of 1.00:00:00, which cannot be extended. It is now expired and a new sign in request must be sent by the SPA to the sign in page. The token was issued on 2022-04-01T07:29:11.1319999+00:00.\r\nTrace ID: e0ce4356-03da-4b91-99f9-3c8efbad8b01\r\nCorrelation ID: dd0bd01d-ea85-4247-8233-cee2c9e56664\r\nTimestamp: 2022-04-08 11:53:29Z","error_codes":[700084],"timestamp":"2022-04-08 11:53:29Z","trace_id":"e0ce4356-03da-4b91-99f9-3c8efbad8b01","correlation_id":"dd0bd01d-ea85-4247-8233-cee2c9e56664","error_uri":"https://login.microsoftonline.com/error?code=700084","suberror":"bad_token"}
Msal Logs No response
Error Message
Error Message {"error":"invalid_grant","error_description":"AADSTS700084: The refresh token was issued to a single page app (SPA), and therefore has a fixed, limited lifetime of 1.00:00:00, which cannot be extended. It is now expired and a new sign in request must be sent by the SPA to the sign in page. The token was issued on 2022-04-01T07:29:11.1319999+00:00.\r\nTrace ID: e0ce4356-03da-4b91-99f9-3c8efbad8b01\r\nCorrelation ID: dd0bd01d-ea85-4247-8233-cee2c9e56664\r\nTimestamp: 2022-04-08 11:53:29Z","error_codes":[700084],"timestamp":"2022-04-08 11:53:29Z","trace_id":"e0ce4356-03da-4b91-99f9-3c8efbad8b01","correlation_id":"dd0bd01d-ea85-4247-8233-cee2c9e56664","error_uri":"https://login.microsoftonline.com/error?code=700084","suberror":"bad_token"}
MSAL Logs
No response
Network Trace (Preferrably Fiddler)
MSAL Configuration
Relevant Code Snippets
Reproduction Steps
Reproduction Steps Initialise Graph client API with config Have getToken method which returns triggers on every graph api request Make token expired by changing the expireoOn time. Request for graph api service Then the 'acquireTokenSilent' executes but return 400 .
Expected Behavior
Expected Behavior acquireTokenSilent should return new accessToken and refresh token
Identity Provider
Entra ID (formerly Azure AD) / MSA
Browsers Affected (Select all that apply)
Chrome
Regression
none
Source
Internal (Microsoft)