CacheManager, not managing custom scopes?

[EenPOOL]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

2.38.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.5.10

Public or Confidential Client?

Public

Description

Setup:

• ADFS 2019
• Website & Api - part is configured
• Login trigger: MsalGuard
• Using the default MsalInterceptor

We do receive an access_token which is then used in the Authorization header But the token is requested for each api call... => "@azure/msal-common@13.2.1 : Info - CacheManager:getIdToken - No token found"

Investigated the source code, in msal-common CacheManager.js (accessTokenKeyMatchesFilter function). The following is been checked: CacheManager.js > accessTokenKeyMatchesFilter Where the custom scope ("https://api-url.com/.default") should be included in the sessionStorage key, but only the "openid" scope has been cached? sessionStorage keys:

The function accessTokenKeyMatchesFilter, does not allow to check on openid apparently.

Which is OK to me, but what about the custom scopes?

Error Message

CacheManager:getAccessToken - No token found

MSAL Logs

 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for standardInteractionClientGetDiscoveredAuthority added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Creating discovered authority with configured authority app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityResolveEndpointsAsync is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateCloudDiscoveryMetadata is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Attempting to get cloud discovery metadata in the config app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host. app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Found cloud discovery metadata in the config. app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateEndpointMetadata is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.setAuthorityMetadata called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for standardInteractionClientGetDiscoveredAuthority: 8.200000047683716 ms app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Authentication Scheme set to "Bearer" as configured in Auth request app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for silentCacheClientAcquireToken app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for silentCacheClientAcquireToken added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - initializeServerTelemetryManager called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for standardInteractionClientGetClientConfiguration is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getClientConfiguration called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for standardInteractionClientGetDiscoveredAuthority is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getDiscoveredAuthority called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for standardInteractionClientGetDiscoveredAuthority app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for standardInteractionClientGetDiscoveredAuthority added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Creating discovered authority with configured authority app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityResolveEndpointsAsync is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateCloudDiscoveryMetadata is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Attempting to get cloud discovery metadata in the config app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host. app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Found cloud discovery metadata in the config. app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateEndpointMetadata is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.setAuthorityMetadata called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for standardInteractionClientGetDiscoveredAuthority: 5.799999952316284 ms app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Silent auth client created app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getTokenKeys called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAccount called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-common@13.2.1 : Trace - CacheManager - getIdToken called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getIdTokenCredential: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-common@13.2.1 : Info - CacheManager:getIdToken - Returning id token app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:50 GMT] : @azure/msal-common@13.2.1 : Trace - CacheManager - getAccessToken called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-common@13.2.1 : Info - CacheManager:getAccessToken - No token found app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-common@13.2.1 : Trace - CacheManager - getRefreshToken called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getRefreshTokenCredential: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:58 GMT] : @azure/msal-common@13.2.1 : Info - CacheManager:getRefreshToken - returning refresh token app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-common@13.2.1 : Info - SilentFlowClient:acquireCachedToken - No access token found in cache for the given properties. app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for silentCacheClientAcquireToken: 9180.900000095367 ms app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Info - Emitting event: msal:acquireTokenFromNetworkStart app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Verbose - Emitting event to callback 78543cf3-5e58-48b8-9ebc-18ce485a7635: msal:acquireTokenFromNetworkStart app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for acquireTokenByRefreshToken is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for silentRefreshClientAcquireToken is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for initializeBaseRequest is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Initializing BaseAuthRequest app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.getPreQueueTime: no pre-queue times found for correlationId: 565a1a29-4715-4b77-87e8-5db30739d21b, unable to add queue measurement app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getDiscoveredAuthority called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for standardInteractionClientGetDiscoveredAuthority app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for standardInteractionClientGetDiscoveredAuthority added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Creating discovered authority with configured authority app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityFactoryCreateDiscoveredInstance is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateCloudDiscoveryMetadata is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Attempting to get cloud discovery metadata in the config app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host. app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Found cloud discovery metadata in the config. app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityUpdateEndpointMetadata is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.setAuthorityMetadata called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for standardInteractionClientGetDiscoveredAuthority: 7.200000047683716 ms app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Authentication Scheme set to "Bearer" as configured in Auth request app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for silentRefreshClientAcquireToken app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for silentRefreshClientAcquireToken added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - initializeServerTelemetryManager called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for standardInteractionClientGetClientConfiguration is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getClientConfiguration called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - getDiscoveredAuthority called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for standardInteractionClientGetDiscoveredAuthority app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for standardInteractionClientGetDiscoveredAuthority added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Creating discovered authority with configured authority app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for authorityResolveEndpointsAsync is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Attempting to get cloud discovery metadata in the config app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - The host is included in knownAuthorities. Creating new cloud discovery metadata from the host. app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Found cloud discovery metadata in the config. app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.setAuthorityMetadata called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for standardInteractionClientGetDiscoveredAuthority: 5.1000001430511475 ms app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : msal.js.browser@2.38.1 : Verbose - Refresh token client created app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient.addQueueMeasurement: queue time provided for refreshTokenClientAcquireTokenWithCachedRefreshToken is 0 app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for refreshTokenClientAcquireTokenWithCachedRefreshToken app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for refreshTokenClientAcquireTokenWithCachedRefreshToken added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-common@13.2.1 : Verbose - RefreshTokenClientAcquireTokenWithCachedRefreshToken called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-common@13.2.1 : Trace - CacheManager - getRefreshToken called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getTokenKeys called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getRefreshTokenCredential: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-common@13.2.1 : Info - CacheManager:getRefreshToken - returning refresh token app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for refreshTokenClientAcquireTokenWithCachedRefreshToken: 5 ms app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for refreshTokenClientAcquireToken app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for refreshTokenClientAcquireToken added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-common@13.2.1 : Verbose - RefreshTokenClientAcquireToken called app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for refreshTokenClientExecuteTokenRequest app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for refreshTokenClientExecuteTokenRequest added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement started for baseClientCreateTokenRequestHeaders app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement for baseClientCreateTokenRequestHeaders added/updated app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getServerTelemetry: called, no cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for baseClientCreateTokenRequestHeaders: 1.2000000476837158 ms app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:05:59 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getThrottlingCache: called, no cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:06:01 GMT] : @azure/msal-browser@2.38.1 : Trace - BrowserCacheManager.getServerTelemetry: called, no cache hit app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:06:01 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Performance measurement ended for refreshTokenClientExecuteTokenRequest: 2135.5 ms app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:06:01 GMT] : @azure/msal-browser@2.38.1 : Trace - PerformanceClient: Updating static fields app.module.ts:64 [MSAL] [Mon, 09 Sep 2024 14:06:01 GMT] : [565a1a29-4715-4b77-87e8-5db30739d21b] : @azure/msal-common@13.2.1 : Verbose - Authority type is ADFS, creating ADFS account 

Network Trace (Preferrably Fiddler)

• [ ] Pending
• [ ] Sent

MSAL Configuration

PublicClientApplication:
{
    auth: {
      clientId: "uri:myapplication.com/website",
      redirectUri: config.msalConfig.redirectUri,
      authority: "https://own-adfs-server.com/",
      knownAuthorities: "https://own-adfs-server.com/adfs/",
      postLogoutRedirectUri: "http://localhost:4200,
      protocolMode: ProtocolMode.OIDC,

    },
    cache: {
      cacheLocation: sessionStorage,
      storeAuthStateInCookie: false
    }
}

MsalInterceptorConfiguration:
protectedResourceMap.set("https://api-url.com", ["https://api-url.com/.default"])
{
    interactionType: InteractionType.Redirect,
    protectedResourceMap,
    authRequest: {
      authenticationScheme: AuthenticationScheme.BEARER
    }
}

MsalGuardConfiguration:
{
    interactionType: InteractionType.Redirect,
    authRequest: {
      scopes: ["https://api-url.com/.default"]
}

Relevant Code Snippets

providers: [
 {
      provide: HTTP_INTERCEPTORS,
      useClass: MsalInterceptor,
      multi: true
    },
    {
      provide: MSAL_INSTANCE,
      useFactory: MSALInstanceFactory
    },
    {
      provide: MSAL_GUARD_CONFIG,
      useFactory: MSALGuardConfigFactory
    },
    {
      provide: MSAL_INTERCEPTOR_CONFIG,
      useFactory: MSALInterceptorConfigFactory
    }
]

Reproduction Steps

1. start angular app
2. login triggered (redirect) => login on adfs
3. do an api call (httpClient)
4. log: CacheManager:getAccessToken - No token found
5. post /token in network tab => grant_type: refresh_token

Expected Behavior

Following the logic I would expect the let the sesstionStorage entry with scope openid to be reused. Or that there would be a new sesstionStorage entry with the default scope (instead of openid)

Or is this really the inteded way of working?

Identity Provider

ADFS

Browsers Affected (Select all that apply)

Chrome, Firefox, Edge

Regression

No response

Source

External (Customer)

[sameerag]

@EenPOOL Have you tried the same with 3.x? Please let us know if the issue is seen on the latest MSAL JS and we can follow up.

[EenPOOL]

I have updated the packages, but still the same issue "@azure/msal-angular": "^3.0.23", "@azure/msal-browser": "^3.23.0",

Now I have found some logic... behind this issue, probably caused by ADFS as the CacheManager will look at the response value, not what was originally requested REQUEST POST https://own-adfs-server.com/adfs/oauth2/token/ payload:

RESPONSE

ADFS is not returning the res:xyz/.default scope in the response Which prevent reading the access_token from browser storage

I have monkey patched this behaviour by overriding the AuthorizationCodeClient async acquireToken not the nicest fix, but it's working :)

Meanwhile we will see if ADFS could return the missing scope