Closed sebastienlevert closed 1 year ago
This is by design. Since the browser is a public client, refresh tokens should not be stored in it. That said: the client should have all the information necessary to obtain a new access token if the one it had previously expired. I'd therefore suggest we rename this issue to refer to MGT not obtaining valid access token after them expiring.
Yeah, that definitely makes sense to me!
I suspect this is a TeamsProvider issue and does not apply to MsalProvider. In the TeamsProvider, we use msal under the covers to handle the new tokens, but I wonder if that requires a redirect to do that and that's why it's failing since we need to use the auth popup for the redirect.
@sebastienlevert, did you see any console errors that can help narrow down why a new access token is not retrieved?
This is what I am getting. Basically waited for 65 minutes and then I can't use the people card (that was not open before that specific moment).
Might be related to the was the Teams Provider handles the challenge? I feels like it wants to iframe something here...
Could this line be the cause of this behavior? https://github.com/microsoftgraph/microsoft-graph-toolkit/blob/0252b1febed38fc617f6427b00ca211661126256/packages/providers/mgt-teams-provider/src/TeamsProvider.ts#L349-L359
Notice line 355 that doesn't yield auth prompt but rather returns null.
I think you are right. We need to open up the auth popup here and signal to it fetch a new token. We'd likely need to also update the handleAuth
method to go down a refresh token path instead of the signin path in that case.
Closing as it's related to a deprecated provider
Describe the bug After a long moment where a browser goes idle for instance, MGT stops working. It's probably related to refresh tokens and the way they are handled. I was wondering if these were supported and if yes, what is the expected behavior?
To Reproduce Steps to reproduce the behavior:
mgt-person
component on the pageExpected behavior I would expect that on a future call, if Graph returns a 404, we should use the refresh token and try again with a new access token
Environment (please complete the following information):