microsoft-authentication-library-for-js: acquireTokenSilent fails with a timeout error when interaction is required

I’m submitting a…

[x] Regression (a behavior that used to work and stopped working in a new release)
[x] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:


[x] Chrome version 72
[x] Firefox version 56
[ ] IE version XX
[ ] Edge version XX
[ ] Safari version XX

Library version

Library version: 1.0.0

Current behavior

When interaction is required (e.g. there is no active login), acquireTokenSilent throws ClientAuthError: Token renewal operation failed due to timeout.

Expected behavior

acquireTokenSilent should throw InteractionRequiredAuthError instead.

Minimal reproduction of the problem with instructions

This happens because acquireTokenSilent fails to set response_mode=fragment on the authorize call. The documentation claims:

response_mode | optional | Specifies the method that should be used to send the resulting token back to your app. Defaults to query for an access token, but fragment if the request includes an id_token.

I guess that’s why it used to work, but that claim doesn’t hold true anymore. Try opening this sample link from the documentation in a private browser tab (to ensure there will be an error response): [link with response_type=id_token and prompt=none]

It redirects to http://localhost/myapp/?error=interaction_required&error_description=%0d%0aTrace+ID%3a+a1a12b2c-1c6f-4ae1-a405-543093995000%0d%0aCorrelation+ID%3a+9f4b899c-289e-4abf-9b6f-00a4296e6986%0d%0aTimestamp%3a+2019-05-09+03%3a23%3a02Z - passing error via query instead of fragment. MSAL only processes fragments, so it never communicates with the parent window thus causing acquireTokenSilent to time-out.

I also cannot work around this issue by passing extraQueryParameters: { 'response_mode': 'fragment' } because apparently extraQueryParameters are ignored by acquireTokenSilent which is probably a bug on its own.

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 17 (8 by maintainers)

Most upvoted comments

I believe this is an issue for me on v1.1.3. Browser-wise it’s the same behaviour on Chrome and Firefox.

Relatedly I tested with a couple of different timeout lifetime lengths on a B2C instance:

token lifetime (mins) time till first renewal failure (minutes)
30 10-17
60 55 +/- 1

I noticed this because we have a regular xhr request happening every 30 seconds.

From the above admittedly small dataset I have to conclude that higher lifetimes may lead to more predictable (smaller range) time-to-first-renewal attempt, which isn’t ideal and doesn’t seem to be documented. Is there/should there be some consistency in how long it takes to request the first token renewal?

@Torvin That is not the reason why you have seen this failure. Please read the documentation on token renewals and lifetimes in our FAQs

The error is not regarding “interaction required”, it is because you no longer have a session. And yes, it is on the “developer” library to fall back on acquireTokenPopup() in this case or renew it silently in the background.

Hope this clarifies it.