microsoft-authentication-library-for-js: Invalid state Expected: null

I’m submitting a…


[ ] Regression (a behavior that used to work and stopped working in a new release)
[x] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:

Browser:

  • Chrome version latest
  • Firefox version XX
  • IE version XX
  • Edge version XX
  • Safari version XX

Library version


Library version: 1.1.3

Current behavior

Ever since I upgraded from 0.2.4 to newer versions - currently the newest. I have nothing but problems which I never had before. I’m not sure if I’m doing something wrong. But I don’t know what.

Currently and quite randomly this error occurs quite often. The only thing which helps then is to manually “logout” and log in again:

ClientAuthError: Invalid state. f7e035d3-ea01-4300-ba18-dc4ec5fd936c, state expected : null.
    at ClientAuthError.AuthError [as constructor] (http://localhost:3000/static/js/1.chunk.js:59448:24)
    at new ClientAuthError (http://localhost:3000/static/js/1.chunk.js:59579:24)
    at Function.ClientAuthError.createInvalidStateError (http://localhost:3000/static/js/1.chunk.js:59624:12)
    at UserAgentApplication.saveTokenFromHash (http://localhost:3000/static/js/1.chunk.js:58737:93)
    at UserAgentApplication.processCallBack (http://localhost:3000/static/js/1.chunk.js:58093:23)
    at UserAgentApplication.handleAuthenticationResponse (http://localhost:3000/static/js/1.chunk.js:58200:10)
    at new UserAgentApplication (http://localhost:3000/static/js/1.chunk.js:57232:14)
    at WebMsalService._this.createClient (http://localhost:3000/static/js/main.chunk.js:5126:21)
    at new WebMsalService (http://localhost:3000/static/js/main.chunk.js:5144:11)
    at _callee4$ (http://localhost:3000/static/js/main.chunk.js:2841:125)
    at tryCatch (http://localhost:3000/static/js/1.chunk.js:168970:17)
    at Generator.invoke [as _invoke] (http://localhost:3000/static/js/1.chunk.js:169189:22)
    at Generator.prototype.<computed> [as next] (http://localhost:3000/static/js/1.chunk.js:169023:21)
    at asyncGeneratorStep (http://localhost:3000/static/js/1.chunk.js:20628:24)
    at _next (http://localhost:3000/static/js/1.chunk.js:20650:9)
    at http://localhost:3000/static/js/1.chunk.js:20657:7
    at new Promise (<anonymous>)
    at http://localhost:3000/static/js/1.chunk.js:20646:12
    at _getMsalClient (http://localhost:3000/static/js/main.chunk.js:2850:25)
    at getMsalClient (http://localhost:3000/static/js/main.chunk.js:2830:25)
    at _callee9$ (http://localhost:3000/static/js/main.chunk.js:3065:20)
    at tryCatch (http://localhost:3000/static/js/1.chunk.js:168970:17)
    at Generator.invoke [as _invoke] (http://localhost:3000/static/js/1.chunk.js:169189:22)
    at Generator.prototype.<computed> [as next] (http://localhost:3000/static/js/1.chunk.js:169023:21)
    at asyncGeneratorStep (http://localhost:3000/static/js/1.chunk.js:20628:24)
    at _next (http://localhost:3000/static/js/1.chunk.js:20650:9)
    at http://localhost:3000/static/js/1.chunk.js:20657:7
    at new Promise (<anonymous>)
    at http://localhost:3000/static/js/1.chunk.js:20646:12
    at _getForClient (http://localhost:3000/static/js/main.chunk.js:3086:24)
    at getForClient (http://localhost:3000/static/js/main.chunk.js:3041:24)
    at _callee8$ (http://localhost:3000/static/js/main.chunk.js:3001:20)
    at tryCatch (http://localhost:3000/static/js/1.chunk.js:168970:17)
    at Generator.invoke [as _invoke] (http://localhost:3000/static/js/1.chunk.js:169189:22)
    at Generator.prototype.<computed> [as next] (http://localhost:3000/static/js/1.chunk.js:169023:21)
    at asyncGeneratorStep (http://localhost:3000/static/js/1.chunk.js:20628:24)
    at _next (http://localhost:3000/static/js/1.chunk.js:20650:9)

Expected behavior

Silent Token renewal should work.

Any pointers to what COULD be my problem are very welcome.

We’re basically using MSAL like this.

My MSAL config:

    const authConfig = {
      auth: {
        clientId: this.authConfiguration.clientId,
        authority: policy || this.authConfiguration.signInPolicy, // https://login.microsoftonline.com/common"
        validateAuthority: true,
        redirectUri: `${this.appUrl}/login-complete`,
        postLogoutRedirectUri: postLogoutRedirectUri || this.appUrl,
        navigateToLoginRequestUrl: false
      },
      cache: {
        cacheLocation: 'localStorage'
      }
    } as Configuration;

Log in:

    client.loginRedirect({
      scopes: this.getScopes(),  // we provide some extra scopes here
      extraQueryParameters: hints,
      loginHint: hints.login_hint
    });

Acquiring the token:

const response = await client.acquireTokenSilent({ scopes: [this.authConfiguration.clientId] });

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 22 (12 by maintainers)

Most upvoted comments

Hello

I have been having similar issues when migrating from react-aad-msal to direct msal (for more fine grained control).

react-aad-msal did not have this issue but when I migrated to msal with identical configuration parameters and loginRedirect calls msal failed while react-aad-msal worked.

After digging into it a bit more I found that it was caused by when I invoked msal.handleRedirectCallback. If the call happens too late I get the above error.

I was able to break my working version by delaying the register:

    setTimeout(function() {
      instance.handleRedirectCallback(...)
  }, 500);

I am using msal with React and the delayed useEffects were the cause of my issues

Ciaran

+6
cliedeman on Feb 6, 2020

Hopefully by next monday. There is a beta.4 in pipeline and we plan to release 1.2.0 after that.

+1
sameerag on Nov 12, 2019
Read more comments on GitHub
← microsoft-authentication-library-for-js: Invalid Issuer (iss: sts.windows.net) when acquiring token
microsoft-authentication-library-for-js: Keep me signed in not working angular13 →