react-aad: Can't construct an IdTokenResponse from a AuthResponse that has a token type of "access_token

Library versions

react-aad-msal: 2.3.5
msal: 1.4.0

Describe the bug I got this message in the console [ERROR] Error: Can't construct an IdTokenResponse from a AuthResponse that has a token type of "access_token". when I refresh the page after I’m logged. In Redux the action AAD_ACQUIRED_ACCESS_TOKEN_SUCCESS also is fired right after AAD_INITIALIZING . I tried to track it down, and it appears to crash on the getIdToken function.

Expected behavior The flux I use in my project is to try to get the access token only after the action AAD_LOGIN_SUCCESS is called. But I started to get the error I described above, on console, and all others steps failed too (AAD_LOGIN_ERROR, AAD_ACQUIRED_ID_TOKEN)

The expected is to complete the login when has a current session after the page is reloaded.

To Reproduce Steps to reproduce the behavior:

Do the login with Azure to create the session
Refresh the browser page
The error occur

Solution: The temporary solution I found and it worked for me, was to downgrade the msal version to the same used on this repository (react-aad), version 1.2.1

Desktop:

OS: Ubuntu 20.04 LTS
Browser: Chrome v84.0.4147.135

About this issue

Original URL
State: open
Created 4 years ago
Reactions: 4
Comments: 17

Most upvoted comments

Hey all, I’ve had the same issue and at least on my end its an error on the token refresh. When the token is cached, it had the wrong token type causing a failure. Temp fix that is working for me is to set forceRefresh: true in the authenticationParameters

const authenticationParameters = {
   scopes: [clientId, etc],
   state: location.href.replace(location.hash,""),
   forceRefresh: true
}

its-miller-time on Sep 14, 2020

UPDATE: In some instances the forceRefresh: true will cause an authentication failure due to a “client auth loop”. This is an error returned from Microsoft when an app requests too many tokens in a short time span (details here)

Apps making multiple requests (15+) in a short period of time (5 minutes) will receive an invalid_grant error explaining that they are looping. The tokens being requested have sufficiently long-lived lifetimes (10 minutes minimum, 60 minutes by default), so repeated requests over this time period are unnecessary.

The real issue lies in the token refresh. When the silent token call caches the token, the token_type is not refreshed. This causes a conditional check to fail in this library. https://github.com/syncweek-react-aad/react-aad/blob/5015337ef1eaa6d29822b207ddd2efeedc28caef/packages/react-aad-msal/src/IdTokenResponse.ts#L11

The real issue will be solving the token cache issue, but in the mean time, a better fix I am using is to patch the dependency directly to check if a token exists rather than for the tokenType. (You can add better logic to check if an idToken exists in the object if you want to be really safe).

if (!response.tokenType) {

This is the library I used for the patch: https://github.com/ds300/patch-package#readme

its-miller-time on Sep 23, 2020

Yeah, downgrading works for me as well. I can live with an older version until next update.

MiniMarker on Sep 8, 2020

Confirming that downgrading to 1.2.1 fixes it for me. Here’s my config if it helps anyone.

// Msal Configurations
const config = {
  auth: {
    authority: `https://login.microsoftonline.com/${tenantId}`,
    clientId,
    redirectUri: window.location.origin,
  },
  cache: {
    cacheLocation: "localStorage",
    storeAuthStateInCookie: true,
  },
};

// Authentication Parameters
const authenticationParameters = {
  scopes: [`${clientId}/.default`],
};

// Options
const options = {
  loginType: LoginType.Popup,
  tokenRefreshUri: window.location.origin + "/auth.html",
};

export const authProvider = new MsalAuthProvider(
  config,
  authenticationParameters,
  options
);

riisi on Sep 7, 2020

@ingogbe downgrade works for me:-)

zuitaom on Sep 17, 2020

You tried to downgrade the msal library? Yes It works but It’s a temporary solution. I’m planning to use the msal library directly too if there won’t be any update about this issue.

andrea-wood on Sep 7, 2020

Hello, I have the same problem

andrea-wood on Aug 28, 2020