Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refresh token silently with 3rd Party Cookies allowed - Error AADSTS50058 #7384

Open
2 tasks done
pr3d1ction opened this issue Oct 17, 2024 · 1 comment
Open
2 tasks done

Refresh token silently with 3rd Party Cookies allowed - Error AADSTS50058 #7384

pr3d1ction opened this issue Oct 17, 2024 · 1 comment
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.

Comments

@pr3d1ction
Copy link

pr3d1ction commented Oct 17, 2024
edited
Loading

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.23.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

None

Public or Confidential Client?

Public

Description

In our enterprise PWA App we try to make use of refreshing the token silently to avoid the users need to re-login after a certain period. For doing this we make sure, that the login.microsoftonline.com domain is added as per the documentation here: https://support.apple.com/en-euro/guide/deployment/depb4c146c2e/web

For just testing this, it's also enough to disable Prevent Cross-Site Tracking in the iPadOS Setting (Attention this is allowing all 3rd party Cookies).

After the user is logged in, we added a button to refresh the token silently to test it out. When trying to refresh silently we get:
"errorCode": "login_required", "errorMessage": "AADSTS50058: A silent sign-in request was sent but no user is signed in.

Is there anything else we need to take action on or any other parameter to be set?
The user is having a valid session at the moment we invoke the msal method.

Any hints?

Thanks!

Error Message

No response

MSAL Logs

main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getActiveAccount: Active account filters schema found
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccountKeys called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAccount called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getTokenKeys called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - CacheManager - getIdToken called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getIdTokenCredential: cache hit
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: config
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata called with source: hardcoded_values
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - getAliasesFromMetadata: found cloud discovery metadata in hardcoded_values, returning aliases
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Info - CacheManager:getIdToken - Returning ID token
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : @azure/[email protected] : Verbose - acquireTokenSilent called
main.a9d3d2ba3135d49e.js:2 MSAL 11:07:32 | SilentRequest { "scopes": [ "URL" ], "forceRefresh": false, "cacheLookupPolicy": 5, "account": { "homeAccountId": "homeAccountId", "environment": "login.windows.net", "tenantId": "tenantId", "username": "username", "localAccountId": "localAccountId", "name": "name", "authorityType": "MSSTS", "tenantProfiles": [ [ "tenantProfiles", { "tenantId": "tenantId", "localAccountId": "localAccountId", "name": "", "isHomeTenant": true } ] ], "idTokenClaims": { "aud": "...", "iss": "....", "iat": 1729162731, "nbf": 1729162731, "exp": 1729166631 }, "idToken": "idToken" }}
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : @azure/[email protected] : Verbose - acquireTokenSilent called for the first time, storing active request
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenSilentAsync
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenStart
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Verbose - Emitting event to callback XYZe: msal:acquireTokenStart
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Executing function initializeSilentRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Executing function initializeBaseRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Verbose - Authentication Scheme wasn't explicitly set in request, defaulting to "Bearer" request
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Returning result from initializeBaseRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Returning result from initializeSilentRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - isNativeAvailable called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - isNativeAvailable: allowNativeBroker is not enabled, returning false
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Verbose - acquireTokenSilent - attempting to acquire token from web flow
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenFromCache
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Error occurred in acquireTokenFromCache
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenFromNetworkStart
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Verbose - Emitting event to callback XYZe: msal:acquireTokenFromNetworkStart
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenByRefreshToken
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Error occurred in acquireTokenByRefreshToken
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - {"errorCode":"token_refresh_required","errorMessage":"Cannot return token from cache because it must be refreshed. This may be due to one of the following reasons: forceRefresh parameter is set to true, claims have been requested, there is no cached access token or it is expired.","subError":"","name":"ClientAuthError"}
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : @azure/[email protected] : Verbose - Refresh token expired/invalid or CacheLookupPolicy is set to Skip, attempting acquire token by iframe.
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Executing function acquireTokenBySilentIframe
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - Executing function silentIframeClientAcquireToken
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function standardInteractionClientInitializeAuthorizationRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - getRedirectUri called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function initializeBaseRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - Authentication Scheme set to "Bearer" as configured in Auth request
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from initializeBaseRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - Setting validated request account
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from standardInteractionClientInitializeAuthorizationRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - initializeServerTelemetryManager called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function standardInteractionClientCreateAuthCodeClient
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function standardInteractionClientGetClientConfiguration
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function standardInteractionClientGetDiscoveredAuthority
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function authorityFactoryCreateDiscoveredInstance
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function authorityResolveEndpointsAsync
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getAuthorityMetadata: cache hit
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function authorityUpdateCloudDiscoveryMetadata
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - Attempting to get cloud discovery metadata from authority configuration
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - Did not find cloud discovery metadata in the config... Attempting to get cloud discovery metadata from the hardcoded values.
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - Found cloud discovery metadata from hardcoded values.
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from authorityUpdateCloudDiscoveryMetadata
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function authorityUpdateEndpointMetadata
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - Attempting to get endpoint metadata from authority configuration
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - Did not find endpoint metadata in the config... Attempting to get endpoint metadata from the hardcoded values.
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from authorityUpdateEndpointMetadata
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.setAuthorityMetadata called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from authorityResolveEndpointsAsync
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from authorityFactoryCreateDiscoveredInstance
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from standardInteractionClientGetDiscoveredAuthority
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from standardInteractionClientGetClientConfiguration
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from standardInteractionClientCreateAuthCodeClient
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function silentIframeClientTokenHelper
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function standardInteractionClientInitializeAuthorizationCodeRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function generatePkceCodes
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function generateCodeVerifier
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function getRandomValues
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from getRandomValues
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from generateCodeVerifier
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function generateCodeChallengeFromVerifier
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function sha256Digest
Successfully preconnected to https://login.microsoftonline.com/
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from sha256Digest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from generateCodeChallengeFromVerifier
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from generatePkceCodes
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from standardInteractionClientInitializeAuthorizationCodeRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - isNativeAvailable called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - isNativeAvailable: allowNativeBroker is not enabled, returning false
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function getAuthCodeUrl
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : @azure/[email protected] : Trace - Executing function authClientCreateQueryString
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : @azure/[email protected] : Verbose - createAuthCodeUrlQueryString: Adding login_hint from account
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : @azure/[email protected] : Trace - Returning result from authClientCreateQueryString
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Verbose - Replacing tenant domain name 72e15514-5be9-46a8-8b0b-af9b1b77b3b8 with id {tenantid}
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from getAuthCodeUrl
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function silentHandlerInitiateAuthRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function silentHandlerLoadFrameSync
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from silentHandlerLoadFrameSync
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from silentHandlerInitiateAuthRequest
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:32 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function silentHandlerMonitorIframeForHash
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function removeHiddenIframe
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from removeHiddenIframe
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from silentHandlerMonitorIframeForHash
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function deserializeResponse
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - Returning result from deserializeResponse
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - Executing function handleCodeResponse
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - Error occurred in handleCodeResponse
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - {"errorCode":"login_required","errorMessage":"AADSTS50058: A silent sign-in request was sent but no user is signed in. Trace ID: 1b21d5f3-0878-4f5a-ac34-5e1ad9a30a00 Correlation ID: xyzIDxyz Timestamp: 2024-10-17 11:07:33Z","subError":"","name":"InteractionRequiredAuthError","timestamp":"","traceId":"","correlationId":"","claims":"","errorNo":"50058"}
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - Error occurred in silentIframeClientTokenHelper
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [xyzIDxyz] : [email protected] : Trace - {"errorCode":"login_required","errorMessage":"AADSTS50058: A silent sign-in request was sent but no user is signed in. Trace ID: 1b21d5f3-0878-4f5a-ac34-5e1ad9a30a00 Correlation ID: xyzIDxyz Timestamp: 2024-10-17 11:07:33Z","subError":"","name":"InteractionRequiredAuthError","timestamp":"","traceId":"","correlationId":"","claims":"","errorNo":"50058"}
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.getServerTelemetry: cache hit
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Trace - BrowserCacheManager.setServerTelemetry called
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Trace - Error occurred in silentIframeClientAcquireToken
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Trace - {"errorCode":"login_required","errorMessage":"AADSTS50058: A silent sign-in request was sent but no user is signed in. Trace ID: 1b21d5f3-0878-4f5a-ac34-5e1ad9a30a00 Correlation ID: xyzIDxyz Timestamp: 2024-10-17 11:07:33Z","subError":"","name":"InteractionRequiredAuthError","timestamp":"","traceId":"","correlationId":"xyzIDxyz","claims":"","errorNo":"50058"}
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Trace - Error occurred in acquireTokenBySilentIframe
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Trace - {"errorCode":"login_required","errorMessage":"AADSTS50058: A silent sign-in request was sent but no user is signed in. Trace ID: 1b21d5f3-0878-4f5a-ac34-5e1ad9a30a00 Correlation ID: xyzIDxyz Timestamp: 2024-10-17 11:07:33Z","subError":"","name":"InteractionRequiredAuthError","timestamp":"","traceId":"","correlationId":"xyzIDxyz","claims":"","errorNo":"50058"}
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenFailure
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Verbose - Emitting event to callback XYZe: msal:acquireTokenFailure
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Trace - Error occurred in acquireTokenSilentAsync
main.a9d3d2ba3135d49e.js:2 [Thu, 17 Oct 2024 11:07:33 GMT] : [] : @azure/[email protected] : Trace - {"errorCode":"login_required","errorMessage":"AADSTS50058: A silent sign-in request was sent but no user is signed in. Trace ID: 1b21d5f3-0878-4f5a-ac34-5e1ad9a30a00 Correlation ID: xyzIDxyz Timestamp: 2024-10-17 11:07:33Z","subError":"","name":"InteractionRequiredAuthError","timestamp":"","traceId":"","correlationId":"xyzIDxyz","claims":"","errorNo":"50058"}
main.a9d3d2ba3135d49e.js:2 MSAL 11:07:33 | Error 3rd party cookies { "errorCode": "login_required", "errorMessage": "AADSTS50058: A silent sign-in request was sent but no user is signed in. Trace ID: 1b21d5f3-0878-4f5a-ac34-5e1ad9a30a00 Correlation ID: xyzIDxyz Timestamp: 2024-10-17 11:07:33Z", "subError": "", "name": "InteractionRequiredAuthError", "timestamp": "", "traceId": "", "correlationId": "xyzIDxyz", "claims": "", "errorNo": "50058"}
writeToConsole @ main.a9d3d2ba3135d49e.js:2
error @ main.a9d3d2ba3135d49e.js:2
(anonymous) @ main.a9d3d2ba3135d49e.js:2
(anonymous) @ main.a9d3d2ba3135d49e.js:2
(anonymous) @ main.a9d3d2ba3135d49e.js:2
error @ main.a9d3d2ba3135d49e.js:2
_error @ main.a9d3d2ba3135d49e.js:2
error @ main.a9d3d2ba3135d49e.js:2
onInvoke @ main.a9d3d2ba3135d49e.js:2
run @ polyfills.d75bcda12191eee1.js:2
(anonymous) @ polyfills.d75bcda12191eee1.js:2
onInvokeTask @ main.a9d3d2ba3135d49e.js:2
runTask @ polyfills.d75bcda12191eee1.js:2
K @ polyfills.d75bcda12191eee1.js:2
invokeTask @ polyfills.d75bcda12191eee1.js:2

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

const request: SilentRequest = {
      scopes: this.environmentService.getEnvironment().auth.scopes,
      forceRefresh,
      cacheLookupPolicy,
      account: this.msalService.instance.getActiveAccount() || undefined
    };


test3rdPartyCookies(): Observable<ThirdPartyCookieTestResult> {
    return this.msalService.acquireTokenSilent(this.getSilentRequest(false, CacheLookupPolicy.Skip)).pipe(
      map(authResult => ({ result: true, data: this.logService.cleanObjectAndStringify(authResult) })),
      catchError(error => {
        this.logService.error('Error 3rd party cookies', LogCategory.MSAL, [error]);
        return of({ result: false, data: this.logService.cleanObjectAndStringify(error) });
      })
    );

Relevant Code Snippets

const request: SilentRequest = {
      scopes: this.environmentService.getEnvironment().auth.scopes,
      forceRefresh,
      cacheLookupPolicy,
      account: this.msalService.instance.getActiveAccount() || undefined
    };


test3rdPartyCookies(): Observable<ThirdPartyCookieTestResult> {
    return this.msalService.acquireTokenSilent(this.getSilentRequest(false, CacheLookupPolicy.Skip)).pipe(
      map(authResult => ({ result: true, data: this.logService.cleanObjectAndStringify(authResult) })),
      catchError(error => {
        this.logService.error('Error 3rd party cookies', LogCategory.MSAL, [error]);
        return of({ result: false, data: this.logService.cleanObjectAndStringify(error) });
      })
    );

Reproduction Steps

  1. On iPadOS Safari setting allow 3rd party cookies. Disable Prevent Cross-Site Tracking (In an enterprise environment this can be done specifially for some domains (i.e. login.microsoftonline.com).
  2. Login into your PWA app
  3. Try to invoke acquireTokenSilent by setting the Cachepolicy to CacheLookupPolicy.Skip (Making sure it's skipping the cache).

Expected Behavior

We would expect the token to be refresehd without any user interaction

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Safari

Regression

No response
@pr3d1ction pr3d1ction added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Oct 17, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Oct 17, 2024
@github-actions github-actions bot added msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package public-client Issues regarding PublicClientApplications labels Oct 17, 2024
@pr3d1ction
Copy link
Author

One more addition from our side.
When testing the app on iOS 18 inside Chrome - the token acquireTokenSilent works.
On Safari (Our default Browser) I see there are no Cookies stored in this regards, this could answer the question why the error message points out that there is no user logged in.
Is there any way to make sure the needed Cookies are stored?

We enabled storeAuthStateInCookie, but still no Cookies stored in Safari.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug-unconfirmed A reported bug that needs to be investigated and confirmed msal-angular Related to @azure/msal-angular package msal-browser Related to msal-browser package Needs: Attention 👋 Awaiting response from the MSAL.js team public-client Issues regarding PublicClientApplications question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pr3d1ction