New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access token renew fails with error AADB2C90077 #214
Comments
@DavidHenri008 The acquireTokenSilent uses a hidden iframe with prompt=none which means the user will not be prompted for credentials. This API relies on the session cookie established between the browser and AAD to obtain a new access_token. If your session is expired , this API call will fail and you will have to do an interactive token renewal by calling either acquireTokenPopup or acquireTokenRedirect where you will be asked to enter your credentials again. Closing this issue for now. Please reopen if you still have questions. |
@rohitnarula7176 Ok, but when does the session expires? In my case my access token expires after an hour and it looks like my session cookie on the login.microsoftonline.com also expire within an hour. Is this possible? Is there a way to read the cookie content and read the expiration time? |
@DavidHenri008, you can parse token online using jwt.io |
@AnnaShk I do not want to parse my access token, I want to parse the session cookie on the login.microsoftonline.com. |
@rohitnarula7176 Can you tell me when the AAD session expires? |
For the record, after multiple back and forth with Microsoft technical support and developers teams we finally identified the cause of my AADB2C90077 error code. As of February 22nd 2018, Microsoft confirmed they issue a fix to solve this issue. So if someone has the issue it is most likely for a different reason. |
@DavidHenri008 can you please enlight your solution? Can you supply the exact policy xml? |
@mrman888 as mentionned, today the issue is supposed to be fixed by Microsoft.
|
I have an angular app and B2C exhibiting this exact same behaviour. I am unable to upload a new policy as per @DavidHenri008 so what is the fix? In my instance I can login with loginRedirect and see the token in localstorage, but when trying to use token again the authcallback errors with this Could not silently retrieve token from storage. AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'. There are literally seconds passing between redirecting from the login and seeing the token to issuing another request and getting this, so it is not a long time out issue |
@buildtestship This really seems to be the same issue I experienced. Microsoft told me the bug has been solved on there side and it should not reappear. I suggest you try my workaround and on the four lifetime setting in Azure.
Let me know if it solves your issue. |
@DavidHenri008 do I need to pass in the offline_scope? I added the JWTIssue claimsprovider as given solution. Also I have this in my relying party:
My expiry time is still one hour: { Here is my login request: |
@mrman888 Your implementation seems right. My issue was related to the JwtIssuer missing values. Concerning the offline_scope I do not add it, I am not sure if it is added by the MSAL library, but I do not think so. |
@DavidHenri008 confirmed that his issue was resolved "As of February 22nd 2018, Microsoft confirmed they issue a fix to solve this issue. So if someone has the issue it is most likely for a different reason." |
I just had this issue a year later and tweaking those values and saving the policy fixed it for me. |
@nathanrobinson, I'm new to custom policies and am trying to include those variables in my TrustedFarworkBase.xml under JwtIssuer. It doesn't fix the issue. Do you know if the variable names have been updated? T |
Hi, I am experiencing issue trying to obtain a new access token from my B2C.
From my SPA I use the msal.js library (v0.1.3) to first authenticate to my B2C. After an hour, the access token expires so I do a silent token renew procedure but it fails. I receive the following error from the B2C:
AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'.
Correlation ID: XXXXXXX
I could not find any information concerning the caused of the error AADB2C90077.
Thanks.
David
The text was updated successfully, but these errors were encountered: