acquireTokenSilent : ERROR InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in #7303

AdzeB · 2024-09-10T19:21:36Z

Core Library

MSAL Node (@azure/msal-node)

Core Library Version

2.13.1

Wrapper Library

Not Applicable

Wrapper Library Version

N/A

Public or Confidential Client?

Public

Description

We are calling acquireTokenSilent to get a new token without needing the user to give permissions again, but the function throws the error acquireTokenSilent : ERROR InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in

Error Message

Error silently: InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in.

MSAL Logs

[Tue, 10 Sep 2024 19:11:02 GMT] : [] : @azure/[email protected] : Info - CacheManager:getIdToken - Returning ID token
[Tue, 10 Sep 2024 19:11:02 GMT] : [edf00ed8-1a30-462a-b1da-04e9ac1bb8e5] : @azure/[email protected] : Info - Building oauth client configuration with the following authority: https://login.microsoftonline.com/TENANT_I/oauth2/v2.0/token.
[Tue, 10 Sep 2024 19:11:02 GMT] : [edf00ed8-1a30-462a-b1da-04e9ac1bb8e5] : @azure/[email protected] : Info - Token refresh is required due to cache outcome: 1
[Tue, 10 Sep 2024 19:11:02 GMT] : [] : @azure/[email protected] : Info - CacheManager:getRefreshToken - No refresh token found.
Error silently: InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in.

Network Trace (Preferrably Fiddler)

Sent
Pending

MSAL Configuration

export const msalConfig = (
  supabase: SupabaseClient,
  userId: string,
): Configuration => {
  return {
    auth: {
      clientId: process.env.OUTLOOK_CLIENT_ID || "",
      clientSecret: process.env.OUTLOOK_CLIENT_SECRET,
      authority:
        `https://login.microsoftonline.com/${process.env.OUTLOOK_TENANT_ID}`,
    },
    cache: {
      cachePlugin: new SupabaseCachePlugin(supabase, userId),
    },
    system: {
      loggerOptions: {
        loggerCallback(
          loglevel: LogLevel,
          message: string,
          containsPii: boolean,
        ) {
          console.log(message);
        },
        piiLoggingEnabled: false,
        logLevel: LogLevel.Info,
      },
    },
  };
};

Relevant Code Snippets

export class SupabaseCachePlugin implements ICachePlugin {
  private supabase: SupabaseClient;
  private userId: string;

  constructor(supabase: SupabaseClient, userId: string) {
    this.supabase = supabase;
    this.userId = userId;
  }

  async beforeCacheAccess(cacheContext: TokenCacheContext): Promise<void> {
    // Load the cache from Supabase for the specific user

    console.log("beforeCacheAccess", cacheContext);
    const { data, error } = await this.supabase
      .from("msal_cache")
      .select("cache_data")
      .eq("user_id", this.userId)
      .single();

    if (data && !error) {
      cacheContext.tokenCache.deserialize(data.cache_data);
    }
  }

  async afterCacheAccess(cacheContext: TokenCacheContext): Promise<void> {
    if (cacheContext.cacheHasChanged) {
      // Save the updated cache to Supabase for the specific user
      const serializedCache = cacheContext.tokenCache.serialize();
      await this.supabase
        .from("msal_cache")
        .upsert({
          user_id: this.userId,
          cache_data: serializedCache,
        });
    }
  }
}

Reproduction Steps

Successful login using the following scope
["openid","profile","Calendars.Read","Calendars.ReadWrite", "email","user.read","offline_access"]
Call AcquireTokenSilent function

Expected Behavior

we should be able to get a new token.

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

None (Server)

Regression

N/A

Source

External (Customer)

The text was updated successfully, but these errors were encountered:

sameerag · 2024-09-19T04:59:36Z

cc @Robbie-Microsoft @bgavrilMS

altinokdarici · 2024-09-26T20:28:43Z

@Robbie-Microsoft @bgavrilMS could you help here? We are hitting the same issue. (not sure if the root causes are the same or different) I wonder if it could be related to a recent code change or something on msal side?

altinokdarici · 2024-09-26T21:00:25Z

In our setup, We have a nodejs app and we use InteractiveBrowserCredential from @azure/identity along with @azure/identity-cache-persistence. We don't implement any custom cache plugin in our code.

Here is my call stack (it might be irrelevant since it's bundled but it might help with the class/fn names.)

InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in.
    at createInteractionRequiredAuthError (getCredential-QYKZSYTT.js:6046:10)
    at _RefreshTokenClient.acquireTokenWithCachedRefreshToken (getCredential-QYKZSYTT.js:7082:17)
    at getCredential-QYKZSYTT.js:2019:16
    at _RefreshTokenClient.acquireTokenByRefreshToken (getCredential-QYKZSYTT.js:7071:211)
    at async withSilentAuthentication (getCredential-QYKZSYTT.js:17186:22)
    at async (getCredential-QYKZSYTT.js:18751:11)
    at async Object.withSpan (chunk-FUS4SMZ3.js:552:26)
    at async getCredential (getCredential-QYKZSYTT.js:19923:32)
error Command failed with exit code 1.

bgavrilMS · 2024-10-01T11:34:14Z

InteractiveBrowserCredential is a public client scenario and @Robbie-Microsoft and I don't own this scenario.

Updating the issue.

CC @peterzenz

AdzeB · 2024-10-13T13:07:48Z

Why was this clsoe?

mryraghi · 2024-10-17T00:38:04Z

I'm sickened by the awful developer experience in dealing with Microsoft and Azure.

bgavrilMS · 2024-10-17T18:06:50Z

@AdzeB - how do you get the first set of tokens? Do you use AcquireTokenByAuthCode?

AdzeB · 2024-10-17T18:17:58Z

Hi @bgavrilMS I used getAuthCodeUrl

const authCodeUrlParameters: AuthorizationUrlRequest = {  
       scopes: OUTLOOK\_SCOPES,  
       redirectUri: redirectUri,  
       // prompt: "consent", // Force a new consent prompt  
       // extraQueryParameters: {  
       //   response\_mode: "query", // Ensures compatibility with various OAuth flows  
       // },  
       responseMode: "query",  
       prompt: "consent", // Force a new consent prompt  
       extraQueryParameters: {  
         response\_mode: "query",  
         access: "offline", // Explicitly request offline access  
       },  
     };

// Generate the authorization URL  
const authUrl = await getMsalClient(supabase, userId).getAuthCodeUrl(  
     authCodeUrlParameters,  
);  
console.log("alok", authUrl);  
return authUrl;

export function getMsalClient(supabase: SupabaseClient, userId: string) {

return new ConfidentialClientApplication(msalConfig(supabase, userId));

}

AdzeB added bug-unconfirmed A reported bug that needs to be investigated and confirmed question Customer is asking for a clarification, use case or information. labels Sep 10, 2024

microsoft-github-policy-service bot added the Needs: Attention 👋 Awaiting response from the MSAL.js team label Sep 10, 2024

github-actions bot added confidential-client Issues regarding ConfidentialClientApplications msal-node Related to msal-node package labels Sep 10, 2024

microsoft-github-policy-service bot added Needs: Author Feedback Awaiting response from issue author and removed Needs: Attention 👋 Awaiting response from the MSAL.js team labels Oct 1, 2024

github-actions bot added public-client Issues regarding PublicClientApplications and removed confidential-client Issues regarding ConfidentialClientApplications labels Oct 1, 2024

microsoft-github-policy-service bot closed this as completed Oct 8, 2024

bgavrilMS reopened this Oct 17, 2024

bgavrilMS added confidential-client Issues regarding ConfidentialClientApplications and removed public-client Issues regarding PublicClientApplications labels Oct 17, 2024

microsoft-github-policy-service bot added Needs: Attention 👋 Awaiting response from the MSAL.js team and removed Needs: Author Feedback Awaiting response from issue author labels Oct 17, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

acquireTokenSilent : ERROR InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in #7303

acquireTokenSilent : ERROR InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in #7303

AdzeB commented Sep 10, 2024 •

edited by bgavrilMS

Loading

sameerag commented Sep 19, 2024

altinokdarici commented Sep 26, 2024

altinokdarici commented Sep 26, 2024 •

edited

Loading

bgavrilMS commented Oct 1, 2024 •

edited

Loading

AdzeB commented Oct 13, 2024

mryraghi commented Oct 17, 2024

bgavrilMS commented Oct 17, 2024

AdzeB commented Oct 17, 2024 •

edited

Loading

acquireTokenSilent : ERROR InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in #7303

acquireTokenSilent : ERROR InteractionRequiredAuthError: no_tokens_found: No refresh token found in the cache. Please sign-in #7303

Comments

AdzeB commented Sep 10, 2024 • edited by bgavrilMS Loading

Core Library

Core Library Version

Wrapper Library

Wrapper Library Version

Public or Confidential Client?

Description

Error Message

MSAL Logs

Network Trace (Preferrably Fiddler)

MSAL Configuration

Relevant Code Snippets

Reproduction Steps

Expected Behavior

Identity Provider

Browsers Affected (Select all that apply)

Regression

Source

sameerag commented Sep 19, 2024

altinokdarici commented Sep 26, 2024

altinokdarici commented Sep 26, 2024 • edited Loading

bgavrilMS commented Oct 1, 2024 • edited Loading

AdzeB commented Oct 13, 2024

mryraghi commented Oct 17, 2024

bgavrilMS commented Oct 17, 2024

AdzeB commented Oct 17, 2024 • edited Loading

AdzeB commented Sep 10, 2024 •

edited by bgavrilMS

Loading

altinokdarici commented Sep 26, 2024 •

edited

Loading

bgavrilMS commented Oct 1, 2024 •

edited

Loading

AdzeB commented Oct 17, 2024 •

edited

Loading