Library fails for B2C login when no Access Token is returned
See original GitHub issueUsing msal:0.2.2
After successfully logged in using B2C method, getting the following exception therefore failure at auth callback:
Caused by: java.lang.NullPointerException: Attempt to invoke virtual method 'long java.lang.Long.longValue()' on a null object reference
at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.getExpiresOn(MicrosoftStsAccountCredentialAdapter.java:231)
at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:78)
at com.microsoft.identity.common.internal.cache.MicrosoftStsAccountCredentialAdapter.createAccessToken(MicrosoftStsAccountCredentialAdapter.java:45)
at com.microsoft.identity.common.internal.cache.MsalOAuth2TokenCache.save(MsalOAuth2TokenCache.java:112)
...
And here is my raw config file:
{
"client_id" : "XXX",
"authorization_user_agent" : "DEFAULT",
"redirect_uri" : "msalXXX://auth",
"authorities" : [
{
"type": "B2C",
"authority_url": "https://TTT.b2clogin.com/tfp/TTT.onmicrosoft.com/B2C_1_susi/"
}
]
}
where XXX is client id, and TTT is tenant.
It seems like the field “expires_in” in token response happens to be null, so auth fails inside the library although we get successful response from browser.
Issue Analytics
- State:
- Created 4 years ago
- Comments:31 (14 by maintainers)
Top Results From Across the Web
B2C authentication not returning access_token - Stack Overflow
It doesn't automatically return the AccessToken unless you explicitly request permission to one of your APIs.
Read more >Request an access token - Azure Active Directory B2C
An access token contains claims that you can use in Azure Active Directory B2C (Azure AD B2C) to identify the granted permissions to...
Read more >Microsoft Authentication Library for JavaScript (MSAL.js)
In MSAL, you can get access tokens for the APIs your app needs to call using the acquireTokenSilent method which makes a silent...
Read more >Microsoft Azure AD B2C and refresh tokens for Single Page ...
If you have used refresh tokens before, you might notice that there is no offline_access specified in the request. With the new SPA...
Read more >Obtaining an Access Token from Azure B2C using OAuth2.0 ...
An access_token could could come from a mobile, a web browser or SPA application after a user has been successfully logged in, or...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I had similar issue with
com.microsoft.identity.client:msal:1.3.0
version, and managed to fix it. In my case the issue was related to the fact the Azure AD B2C returned only Id token without access token, and theexpires_on
was not presented in the authorisation code exchange JSON response. To get an access token you must provide a valid API scope. To do so, make sure you create the scope under the Expose an API, and also grant permission to that API under the API permissions.I also recommend you to use the Android studio profiler https://developer.android.com/studio/profile/network-profiler, so you can see the request and the response to the token endpoint.
Your response should look like similar to the following one
Please let me know if you need any further explanations,
Yoel
@iambmelt Hello again. So we’ve tried updating the policies with this workaround you gave me. Sadly, when trying to debug all the way down into the LocalMSALController.java, I can see this line:
final TokenResult tokenResult = performTokenRequest(oAuth2Strategy, mAuthorizationRequest, result.getAuthorizationResponse(), parameters);
is giving me a tokenResult that looks like this(in the tokenResponse):
The mClientInfo, mIdToken and mRefreshToken all have data in it, I just removed it for this purpose of the talk.
Hopefully, you can point me in some direction here. 😃
EDIT: I had to set my SCOPES as the client id of the azure b2c project, then it all worked out for me. So this line solved it for me:
val SCOPES = arrayOf("CLIENT_ID")