Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

How to let user edit profile?

See original GitHub issue

Core Library

@azure/msal-browser

Core Library Version

2.14.0

Wrapper Library

@azure/msal-angular

Wrapper Library Version

2.0.0-beta.4

Description

I’m trying to let user edit their profile in my application, but the only function that takes the user to edit profile page is the “loginRedirect” or “loginPopup”. The problem is that, when I use that functions and the user complete the flow, the msal library gets two accounts on “getAllAccounts()” and none of them has the updated info.

MSAL Configuration

{ auth: { clientId: ‘', authority: '’, navigateToLoginRequestUrl: false, redirectUri: ${window.location.origin}, }, cache: { cacheLocation: ‘localStorage’, } }

Relevant Code Snippets

const client = new PublicClientApplication({ auth: { clientId: ‘', authority: '’, navigateToLoginRequestUrl: false, redirectUri: ${window.location.origin}, }, cache: { cacheLocation: ‘localStorage’, } })

client.loginRedirect()

Identity Provider

Azure B2C Custom Policy

Source

External (Customer)

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:10 (6 by maintainers)

Top GitHub Comments

1reaction

tnorlingcommented, May 25, 2021

@luismiguelprs @tiny-dancer Right now the way the B2C service is designed (separating different operations into different user flows) causes MSAL to see idTokens from different flows as completely different “users” (tokens are also not shared across flows). If and until that design changes there are 2 approaches you can take to work around the multiple account issue:

Filter the result of getAllAccounts and choose the account for the flow you wish to use. You can find the name of the flow the account belongs to in either idTokenClaims.tfp or idTokenClaims.acr on each account object.
When you receive a response from the edit profile flow immediately call logout with the account that was returned in the response. (This approach is demonstrated in the angular b2c sample here)

1reaction

hectormmgcommented, May 7, 2021

@luismiguelprs I think I understand now.

Given that MSAL has to support multiple authentication services, there aren’t any B2C specific APIs (such as ClientApplication.editProfileRedirect()). Using the login and acquireToken APIs for these use cases is the right approach. As to the duplicate accounts after a user changes their profile information, we’ll take a look and see if we can reproduce the behavior and see if there’s changes to be made to fix this. Thanks!