Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
multiple_matching_tokens The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account.
See original GitHub issueCore Library
MSAL Node (@azure/msal-node)
Core Library Version
1.12.0
Wrapper Library
Not Applicable
Wrapper Library Version
None
Public or Confidential Client?
Confidential
Description
After adding 2 new MSAL flows for acquireTokenByRefreshToken and acquireTokenOnBehalfOf we started seeing some errors in existing workflows that had no issues (acquireTokenByClientCredential). The error we are receiving from MSAL is “multiple_matching_tokens”. We only see this issue in acquireTokenByClientCredential for our singleton client.
We added authority to all of our client codes as suggested by the error message below but we are still receiving these errors.
We noticed 2 similar incidents that were supposed to fix this issue: #4486 #4691
Error Message
“stack”: “ClientAuthError: multiple_matching_tokens: The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account…\n at ClientAuthError.AuthError [as constructor] (/app/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/index.cjs.js:496:24)\n at new ClientAuthError (/app/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/index.cjs.js:790:28)\n at Function.ClientAuthError.createMultipleMatchingTokensInCacheError (/app/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/index.cjs.js:885:16)\n at ClientCredentialClient.readAccessTokenFromCache (/app/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/index.cjs.js:6036:35)\n at ClientCredentialClient.<anonymous> (/app/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/index.cjs.js:5996:50)\n at step (/app/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/index.cjs.js:79:23)\n at Object.next (/app/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/index.cjs.js:60:53)\n at /app/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/index.cjs.js:53:71\n at new Promise (<anonymous>)\n at __awaiter (/app/node_modules/@azure/msal-node/node_modules/@azure/msal-common/dist/index.cjs.js:49:12)”, “message”: “multiple_matching_tokens: The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account…”, “errorCode”: “multiple_matching_tokens”, “errorMessage”: “The cache contains multiple tokens satisfying the requirements. Call AcquireToken again providing more requirements such as authority or account…”, “subError”: “”, “name”: “ClientAuthError” }
Msal Logs
No response
MSAL Configuration
auth: {
clientId: "9edfcdd9-0bc5-4bd4-b287-c3afc716aac7"
authority: "https://login.microsoftonline.com/organizations",
clientCertificate: {
thumbprint: pem.thumbprint,
privateKey: pem.privateKey,
x5c: pem.certificate,
},
},
Relevant Code Snippets
this._client.acquireTokenByClientCredential({
"scopes": [
"https://management.azure.com/.default"
],
"authority": "https://login.microsoftonline.com/72f988bf-86f1-41af-91ab-2d7cd011db47"
}),
Reproduction Steps
N/A
Expected Behavior
Expectation would be for acquireTokenBYClientCredential to return a valid access token matching the passed in requirements.
Identity Provider
Azure AD / MSA
Browsers Affected (Select all that apply)
None (Server)
Regression
No response
Source
Internal (Microsoft)
Issue Analytics
- State:
- Created a year ago
- Comments:16 (11 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@Robbie-Microsoft will be. We can reach out soon regarding the timeline, need to re-assess some of the other issues which are in the pipeline. Please watch out this space.
The fix for this will be in the next release, 1.14.3 not 1.14.2