Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Unhandled rejection ClientAuthError: Token calls are blocked in hidden iframes
See original GitHub issueCore Library
MSAL.js v1 (@azure/msal or msal)
Core Library Version
1.4.4
Wrapper Library
MSAL Angular (@azure/msal-angular)
Wrapper Library Version
1.1.2
Description
We can login with the existing users with no issues, although we created a new user with different roles and we are getting this error only with that user, I already saw your ticket #1156 that was closed, I have tried all the solutions, I have tried to use the solution of the non-MSAL protected page, but I really don’t understand how the process to make this work fully.
Error Message
Unhandled rejection ClientAuthError: Token calls are blocked in hidden iframes at u.a [as constructor] (https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:32702) at new u (https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:29515) at Function.u.createBlockTokenRequestsInHiddenIframeError (https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:29354) at Function.h.blockReloadInHiddenIframes (https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:102704) at g.<anonymous> (https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:55334) at https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:3199 at Object.next (https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:3304) at https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:2229 at i.e._execute (https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.2/bluebird.min.js:29:19922) at i._resolveFromExecutor (https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.2/bluebird.min.js:30:15342) at new i (https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.2/bluebird.min.js:30:7039) at Object.t.__awaiter (https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:2008) at https://alcdn.msftauth.net/lib/1.4.2/js/msal.min.js:17:55193 at i.e._execute (https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.2/bluebird.min.js:29:19922) at i._resolveFromExecutor (https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.2/bluebird.min.js:30:15342) at new i (https://cdnjs.cloudflare.com/ajax/libs/bluebird/3.7.2/bluebird.min.js:30:7039)
Msal Logs
/e0793d39-0939-496d-b129-198edd916feb/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2Fciocloudspacdn.accenture.com%2F%2Fread_aad_cloudspacookies_service%20openid%20profile&client_id=d5eab3a6-6223-49b9-8cbf-94452505ed31&redirect_uri=https%3A%2F%2Fuhuman.accenture.com%2F&state=eyJpZCI6Ijk4NGZkMmJkLTAxNzgtNGE5My1hZWNmLTJhZDNhMzA1MDU4MCIsInRzIjoxNjI0MjkxNTkyLCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=8f5e8127-81fd-4413-8e83-e514b4e341cb&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.2&login_hint=A50874DIRPWSP%40accenture.com&client-request-id=919237d4-0f0f-4d02-b777-a1c8dae4b784&prompt=none&response_mode=fragment:87 Unsafe attempt to initiate navigation for frame with origin ‘https://uhuman.accenture.com’ from frame with URL ‘https://login.microsoftonline.com/e0793d39-0939-496d-b129-198edd916feb/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2Fciocloudspacdn.accenture.com%2F%2Fread_aad_cloudspacookies_service openid profile&client_id=d5eab3a6-6223-49b9-8cbf-94452505ed31&redirect_uri=https%3A%2F%2Fuhuman.accenture.com%2F&state=eyJpZCI6Ijk4NGZkMmJkLTAxNzgtNGE5My1hZWNmLTJhZDNhMzA1MDU4MCIsInRzIjoxNjI0MjkxNTkyLCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=8f5e8127-81fd-4413-8e83-e514b4e341cb&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.2&login_hint=A50874DIRPWSP%40accenture.com&client-request-id=919237d4-0f0f-4d02-b777-a1c8dae4b784&prompt=none&response_mode=fragment’. The frame attempting navigation of the top-level window is sandboxed, but the flag of ‘allow-top-navigation’ or ‘allow-top-navigation-by-user-activation’ is not set.
/e0793d39-0939-496d-b129-198edd916feb/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2Fciocloudspacdn.accenture.com%2F%2Fread_aad_cloudspacookies_service%20openid%20profile&client_id=d5eab3a6-6223-49b9-8cbf-94452505ed31&redirect_uri=https%3A%2F%2Fuhuman.accenture.com%2F&state=eyJpZCI6ImVkM2Q5Y2Q5LTJjNjQtNGJlMy05M2Y0LTk1YmJkZTliNGMwNCIsInRzIjoxNjI0MjkxNjA5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=55b55751-7bfc-4edc-9fe1-6675b20588ba&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.2&login_hint=A50874DIRPWSP%40accenture.com&client-request-id=2a9915d4-9681-42a0-9071-5e93f3fbb589&prompt=none&response_mode=fragment:87 Uncaught DOMException: Failed to set the ‘href’ property on ‘Location’: The current window does not have permission to navigate the target frame to ‘https://login.microsoftonline.com/e0793d39-0939-496d-b129-198edd916feb/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2Fciocloudspacdn.accenture.com%2F%2Fread_aad_cloudspacookies_service openid profile&client_id=d5eab3a6-6223-49b9-8cbf-94452505ed31&redirect_uri=https%3A%2F%2Fuhuman.accenture.com%2F&state=eyJpZCI6ImVkM2Q5Y2Q5LTJjNjQtNGJlMy05M2Y0LTk1YmJkZTliNGMwNCIsInRzIjoxNjI0MjkxNjA5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=55b55751-7bfc-4edc-9fe1-6675b20588ba&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.2&login_hint=A50874DIRPWSP%40accenture.com&client-request-id=2a9915d4-9681-42a0-9071-5e93f3fbb589&prompt=none&response_mode=fragment&iframe-request-id=baafc705-1cb7-4395-b4ac-2e6e1c4a2501’. at https://login.microsoftonline.com/e0793d39-0939-496d-b129-198edd916feb/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2Fciocloudspacdn.accenture.com%2F%2Fread_aad_cloudspacookies_service openid profile&client_id=d5eab3a6-6223-49b9-8cbf-94452505ed31&redirect_uri=https%3A%2F%2Fuhuman.accenture.com%2F&state=eyJpZCI6ImVkM2Q5Y2Q5LTJjNjQtNGJlMy05M2Y0LTk1YmJkZTliNGMwNCIsInRzIjoxNjI0MjkxNjA5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=55b55751-7bfc-4edc-9fe1-6675b20588ba&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.2&login_hint=A50874DIRPWSP%40accenture.com&client-request-id=2a9915d4-9681-42a0-9071-5e93f3fbb589&prompt=none&response_mode=fragment:87:326 at https://login.microsoftonline.com/e0793d39-0939-496d-b129-198edd916feb/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2Fciocloudspacdn.accenture.com%2F%2Fread_aad_cloudspacookies_service openid profile&client_id=d5eab3a6-6223-49b9-8cbf-94452505ed31&redirect_uri=https%3A%2F%2Fuhuman.accenture.com%2F&state=eyJpZCI6ImVkM2Q5Y2Q5LTJjNjQtNGJlMy05M2Y0LTk1YmJkZTliNGMwNCIsInRzIjoxNjI0MjkxNjA5LCJtZXRob2QiOiJzaWxlbnRJbnRlcmFjdGlvbiJ9&nonce=55b55751-7bfc-4edc-9fe1-6675b20588ba&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=1.4.2&login_hint=A50874DIRPWSP%40accenture.com&client-request-id=2a9915d4-9681-42a0-9071-5e93f3fbb589&prompt=none&response_mode=fragment:87:330
MSAL Configuration
"auth": {
"authority": "https://login.microsoftonline.com/XXXXXXXXX-XXXX-XXXX-XXXX-198edd916feb",
"clientId": "XXXXXXXXX-XXXX-XXXX-XXXX-8e4cf97e4cc2",
"redirectUri": "https://uhuman.accenture.com",
"navigateToLoginRequestUrl" :"false",
"postLogoutRedirectUri": "https://uhuman.accenture.com/assets/logout.html"
},
Relevant Code Snippets
I don't have any particular code snippets for this issue
Reproduction Steps
Login with this particular account and the MSAL gets into a loop once it hits the authentication services I throws the described exceptions
Expected Behavior
Login in a normal or rejection if the account does not have the required permissions
Identity Provider
Azure AD / MSA
Browsers Affected (Select all that apply)
Chrome, Firefox, Edge
Regression
No response
Source
External (Customer)
Issue Analytics
- State:
- Created 2 years ago
- Comments:10 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
No, it should do nothing. The blank page will only be opened in the hidden iframe used by MSAL to renew the token. It will never be visible to the user.
@bladmoreno Without code snippets, it is difficult to determine if the issue is cause by usage or an issue with the library. Our recommendation is that you upgrade to msal-angular v2. This updated library was recently generally available, does not use hidden iframes, and should fix the iframe blocking tokens and the redirect loop. Please see our migration guide here for how to upgrade.