WebSite + Distributed caching does not work with B2C

Core Library

MSAL Node (@azure/msal-node)

Core Library Version

1.14.2

Wrapper Library

Not Applicable

Wrapper Library Version

None

Public or Confidential Client?

Confidential

Description

My environment/usage: Confidential client (scoped to request) and auth code flow against Azure B2C. DistributedCachePlugin with redis implementation for ICacheClient - and custom partitionmanager.

After extensive debugging I could see that the NodeStorage internal cache (in-memory) had initially (when a new token is acquired) an entry with authority metadata with key prefix authority-metadata-.

When the cacheplugin is called afterCacheAccess - which in turns asks TokenCache to serialize, this entry is not a part of the state.

If I pick out the internal cache state from NodeStorage for this entry and do my own serialize and add it back into the internal cache on beforeCacheAccess, it works as expected.

Error Message

Symptoms:

• IdTokenClaims are not populated on e.g. getAccountByHomeId, but no errors propagated
• acquireTokenSilent fails

Msal Logs

No response

MSAL Configuration

n/a

Relevant Code Snippets

n/a

Reproduction Steps

Use DistributedCachePlugin Fetch an identity token Do a get account and see that idTokensClaims property on the returned account is empty even though it is in the cache

Expected Behavior

The whole story around hooking in external cache/storage in “non-desktop scenarios” is far from optimal. I also had to apply workarounds to detect account removed from in-memory cache to be reflected properly in distributed cache (separate github issue to be created).

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

None (Server)

Regression

No response

Source

External (Customer)