Can't construct an IdTokenResponse from a AuthResponse that has a token type of "access_token
See original GitHub issueLibrary versions
react-aad-msal
: 2.3.5msal
: 1.4.0
Describe the bug
I got this message in the console [ERROR] Error: Can't construct an IdTokenResponse from a AuthResponse that has a token type of "access_token".
when I refresh the page after I’m logged. In Redux the action AAD_ACQUIRED_ACCESS_TOKEN_SUCCESS
also is fired right after AAD_INITIALIZING
. I tried to track it down, and it appears to crash on the getIdToken
function.
Expected behavior
The flux I use in my project is to try to get the access token only after the action AAD_LOGIN_SUCCESS
is called. But I started to get the error I described above, on console, and all others steps failed too (AAD_LOGIN_ERROR
, AAD_ACQUIRED_ID_TOKEN
)
The expected is to complete the login when has a current session after the page is reloaded.
To Reproduce Steps to reproduce the behavior:
- Do the login with Azure to create the session
- Refresh the browser page
- The error occur
Solution:
The temporary solution I found and it worked for me, was to downgrade the msal
version to the same used on this repository (react-aad
), version 1.2.1
Desktop:
- OS: Ubuntu 20.04 LTS
- Browser: Chrome v84.0.4147.135
Issue Analytics
- State:
- Created 3 years ago
- Reactions:4
- Comments:17
Top GitHub Comments
Hey all, I’ve had the same issue and at least on my end its an error on the token refresh. When the token is cached, it had the wrong token type causing a failure. Temp fix that is working for me is to set forceRefresh: true in the authenticationParameters
UPDATE: In some instances the
forceRefresh: true
will cause an authentication failure due to a “client auth loop”. This is an error returned from Microsoft when an app requests too many tokens in a short time span (details here)The real issue lies in the token refresh. When the silent token call caches the token, the token_type is not refreshed. This causes a conditional check to fail in this library. https://github.com/syncweek-react-aad/react-aad/blob/5015337ef1eaa6d29822b207ddd2efeedc28caef/packages/react-aad-msal/src/IdTokenResponse.ts#L11
The real issue will be solving the token cache issue, but in the mean time, a better fix I am using is to patch the dependency directly to check if a token exists rather than for the tokenType. (You can add better logic to check if an idToken exists in the object if you want to be really safe).
This is the library I used for the patch: https://github.com/ds300/patch-package#readme