ClientAuthError: Token calls are blocked in hidden iframes
See original GitHub issueLibrary versions
react-aad-msal
: 2.3.1msal
:1.2.0
Describe the bug
Sometimes the following error is displayed in Chrome Developer tools console.
index.js:1406 [ERROR] ClientAuthError: Token calls are blocked in hidden iframe
It appears 500+ times and then
MsalAuthProvider.js:75 Uncaught (in promise) RangeError: Maximum call stack size exceeded
Usually happens after a page reload or when coming back after a while of inactivity on the page.
The react application is not rendered in an iframe, it’s a default create-react-app. However everything still seems to work fine after it happens.
Expected behavior No error messages in the console.
Desktop (please complete the following information):
- OS: Windows 10
- Browser: Chrome
- Version: 79.0.3945.117 (Official Build) (64-bit)
Issue Analytics
- State:
- Created 4 years ago
- Reactions:7
- Comments:25 (4 by maintainers)
Top Results From Across the Web
Token calls are blocked in hidden iframes · Issue #1156 - GitHub
This error is thrown when we detect that your application is calling acquireTokenSilent on page load inside of that iframe, in order to...
Read more >ClientAuthError: Token calls are blocked in hidden iframes
I'm building a javascript SPA using MSAL.js as a client for Azure Active Directory. When requesting an access token for my API as...
Read more >Avoid page reloads (MSAL.js) - Microsoft Entra
Avoid page reloads when acquiring and renewing tokens silently using ... (MSAL.js) uses hidden iframe elements to acquire and renew tokens ...
Read more >External module "error/ClientAuthError" - msal
ClientAuthErrorMessage: object. Defined in error/ClientAuthError.ts:10 ... desc: string = "Token calls are blocked in hidden iframes".
Read more >msal-browser - BrowserAuthError: monitor_window_timeout
msal-browser continuously polls the iframe to get the hash ... or the ssoSilent variations, the token is returned in a hidden iframe.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Took me a while, but through process of elimination worked out that you need
auth.html
in the public folder.
Error Message:
Without it:
Fix:
Add this to your public folder:
Package.json:
I tried this and updated to
msal 1.2.1
andreact-aad-msal 2.3.2
adding in the option ‘tokenRefreshUri’and now I get the following error instead:
Unsafe JavaScript attempt to initiate navigation for frame with origin 'https://localhost:3000' from frame with URL 'https://*'. The frame attempting navigation of the top-level window is sandboxed, but the flag of 'allow-top-navigation' or 'allow-top-navigation-by-user-activation' is not set.
We do however call getAccessToken within the
<AzureAD>
, shouldn’t that be handle with with the cache config set automatically and check if it’s already been run?https://github.com/syncweek-react-aad/react-aad#refreshing-access-tokens