Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Token renewal operation failed due to timeout.
See original GitHub issueLibrary versions)
react-aad-msal: 2.3.5 (latest) and 2.2.1msal: 1.4.0 (latest) and 1.2.0
Describe the bug
1-10 minutes after the initial login, we and our clients get redirected to the Microsoft login screen. From there on the only way to login again is to delete the cookies.
Additionally, the following error is logged multiple times to the console: MSAL Authentication Error! Error-Code: token_renewal_error | Error-Message: Token renewal operation failed due to timeout.
Interesting Notes
- Our react-msal setup worked fine for 5 months. Now from one day to another this error occurred. We didn’t modify the code or change any package versions.
- We experience this issue primarily on Firefox. Still some of our clients have reported this issue for Chrome.
- We upgraded both packages to the latest versions, as noted at the beginning. The issue remains.
Our Setup: Our setup is almost the same as described in your documentation.
- We have a static served auth.html.
- We have added both http://localhost:3000 and http://localhost:3000/auth.html to the Redirect URLs.
- This is our msal configuration:
import { MsalAuthProvider, LoginType } from 'react-aad-msal';
import { Logger, LogLevel } from 'msal';
const origin = "http://localhost:3000";
const config = {
auth: {
authority: 'https://login.microsoftonline.com/' + tenant,
clientId: clientId,
postLogoutRedirectUri: origin,
redirectUri: origin,
validateAuthority: true,
navigateToLoginRequestUrl: false
},
system: {
logger: new Logger(
(logLevel, message, containsPii) => {
console.log(logLevel, message);
{
level: LogLevel.Warning,
piiLoggingEnabled: false
}
)
},
cache: {
cacheLocation: 'localStorage', // we also tried 'sessionStorage',
storeAuthStateInCookie: false
}
};
const authenticationParameters = {
scopes: ['openid']
};
const options = {
loginType: LoginType.Redirect,
tokenRefreshUri: origin + "/auth.html"
};
return new MsalAuthProvider(config, authenticationParameters, options); // provider
- Then we use the provider from above like this:
<AzureAD provider={provider} forceLogin>
...
</AzureAD>
Desktop:
- OS: Ubuntu
- Browser Firefox and Chrome
- Version 80.0 (Firefox)
I am grateful for any help. 😃
Issue Analytics
- State:
- Created 3 years ago
- Reactions:4
- Comments:5
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
It’s pretty weird. I haven’t experienced this issue for one day. But now the token-renewal fails like before.
@AndrewCraswell could you please have a look on this?
I am also facing this issue, it seems like this library is using MSAL v1 endpoint which utilizes iframe to renew the tokens now discouraged by modern browsers. for this MSAL.js v2.0 endpoint was introduced to resolve it. checkout https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow