Reputation: 228
Cannot renew access token from B2C, error AADB2C90077
I am experiencing issue trying to obtain a new access token from my AD B2C. From my SPA I use the MSAL.js library (v0.1.3) to authenticate to my AD B2C. After an hour, the access token expires so I do a silent token renew procedure but it fails. I use the following link to get a new access token:
https://login.microsoftonline.com/te/myApp.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2FmyApp.onmicrosoft.com%2Fapi%2Faccount.read%20openid%20profile&client_id=XXX&redirect_uri=https%3A%2F%2FmyApp.azurewebsites.net%2F&state=XXX&nonce=XXX&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=0.1.3&client-request-id=XXX&prompt=none&domain_req=XXX&login_req=XXX-b2c_1_signin&domain_hint=organizations
I receive the following error from the B2C:
AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'. Correlation ID: YYY
I could not find any information concerning the caused of the error AADB2C90077.
Thanks
Upvotes: 4
Views: 2672
Answers (2)
Reputation: 1
One thing that could cause the AADB2C90077 error is a disabled value of Single sign-on configuration of a user flow or a custom policy.
Say you are on an SPA app requesting a token for your Web API app, like it is done in this MSAL sample. The SPA app and the Web API app each have their own app registrations. From the SPA app you are accessing a scope of the Web API app. The interactive login returns id_token, but subsequent request for access token fails with the above message.
Here is the setting to change for user flows (custom policies require editing of XML): User flow setting that causes AADB2C90077
Upvotes: 0
Reputation: 228
For the record, after multiple back and forth with Microsoft technical support and developers teams we finally identified the cause of my AADB2C90077 error code. There was an issue in the Azure B2C backend where the default values were not handle properly by the system. My workaround was to modify the four token lifetime values: ‘Access & ID token lifetime’, ‘Refresh token lifetime’, ‘Refresh token sliding window lifetime’ and the ‘Web app session lifetime’, in order for them to appear into the policy xml.
As of February 22nd 2018, Microsoft confirmed they issue a fix to solve this issue. So if someone has the issue it is most likely for a different reason.
Upvotes: 3
Related Questions
- Azure AD B2C Not getting Access Token
- Cannot make Azure B2C refersh token become invalid
- Problem with Azure AD B2C MSAL authentication
- Refreshing the access token from azure ad
- Refreshing token through msal.js
- Azure AD B2C - MSAL JS - Refreshing token yields AADB2C90055
- Error when obtaining token
- Azure AD B2C returns AADSTS70000 error on token request
- Acquiring new access token using refresh token adal js
- Azure B2C - Failed to acquire token silently