Reputation: 1
microsoft-adal-angular6 Token Refresh Error
I'm using Angular ADAL wrapper microsoft-adal-angular6 in my application. Authentication is working. however, during token refresh, Azure AD returns "A silent sign-in request was sent but none of the currently signed in user(s) match the requested login hint" error. is there any fix for this issue?
This is the trace from the fiddler.
REQUEST HEADER
GET /xxxx-xxxx-xxxx-xxxx/oauth2/authorize?response_type=id_token&client_id=xxxx-xxxx-xxxx-xxxx&redirect_uri=http://localhost:4200/#/login/callback#&state=xxxx-xxxx-xxxx-xxxx|xxxx-xxxx-xxxx-xxxx&client-request-id=xxxx-xxxx-xxxx-xxxx&x-client-SKU=Js&x-client-Ver=1.0.17&prompt=none&[email protected]&domain_hint=company.com&nonce=xxxx-xxxx-xxxx-xxxx HTTP/1.1
RESPONSE
Location: http://localhost:4200/#error=login_required&error_description=AADSTS50058: A silent sign-in request was sent but none of the currently signed in user(s) match the requested login hint. Trace ID: 81dc661a-9151-4d18-a951-e202aa411b00 Correlation ID: ce35413a-f1fa-44ef-aa48-937375c579cc Timestamp: 2020-07-01 11:23:35Z&error_uri=https://login.microsoftonline.com/error?code=50058&state=xxxx-xxxx-xxxx-xxxx|xxxx-xxxx-xxxx-xxxx
I tried adalsvc.RefreshToken() to avoid the silent sign-in (is that correct?) and I got the below warning.
Set-Cookie header is ignored in response from url: https://login.microsoftonline.com/xxxx-xxxx-xxxx-xxxx/oauth2/authorize?response_type=id_token&client_id=xxxx-xxxx-xxxxx-xxxx&redirect_uri=http://localhost:4200/#/login/callback#&state=xxxx-xxxx-xxxx-xxxxx|xxxx-xxxx-xxxx-xxxx&client-request-id=xxxx-xxxx-xxxx-xxxx&x-client-SKU=Js&x-client-Ver=1.0.17&prompt=none&[email protected]&domain_hint=company.com&nonce=xxxx-xxxx-xxxx-xxxx. Cookie length should be less than or equal to 4096 characters.
Upvotes: -2
Views: 232
Answers (1)
Reputation: 1602
Some of the possible for causing the error
Possible Resolution #1 Proactively Check for Expiration You can attempt to prevent this error from ever occurring by checking if you have a valid id token. If you're ID token is not valid, you will ask the user to login again.
Possible Resolution #2 Catching the Error and Asking the User to Login Again To resolve this error you will need to catch this error in a callback that you can pass into the acquiretoken ADAL JS function. If the AADSTS50058 error occurs, you'll ask the user to login again.
Possible Resolution #3 Browser Extension Cookie Blockers and Third Party Cookies Disabled Some users may experience this issue due to a browser extension that is blocking cookies for tracking purposes. This will cause this AADSTS50058 error to occur, you will need to whitelist the login.microsoftonline.com endpoint in your browser extension in order to avoid receiving this error again.
This error can also occur if the third party cookies have been disabled in your browser. Re-enable third party cookies in your browser to prevent this error from occurring.
Please refer to this link
Please choose MSAL over ADAL and here is the sample for angular using MSAL
Please refer the link for migration of ADAL to MSAL
Upvotes: 0
Related Questions
- How to stay authenticated with ms-adal-angular6?
- Auth Token not refreshing after specific time using microsoft-adal-angular6 library
- Angular with adal-angular4 and refresh token
- angular 5 adal.js automatic token renew in load angular twice or more
- Refresh id_token ADAL: Angular 4
- How to get correct bearer token through Microsoft-adal-angular6 library?
- Why is microsoft-adal-angular6 not attaching the bearer token?
- Cannot verify AAD token obtained via adal-angular4
- Adal js Library - this.adalService.acquireToken method giving "Token renewal operation failed due to timeout" on first time login
- AngularJS Components and ADAL (Active Directory Azure Library for JS)