Reputation: 403
How to re-authenticate on AD without reloading page?
I'm working on a SPA where adal-angular lib is used to handle auth on client side. On backend app, passport-azure-ad is used with Bearer Strategy, to issue access token and other stuff(no refresh token though).
When user authenticates, accessToken, together with idToken is saved in localStorage, and with token timeout (which is around 1h).
When token expires, I get error (AADSTS50058) back saying single sign-in failed as it is missing cookie, to confirm identity. I'm not sure who needs to issue this cookie, and why it is not issued.
So I have one choice to manually, after reaching that error, call signIn method, programatically. It works to login, but full page reload happens and user loses work.
So my questions are:
Can this be fixed with missing cookie, who needs to issue the cookie, and will it also do full page reload or not?
If I cannot solve this with missing cookie, is there another way to re-login without doing full page reload?
Thanks.
Upvotes: 0
Views: 436
Answers (1)
Reputation: 5530
This error may occur if the third-party cookies have been disabled in your browser.
If you are accessing angular application through Chrome browser on incognito mode. it disables third-party cookies at the home page.
If you are using incognito mode. Re-enable third party cookies in your browser to prevent this error from occurring.
For AADSTS50058 error you need to whitelist the login.microsoftonline.com endpoint in your browser extension in order to evade receiving this error again
For using access token, I would suggest to use refresh token, access token has a short life span as it becomes invalid or expires you need to re-login. So make use of refresh token as it has long life span
However, there are two alternatives,
- Set the shorter expiry date 60 minutes to Access Token.
- Set the long expiry date 100 days to Refresh Token.
“Access token good for an hour, refresh token good for a year or good-till-revoked” So, you better use both Access Token and Refresh Token to fix this issue
To know more in detail please find these links if they are helpful:
Upvotes: 1
Related Questions
- How to get azure ad refresh token with react
- Force re-authentication with Azure AD
- ExpressJS/Passport-SAML Single Log Out re-logs in directly
- How to renew my AAD session using adal-angular5?
- Azure ADAL - How to get refresh token / how to refresh access token for nodejs backend server to server connection?
- How to use azure AD authentication from node.js server side non interactively
- Refreshing the access token from azure ad
- Refreshing token through msal.js
- No refresh token when using Passport and passport-azure-ad
- Acquiring new access token using refresh token adal js