microsoft-adal-angular6 Token Refresh Error

Question

I'm using Angular ADAL wrapper microsoft-adal-angular6 in my application. Authentication is working. however, during token refresh, Azure AD returns "A silent sign-in request was sent but none of the currently signed in user(s) match the requested login hint" error. is there any fix for this issue?

This is the trace from the fiddler. REQUEST HEADER GET /xxxx-xxxx-xxxx-xxxx/oauth2/authorize?response_type=id_token&client_id=xxxx-xxxx-xxxx-xxxx&redirect_uri=http://localhost:4200/#/login/callback#&state=xxxx-xxxx-xxxx-xxxx|xxxx-xxxx-xxxx-xxxx&client-request-id=xxxx-xxxx-xxxx-xxxx&x-client-SKU=Js&x-client-Ver=1.0.17&prompt=none&login_hint=Firstname.Lastname@comapany.com&domain_hint=company.com&nonce=xxxx-xxxx-xxxx-xxxx HTTP/1.1

RESPONSE Location: http://localhost:4200/#error=login_required&error_description=AADSTS50058: A silent sign-in request was sent but none of the currently signed in user(s) match the requested login hint. Trace ID: 81dc661a-9151-4d18-a951-e202aa411b00 Correlation ID: ce35413a-f1fa-44ef-aa48-937375c579cc Timestamp: 2020-07-01 11:23:35Z&error_uri=https://login.microsoftonline.com/error?code=50058&state=xxxx-xxxx-xxxx-xxxx|xxxx-xxxx-xxxx-xxxx

I tried adalsvc.RefreshToken() to avoid the silent sign-in (is that correct?) and I got the below warning. Set-Cookie header is ignored in response from url: https://login.microsoftonline.com/xxxx-xxxx-xxxx-xxxx/oauth2/authorize?response_type=id_token&client_id=xxxx-xxxx-xxxxx-xxxx&redirect_uri=http://localhost:4200/#/login/callback#&state=xxxx-xxxx-xxxx-xxxxx|xxxx-xxxx-xxxx-xxxx&client-request-id=xxxx-xxxx-xxxx-xxxx&x-client-SKU=Js&x-client-Ver=1.0.17&prompt=none&login_hint=firstname.lastname@company.com&domain_hint=company.com&nonce=xxxx-xxxx-xxxx-xxxx. Cookie length should be less than or equal to 4096 characters.

Can you please share full error details – Sruthi J Jul 02 '20 at 18:04 — Sruthi J, Jul 02 '20 at 18:04
Thanks. I've added more details in the question. – subanboy Jul 02 '20 at 18:38 — subanboy, Jul 02 '20 at 18:38

score 0 · Answer 1 · answered Jul 02 '20 at 19:12

Some of the possible for causing the error

Possible Resolution #1 Proactively Check for Expiration You can attempt to prevent this error from ever occurring by checking if you have a valid id token. If you're ID token is not valid, you will ask the user to login again.

Possible Resolution #2 Catching the Error and Asking the User to Login Again To resolve this error you will need to catch this error in a callback that you can pass into the acquiretoken ADAL JS function. If the AADSTS50058 error occurs, you'll ask the user to login again.

Possible Resolution #3 Browser Extension Cookie Blockers and Third Party Cookies Disabled Some users may experience this issue due to a browser extension that is blocking cookies for tracking purposes. This will cause this AADSTS50058 error to occur, you will need to whitelist the login.microsoftonline.com endpoint in your browser extension in order to avoid receiving this error again.

This error can also occur if the third party cookies have been disabled in your browser. Re-enable third party cookies in your browser to prevent this error from occurring.

Please refer to this link

Please choose MSAL over ADAL and here is the sample for angular using MSAL

Please refer the link for migration of ADAL to MSAL

Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer using the check mark so that others in the community with similar questions can more easily find a solution. Also, Please spare few mins to let us know how we did using this link — Nishant, Aug 05 '20 at 20:26

microsoft-adal-angular6 Token Refresh Error

1 Answers1