Can't find how to handle AADB2C90091 error code when redirected to a MSALGuard route

[doug-williamson]

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.31.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

None

Public or Confidential Client?

Public

Description

When cancelling a workflow, like EditProfile, the redirect (back) to the app blows up when the route is MSAL guarded. No content renders as a result.

Error Message

main.js:213873

   ERROR ServerError: access_denied: AADB2C90091: The user has cancelled entering self-asserted information.

Correlation ID: 8cfece7a-4f8f-4532-91ea-93d51ab85d8b
Timestamp: 2023-03-16 20:28:45Z

at ServerError.AuthError [as constructor] (main.js:20566:20)
at new ServerError (main.js:21755:24)
at ResponseHandler.validateServerAuthorizationCodeResponse (main.js:23285:13)
at AuthorizationCodeClient.handleFragmentResponse (main.js:18854:21)
at RedirectHandler.<anonymous> (main.js:12341:50)
at step (main.js:1551:17)
at Object.next (main.js:1482:14)
at main.js:1454:67
at new ZoneAwarePromise (polyfills.js:9455:21)
at __awaiter (main.js:1433:10)

Msal Logs

No response

MSAL Configuration

export function MSALInstanceFactory(): IPublicClientApplication {
	return new PublicClientApplication({
		auth: {
			clientId: environment.msalConfig.auth.clientId,
      		authority: environment.b2cPolicies.authorities.signIn.authority,
			redirectUri: window.location.origin,
			postLogoutRedirectUri: environment.msalConfig.auth.logoutRedirectUri, 
			knownAuthorities: [environment.b2cPolicies.authorityDomain]
		},
		cache: {
			cacheLocation: BrowserCacheLocation.SessionStorage,
			storeAuthStateInCookie: isIE, // set to true for IE 11.
		},
		system: {
			loggerOptions: {
				loggerCallback,
				logLevel: LogLevel.Verbose,
				piiLoggingEnabled: false
			},
		},
	});
}

Relevant Code Snippets

Call a policy from a guarded route

Reproduction Steps

Sign into the app.
From MSAL-guarded route, trigger ViewProfile policy.
On ViewProfile policy, click Exit.
Returns to app, and guarded route, but nothing renders.

Expected Behavior

After cancelling a workflow, I should be able to go back to my application is if nothing happened.

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

Chrome, Edge

Regression

No response

Source

External (Customer)

[sameerag]

@doug-williamson Can you share your sample code for us to rule out any usage issues here?

@derisen any idea why this might be happening?

[derisen]

@doug-williamson @sameerag let me try reproducing this and get back

[doug-williamson]

It's the standard Angular14B2C sample application, with HomeComponent, LoginFailedComponent and ProfileComponent, but with '' (HomeComponent) route guarded as well as ProfileComponent: const routes: Routes = [ { path: 'profile', component: ProfileComponent, canActivate: [MsalGuard] }, { path: '', component: HomeComponent, canActivate: [MsalGuard] }, { path: 'login-failed', component: FailedComponent } ];

…

On Fri, Mar 17, 2023 at 4:04 PM Doğan Erişen ***@***.***> wrote: @doug-williamson <https://github.com/doug-williamson> @sameerag <https://github.com/sameerag> let me try reproducing this and get back — Reply to this email directly, view it on GitHub <#5800 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AC7XYYPCB4FH4GY6UUVPW2TW4S7WFANCNFSM6AAAAAAV5WTFC4> . You are receiving this because you were mentioned.Message ID: <AzureAD/microsoft-authentication-library-for-js/issues/5800/1474352320@ github.com>