.loginPopup fails in returning BrowserAuthError: hash_empty_error

[dilipvaleti2]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.17.0

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

2.0.19

Public or Confidential Client?

Confidential

Description

The user cannot log in after entering email & password. The login popup gets closed and nothing happens.

After getting the error, that does not happen all times, it's possible to login after clicking the login button again (sometimes, it is needed to click it several times). This intermittence makes it difficult to debug.

If I click the login button again, I see the route change to the Redirect URL and then back to the login page, though the login page remains displayed through this process.
The Azure AD app in portal.azure.com (Microsoft_AAD_RegisteredApps) was configured with Single Page Application redirect URIs having the URI set matching the one configured in the msal configuration (auth.redirectUri property)

Error Message

index.js:32 Error during authentication BrowserAuthError: hash_empty_error: Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. For more visit: aka.ms/msaljs/browser-errors
at jW (BrowserAuthError.ts:359:12)

MSAL Logs

[Wed, 02 Apr 2025 05:29:13 GMT] : [] : @azure/msal-browser@4.9.1 : Info - handleRedirectPromise called but there is no interaction in progress, returning null.
[Wed, 02 Apr 2025 05:29:13 GMT] : [] : @azure/msal-react@3.0.8 : Info - MsalProvider - handleRedirectPromise resolved, setting inProgress to 'none'
***the children value is
Object
inprogress value is none
isAuthenticate value is undefined
isAuthenticated2 value is false
StateObj value is null
redirecting to unautherized page
2
waiting for 1sec
[Wed, 02 Apr 2025 05:29:14 GMT] : [] : @azure/msal-react@3.0.8 : Info - MsalProvider - msal:loginStart results in setting inProgress from none to login
2
waiting for 1sec
[Wed, 02 Apr 2025 05:29:22 GMT] : [0195f4f9-9d97-77ae-a74f-89b53dc15631] : msal.js.browser@4.9.1 : Error - The request has returned to the redirectUri but a fragment is not present. It's likely that the fragment has been removed or the page has been redirected by code running on the redirectUri page.
loggerCallback @ main.606cd7dc.js:2
[Wed, 02 Apr 2025 05:29:22 GMT] : [] : @azure/msal-react@3.0.8 : Info - MsalProvider - msal:loginFailure results in setting inProgress from login to none
Error during authentication BrowserAuthError: hash_empty_error: Hash value cannot be processed because it is empty. Please verify that your redirectUri is not clearing the hash. For more visit: aka.ms/msaljs/browser-errors
at WW (main.606cd7dc.js:2:1101865)
at $G (main.606cd7dc.js:2:1203252)
at main.606cd7dc.js:2:1118051
at mY.executeCodeFlow (main.606cd7dc.js:2:1230310)
at async onClick (main.606cd7dc.js:2:1043492)
sign-in:1 Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&display=swap' because it violates the following Content Security Policy directive: "style-src-elem 'self' 'unsafe-inline'".
sign-in:1 Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Material+Icons|Material+Icons+Outlined|Material+Icons+Two+Tone|Material+Icons+Round|Material+Icons+Sharp' because it violates the following Content Security Policy directive: "style-src-elem 'self' 'unsafe-inline'".


Network Trace (Preferrably Fiddler)

• Sent
• Pending

MSAL Configuration

export const msalConfig = {
    auth: {
        clientId: "***************5f596f4",
        authority: "https://login.microsoftonline.com/**********2de90a76ab5",
        redirectUri: "https://**************.cloudfront.net/callsummary",
    },
    cache: {
        cacheLocation: "localStorage",
        storeAuthStateInCookie: false,
    },
    system: {
        loggerOptions: {
          loggerCallback: (level, message, containsPii) => {
            if (containsPii) return;
            switch (level) {
              case LogLevel.Error: console.error(message); break;
              case LogLevel.Info: console.info(message); break;
              case LogLevel.Verbose: console.debug(message); break;
              case LogLevel.Warning: console.warn(message); break;
            }
          },
        },
      },
    };

Relevant Code Snippets

const { instance, inProgress } = useMsal();
const activeAccount = instance.getActiveAccount();
var loginResponse;
// Use MSAL to log in the user
if (activeAccount) {
  // Try to acquire a token silently
  loginResponse = await instance.acquireTokenSilent(loginRequest);
  console.log('Token acquired silently', loginResponse);
} else {
  loginResponse = await instance.loginPopup(loginRequest);
  console.log('loginResponse', loginResponse);
    }
}

Reproduction Steps

Open application
Click login button
After being redirected to new tab, logging in, and being redirected back to login page, click login button again.
Login page continues to be displayed while URL can be seen changing to Redirect URL and back to login page while error appears in console.
Then after when we click on login button the pop up page comes and closes automatically and it may login or show the same error in console, after 2/3 attempts it allowing the page to login successfully.

Expected Behavior

The user can log-in in single attempt if he/she is authorized to access the app.

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Chrome

Regression

3.17.0

[dilipvaleti2]

Hi Team , I have referred the couple of closed issues, but the solution provided in that are not worked for me.
https://github.com.mcas.ms/AzureAD/microsoft-authentication-library-for-js/issues/4573
https://github.com.mcas.ms/AzureAD/microsoft-authentication-library-for-js/issues/4839
Please suggest, relevant solution to resolve this issue.

[dilipvaleti2]

Hi Team, Can I get an update on this, and take this as priority as an issue happening in a production env.

[dilipvaleti2]

Hi Team,
Can some one check the above issue and suggest your thoughts?