Skip to content

MSAL v3 library return expired tokens #7708

New issue
New issue
Open
Open
MSAL v3 library return expired tokens#7708
Labels
Needs: Author FeedbackAwaiting response from issue authorbug-unconfirmedA reported bug that needs to be investigated and confirmedmsal-angularRelated to @azure/msal-angular packagemsal-browserRelated to msal-browser packagepublic-clientIssues regarding PublicClientApplicationsquestionCustomer is asking for a clarification, use case or information.
@e-vidyaraghavi

Description

@e-vidyaraghavi
e-vidyaraghavi
opened on Apr 22, 2025

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.28.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

None

Public or Confidential Client?

Public

Description

I have implemented NAA using the link (https://learn.microsoft.com/en-us/office/dev/add-ins/develop/enable-nested-app-authentication-in-your-add-in) with the below code using the MSAL library version v3.28.1 :

initializeMSALv3:function(){
const msalConfig = {
auth:
{
clientId: xxx ,
authority: "https://login.microsoftonline.com/common"
}
};
msal.createNestablePublicClientApplication(msalConfig).then(function(response){
msalInstance=response;
acquireTokensUsingMSALv3();
});
}
acquireTokensUsingMSALv3:function(){
var tokenRequest={ scopes:"Mail.Read, offline_access, openid, profile, User.Read",forceRefresh:true };
msalInstance.acquireTokenSilent(tokenRequest).then( function(tokenResponse) {
if(tokenResponse.idToken!=null && tokenResponse.idToken!=""){
console.log(tokenResponse);
}
}).catch(
msalInstance.acquireTokenPopup(tokenRequest).then(function(tokenResponse){
if(tokenResponse.idToken!=null && tokenResponse.idToken!=""){
console.log(tokenResponse);
}
})
);
}

But I'm getting expired tokens, how can I make sure the tokens returned are always valid despite of giving forceRefresh:true ?? Also it will be helpful how I can ensure get new tokens while calling the method acquireTokenSilent??

Error Message

No response

MSAL Logs

No response

Network Trace (Preferrably Fiddler)

  • Sent
  • Pending

MSAL Configuration

const msalConfig = {
            auth:
            {
                clientId: outlookVariables.clientId ,
                authority: "https://login.microsoftonline.com/common"
            }
        };
        msal.createNestablePublicClientApplication(msalConfig).then(function(response){
            outlookLoginUtils.msalInstance=response;
            outlookLoginUtils.acquireTokensUsingMSALv3();
        });

Relevant Code Snippets

acquireTokensUsingMSALv3:function(){
 var tokenRequest={ scopes:"Mail.Read, offline_access, openid, profile, User.Read",forceRefresh:true };
  msalInstance.acquireTokenSilent(tokenRequest).then( function(tokenResponse) {
   if(tokenResponse.idToken!=null && tokenResponse.idToken!=""){
    console.log(tokenResponse);
  }
}).catch(error){
 console.log(error);
});

Reproduction Steps

Getting expired tokens while calling acquireTokenSilent

Expected Behavior

Require new tokens on call with forceRefresh:true param

Identity Provider

Entra ID (formerly Azure AD) / MSA

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    Needs: Author FeedbackAwaiting response from issue authorbug-unconfirmedA reported bug that needs to be investigated and confirmedmsal-angularRelated to @azure/msal-angular packagemsal-browserRelated to msal-browser packagepublic-clientIssues regarding PublicClientApplicationsquestionCustomer is asking for a clarification, use case or information.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions