问题
I am experiencing issue trying to obtain a new access token from my AD B2C. From my SPA I use the MSAL.js library (v0.1.3) to authenticate to my AD B2C. After an hour, the access token expires so I do a silent token renew procedure but it fails. I use the following link to get a new access token:
https://login.microsoftonline.com/te/myApp.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2FmyApp.onmicrosoft.com%2Fapi%2Faccount.read%20openid%20profile&client_id=XXX&redirect_uri=https%3A%2F%2FmyApp.azurewebsites.net%2F&state=XXX&nonce=XXX&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=0.1.3&client-request-id=XXX&prompt=none&domain_req=XXX&login_req=XXX-b2c_1_signin&domain_hint=organizations
I receive the following error from the B2C:
AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'. Correlation ID: YYY
I could not find any information concerning the caused of the error AADB2C90077.
Thanks
回答1:
For the record, after multiple back and forth with Microsoft technical support and developers teams we finally identified the cause of my AADB2C90077 error code. There was an issue in the Azure B2C backend where the default values were not handle properly by the system. My workaround was to modify the four token lifetime values: ‘Access & ID token lifetime’, ‘Refresh token lifetime’, ‘Refresh token sliding window lifetime’ and the ‘Web app session lifetime’, in order for them to appear into the policy xml.
As of February 22nd 2018, Microsoft confirmed they issue a fix to solve this issue. So if someone has the issue it is most likely for a different reason.
来源:https://stackoverflow.com/questions/48267456/cannot-renew-access-token-from-b2c-error-aadb2c90077