问题
I am currently having trouble with the ADAL.js (v1.0.7) library. When I load my app after a decent period of time I get a login error stating "Nonce is not same as undefined." After looking over the code, I am wondering if I am missing a best practice. To my knowledge, I have followed the suggestions of @vibronet here. Should I be refreshing the user profile, or logging out, or something else?
My configuration looks like:
window.config = {
instance: 'https://login.microsoftonline.com/',
tenant: 'blahblahblah.onmicrosoft.com',
clientId: 'GUID',
postLogoutRedirectUri: window.location.origin,
cacheLocation: 'localStorage'
};
this.authContext = new window.AuthenticationContext(window.config);
var isCallback = this.authContext.isCallback(window.location.hash);
this.authContext.handleWindowCallback();
if (isCallback && !this.authContext.getLoginError()) {
window.location = this.authContext._getItem(this.authContext.CONSTANTS.STORAGE.LOGIN_REQUEST);
}
If there has been an extended period of inactivity, the error occurs after calling this.authContext.login(). In order to get the error I call this.authContext.getLoginError().
I get why the nonce is different, but I want to "reset" it or cause a brand new login to happen.
Please let me know what other relevant information I can provide.
回答1:
Update:
Seems like solution has been provided in blog post you provide. below is the quote.
The trick is to go back to the authority asking for a token, like we’d do in the roundtrip apps scenario, but doing so in a hidden iframe. If there is still an existing session with the authority (which might be represented by a cookie – but it is a cookie in the domain of the authority, NOT the app’s) we will be able to get a new token without any UX. There is even a specific parameter, prompt=none, which lets Azure AD know that we want to get the token without a UX, and if it can’t be done we want to get an error back. Here there’s the request.
Previous answer:
i am not fully follow what your code does. but as from blog post, seems like underneath you are using OAuth 2.0
when you said error happen when there is period of inactivity, my guess is token has been invalid, and you will need to refresh the token. Not sure if there is a way for you to refresh it. But normally on server side once you authenticated, OAuth 2.0 provider will hand over you a token and a refresh token, if token is expired, you can use refresh token to get a new one.
来源:https://stackoverflow.com/questions/34686460/adal-js-nonce-is-not-same-as-undefined