当我通过 loginRedirect
登录时,我可以看到重定向中填充了 MSAL token ,但在尝试使用该 token 时出现此错误:
Could not silently retrieve token from storage.
AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'" directly after a successful login via Angular SPA app connected to Azure B2C.
我在 GitHub Issue 中发现了类似的东西, 然后评论 another issue在由于没有 token 而被迫执行 tokenPopup()
后出现错误之后:
"This application does not have sufficient permissions against this web resource to perform the operation"
他们可能没有关系,但他们都在阻止我
在此代码中,loginredirect
有效,我可以在本地存储中看到 token ,然后在下次使用 token 时,我收到控制台日志 authCallback-err
然后记录“无法从存储中静默检索 token ...”和首先提到的错误。
@Injectable()
export class MsalService {
private access_token: string;
private tenantConfig = {
tenant: environment.tenant,
clientID: environment.clientID,
signUpSignInPolicy: environment.signUpSignInPolicy,
b2cScopes: environment.b2cScopes
};
private authority = "https://login.microsoftonline.com/tfp/" +
this.tenantConfig.tenant +
"/" +
this.tenantConfig.signUpSignInPolicy;
private clientApplication: Msal.UserAgentApplication;
private authCallback(errorDesc: any, token: any, error: any, tokenType: any) {
var _this = this;
console.log("authCallback");
// For loginRedirect, tokenType = "id_token". For acquireTokenRedirect, tokenType:"access_token".
if (token) {
console.log("authCallback- Id token", token);
this.access_token = token;
} else {
console.log("authCallback-err : " + error + ":" + errorDesc);
alert("error here");
}
}
constructor() {
this.clientApplication = new Msal.UserAgentApplication(
this.tenantConfig.clientID,
this.authority,
this.authCallback,
{
cacheLocation: "localStorage",
redirectUri: "https://localhost:4200/msallogin"
}
);
}
get authenticated() {
const user = this.clientApplication.getUser();
if (user) {
return true;
}
return false;
}
public loginRedirect(): void {
this.clientApplication.loginRedirect(this.tenantConfig.b2cScopes);
}
public getAuthenticationToken(): Promise<string> {
return this.clientApplication
.acquireTokenSilent(this.tenantConfig.b2cScopes)
.then(token => {
console.log("Got silent access token: ", token);
return token;
})
.catch(error => {
console.log("Could not silently retrieve token from storage.", error);
return this.clientApplication
.acquireTokenPopup(this.tenantConfig.b2cScopes)
.then(token => {
console.log("Got popup access token: ", token);
return token;
})
.catch(error => {
console.log("Could not retrieve token from popup.", error);
this.clientApplication.acquireTokenRedirect(
this.tenantConfig.b2cScopes
);
return Promise.resolve("");
});
});
}
public login(): void {
var _this = this;
this.clientApplication.loginPopup(this.tenantConfig.b2cScopes).then(
function(idToken: any) {
_this.clientApplication
.acquireTokenSilent(_this.tenantConfig.b2cScopes)
.then(
function(accessToken: any) {
_this.access_token = accessToken;
console.log("ACCESS TOKEN: \n " + _this.access_token);
},
function(error: any) {
_this.clientApplication
.acquireTokenPopup(_this.tenantConfig.b2cScopes)
.then(
function(accessToken: any) {
_this.access_token = accessToken;
},
function(error: any) {
alert("Error acquiring the popup:\n" + error);
}
);
}
);
},
function(error: any) {
alert("Error during login:\n" + error);
}
);
}
logout(): void {
this.clientApplication.logout();
}
isOnline(): boolean {
return this.clientApplication.getUser() != null;
}
public getUser(): string {
const user = this.clientApplication.getUser();
if (!user) {
return null;
}
return user.name;
}
}
然后,一旦我登录,重定向就会返回,我会重定向到另一条 angular 路由。该组件已注入(inject) MSAL 服务。
此时,我调用 getUser()
并可以看到我的用户名。然后我点击一个按钮发出一个网络请求,发出下一段代码作为拦截器,但是因为没有 token 而失败
@可注入(inject)() 导出类 MSALAuthenticationHttpInterceptor 实现 HttpInterceptor { 构造函数(私有(private) msalService:MsalService){}
@intercept(
req: HttpRequest<any>,
next: HttpHandler
): Observable<HttpEvent<any>> {
return Observable.fromPromise(
this.msalService.getAuthenticationToken()
).switchMap(token => {
req = req.clone({
setHeaders: {
Authorization: `Bearer ${token}`
}
});
return next.handle(req);
});
}
}
我的 B2C 用作连接到 Azure 函数的 postman 应用程序,它绝对是 B2C 配置、我的代码或 MSAL。 If it is我无法从 B2C 策略 Blade 修改这些设置,所以不确定他是如何解决的。
B2c 配置列在 1 的注释中 我在这上面花了很多时间,这可能很容易,但是由于跨各种应用程序的多个范围以及不同的问题和范围 Blade 的变化,它似乎比应该的更难
使用:
Angular: "5.2.0"
MSAL: "^0.1.5"
最佳答案
我有同样的错误。
我所做的是在登录策略的 XML 文件中添加 2 行,这解决了我的问题。
<UserJourneyBehaviors>
<SessionExpiryType>Absolute</SessionExpiryType>
<SessionExpiryInSeconds>86400</SessionExpiryInSeconds>
</UserJourneyBehaviors>
希望对您有所帮助。 :)
关于typescript - b2c msal 用户没有现有的 session 和请求提示参数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49424692/