I've implemented an Azure AD login using the MSAL library on a Web App running Angular 11 and .NET Core 2.2. The login seems to work fine, but I couldn't find any reliable info on how to handle a 401 (unauthorized) HTTP error due to an expired token. Apparently I have to call acquireTokenSilent after having processed an interactive login, but when I do this I'm getting the following error:
Error retrieving access token: BrowserAuthError: no_account_error: No account object provided to acquireTokenSilent and no active account has been set. Please call setActiveAccount or provide an account on the request.
Where can I find the setActiveAccount method? I don't see it anywhere in the MsalService Class. Also I believe the library should set the account to active after a successful login.
I'm testing this scenario by returning a 401 Error from my API after the user logged in, to trigger the acquireTokenSilent call.
Here's the code from the Interceptor that handles the 401 Error:
return next.handle(authReq).pipe(catchError((err, caught) => {
if (err instanceof HttpErrorResponse && err.status === 401) {
if(this._settings.msalAuthentication) {
console.log("Attempting to get new MSAL access token: "+this._settings.msalAuthentication.scopes);
this._msal.acquireTokenSilent({scopes: this._settings.msalAuthentication.scopes})
.subscribe(result => {
console.log("received new MSAL token: "+result);
this._dataService.handleMsalAuthenticationResult(result);
},
error => {
console.log("Error retrieving access token: "+error);
});
return EMPTY;
}
The msalAuthentication object contains the result of the initial login, including the token, user info and scopes. I don't think the user should see a popup every time the token expires. Help would be appreciated.
