Receiving error "No cached accounts found for the supplied homeAccountId and clientId" when attempting to acquireTokenSilent

Question

I have a React Native project that we've recently been attempting to move over to AzureB2C. We have been leveraging the now archived package react-native-msal. Our project also employs react-native-web. The web functionality is working without issue, however, when working in the app natively, I am getting an issue when attempting to call the acquireTokenSilent method, which fails with the error message:

No cached accounts found for the supplied homeAccountId and clientId

I've found this post which mentions an issue with the signing key, but, re-running that does not result in a different Signature, and so I don't believe it's that. I also found this thread which suggests an answer but doesn't provide it.

Our configuration is quite simple as well.

{
  "auth": {
    "clientId": "<CLIENT_ID>",
    "redirectUri": "msauth://<PACKAGE>/<SIGNATURE_HASH>",
    "authority": "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
    "navigateToLoginRequestUrl": false,
    "knownAuthorities": [
      "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
      "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_PASSWORDRESET"
    ]
  },
  "cache": {
    "cacheLocation": "sessionStorage",
    "storeAuthStateInCookie": false
  }
}

The Sign in, out, getting accounts all work fine in both Web and the Native App. It's just that acquireTokenSilent doesn't work correctly in the Native App.

Does anyone have any other suggestions?

Answer 1

This error occurs if there is no cache entry for the authority for request which can be cleared if the temporary cache in msal cleared. It is basically stored in session storage. So please make sure storeAuthStateInCookie is set to true.

 const msalConfig =         
    {
      "auth": {
        "clientId": "<CLIENT_ID>",
        "redirectUri": "msauth://<PACKAGE>/<SIGNATURE_HASH>",
        "authority": "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
        "navigateToLoginRequestUrl": false,
        "knownAuthorities": [
          "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
          "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_PASSWORDRESET"
        ]
      },
      "cache": {
        "cacheLocation": "sessionStorage",
        "storeAuthStateInCookie": false //make this true
      }
    }

Then check the auth info in cache that is stored

Note : Update msal/browser to latest versions.

• Try to enable the KMSI feature for users of native applications who have local accounts in your Azure AD B2C directory.This can be done under userflows > properties > session behaviour.

Answer 2

In conjunction with Microsoft and a colleague of mine, we got to the bottom of the issue here. It seems we needed to do two things:

Remove a line from out TRUSTFRAMEWORKBASE custom policy file. The line we removed was:

<OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />

Then we also had to remove the tenantId OutputClaim in our SignUpSignIn custom policy.

The explanation given from Microsoft was:

The existing MSAL caching code didn't anticipate the presence of tid claim in the token and therefore when this claim is present then it leads to the token being cached slightly differently by MSAL which then leads to cache miss on the subsequent silent token requests.