acquireSilentToken is not renewing idToken after an hour. I'm using it in an interceptor before attaching the token to header for calling api.

Jagadish 0 Reputation points
2023-05-09T17:56:16.1666667+00:00
const response = await instance
        .acquireTokenSilent({
        scopes: ["openid", "offline_access", "profile"],
         account
        })
        .catch(async (error) => {
          if (error instanceof InteractionRequiredAuthError) {
            // fallback to interaction when silent call fails
            return await instance.acquireTokenRedirect({
              ...loginRequest,
              account,
            });
          }
        });

The acquireSilentToken fails to fetch new idToken after it exipires in cache.

I can see the token api call made if we refresh the tab. But not automatically during api calls.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,539 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. 2023-05-12T00:40:29.7266667+00:00

    Hello @Jagadish , in some instancess the ID token may not be refreshed during a call to acquireSilentToken. In order to ensure it is set the forceRefresh param to true.

        const response = await instance
            .acquireTokenSilent({
                scopes: ["openid", "offline_access", "profile"],
                account,
                forceRefresh: true
            })
            .catch(async (error) => {
                if (error instanceof InteractionRequiredAuthError) {
                    // fallback to interaction when silent call fails
                    return await instance.acquireTokenRedirect({
                          ...loginRequest,
                      account,
                });
              }
            });
    

    Regarding calls being made to your API, please keep in mind that ID tokens are meant to be used for authentication and not authorization. For the latter an access token is recommended.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.