acquireSilentToken is not renewing idToken after an hour. I'm using it in an interceptor before attaching the token to header for calling api.

Question

const response = await instance
        .acquireTokenSilent({
        scopes: ["openid", "offline_access", "profile"],
         account
        })
        .catch(async (error) => {
          if (error instanceof InteractionRequiredAuthError) {
            // fallback to interaction when silent call fails
            return await instance.acquireTokenRedirect({
              ...loginRequest,
              account,
            });
          }
        });

The acquireSilentToken fails to fetch new idToken after it exipires in cache.

I can see the token api call made if we refresh the tab. But not automatically during api calls.

Answer 1

Hello @Jagadish , in some instancess the ID token may not be refreshed during a call to acquireSilentToken. In order to ensure it is set the forceRefresh param to true.

    const response = await instance
        .acquireTokenSilent({
            scopes: ["openid", "offline_access", "profile"],
            account,
            forceRefresh: true
        })
        .catch(async (error) => {
            if (error instanceof InteractionRequiredAuthError) {
                // fallback to interaction when silent call fails
                return await instance.acquireTokenRedirect({
                      ...loginRequest,
                  account,
            });
          }
        });

Regarding calls being made to your API, please keep in mind that ID tokens are meant to be used for authentication and not authorization. For the latter an access token is recommended.

Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.