Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Angular MSAL Token Refresh
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 32%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Andi Leka
20
Reputation points
I’m using the Microsoft Graph API to change the AppRoleAssignments for users in order to manage their roles from the backend. After updating the roles, I signal Angular MSAL to refresh the token using 'acquireTokenSilent' with 'forceRefresh'. However, the new token still contains the old role(s) in the claims.
When I change the roles again and trigger 'acquireTokenSilent', this time the new claims do not include the previous role(s). But still they will include the just deleted role(s) (same thing for adding a new role). It feels like I'm always one step behind. The same issue occurs with 'loginRedirect'.
Microsoft Security | Microsoft Entra | Microsoft Entra ID
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 78%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
Sandeep G-MSFT 21,236 Reputation points Microsoft Employee Moderator2024-10-10T04:34:22.79+00:00 Thank you for posting this in Microsoft Q&A.
I am looking into this issue and will get back to you post my research.
Sign in to comment
Sign in to answer