MSAL Token Expires after a day

Question

MSAL Token Expires after a day

Justin Ar-Rasheed 1

Here's the code I'm using

-----------------------------------------------------

const msalConfig = {
auth: {
clientId: process.env.MICROSOFT_CLIENT_ID,
authority: process.env.MICROSOFT_AUTHORITY,
clientSecret: process.env.MICROSOFT_CLIENT_SECRET,
},
system: {
loggerOptions: {
loggerCallback(loglevel, message, containsPii) {
console.log(message);
},
piiLoggingEnabled: false,
logLevel: msal.LogLevel.Verbose,
},
},
};

const msalClient = new msal.ConfidentialClientApplication(msalConfig);

const tokenRequest = {
code,
scopes: process.env.MICROSOFT_SCOPES.split(","),
redirectUri: process.env.MICROSOFT_REDIRECT_URL,
};

const response = await msalClient.acquireTokenByCode(tokenRequest);

const msalTokenCache = msalClient.getTokenCache();

const account = await msalTokenCache.getAccountByHomeId(homeAccountId);

const response = await msalClient.acquireTokenSilent({
scopes: [
"user.read",
"calendars.readwrite",
"mailboxsettings.read",
"offline_access",
],
forceRefresh: false,
redirectUri: "https://www.needtalk.com/settings/connections/outlook",
account,
});

const { idToken } = response;

-----------------------------------------------------

After that, I try to get a new token from the following endpoint:

https://login.microsoftonline.com/common/oauth2/v2.0/token

But then I get the following error

error: {
code: 'InvalidAuthenticationToken',
message: 'CompactToken parsing failed with error code: 80049217',
innerError: {
date: '2022-08-12T03:33:46',
'request-id': '9f90ea05-2d9e-41a1-b6fc-3d53c2f67501',
'client-request-id': '9f90ea05-2d9e-41a1-b6fc-3d53c2f67501'
}
}
}

Followed by an empty access token

I've been stuck on for 9 months. Please help

Answer 1

Vicky Kumar (Mindtree Consulting PVT LTD) 1,066 Microsoft Employee

Thanks for reaching out to us,

Refresh tokens given to Single-Page Applications are limited-time refresh tokens (usually 24 hours from the time of retrieval). This is a non-adjustable, non-sliding window, lifetime. Whenever a refresh token is used to renew an access token, a new refresh token is fetched with the renewed access token. This new refresh token will have a lifetime equal to the remaining lifetime of the original refresh token. Once a refresh token has expired, a new authorization code flow must be initiated to retrieve an authorization code and trade it for a new set of tokens.

Note: When a new refresh token is obtained, msal.js replaces the cached refresh token with the new refresh token, however the old refresh token is not invalidated by the server and may still be used to obtain access tokens until its expiration.

kindly use doc to refresh token - https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/token-lifetimes.md

----------

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Justin Ar-Rasheed 1 Reputation point

2022-08-18T00:47:54.55+00:00

The token is being used for a scheduler to know when the consultant is busy. It doesn't make sense for the consultant to have to refresh the token everyday so that the calendar can keep updating their availability
Vicky Kumar (Mindtree Consulting PVT LTD) 1,066 Reputation points Microsoft Employee

2022-08-19T09:19:39.517+00:00

Looks like, the main issue here is that you are trying to get a normal token than a refresh token, you don't have to refresh token every time, once it expired a new authentication code flow must be initiated and trade it for a new set of tokens, this has to be done on the code. We can use the acquireTokenSilent token-lifetimes.md which explains how to do so.

Hope i answered your question,

Thanks
Justin Ar-Rasheed 1 Reputation point

2022-08-23T10:54:19.497+00:00

No

Don't I have to initially get a connection to a user's account by receiving an initial token (the first part of the code)

After that, I can't seem to find a way to persistently get a token that can be used to get busy times on their calendar to provide a scheduler with blocked times. The token eventually expires every time

Every response to my questions seem to just be copying and pasting from the docs. Nobody seems to understand my intended application

How in the world does Calendly use Outlook for the same purpose? There has to be a way

I was easily able to do it for Google Calendar but Outlook seems to be very limited

MSAL Token Expires after a day

1 answer

Activity