diff --git a/change/@azure-msal-browser-94058809-8f02-4078-bdc6-02ff59c54ae3.json b/change/@azure-msal-browser-94058809-8f02-4078-bdc6-02ff59c54ae3.json new file mode 100644 index 0000000000..26a27a19f2 --- /dev/null +++ b/change/@azure-msal-browser-94058809-8f02-4078-bdc6-02ff59c54ae3.json @@ -0,0 +1,7 @@ +{ + "type": "patch", + "comment": "Fix uncaught exceptions in acquireTokenSilent #7073", + "packageName": "@azure/msal-browser", + "email": "thomas.norling@microsoft.com", + "dependentChangeType": "patch" +} diff --git a/lib/msal-browser/src/controllers/StandardController.ts b/lib/msal-browser/src/controllers/StandardController.ts index 89ccc8e0e5..0a0e328de2 100644 --- a/lib/msal-browser/src/controllers/StandardController.ts +++ b/lib/msal-browser/src/controllers/StandardController.ts @@ -158,7 +158,7 @@ export class StandardController implements IController { >; // Active Iframe request - private activeIframeRequest: [Promise, string] | undefined; + private activeIframeRequest: [Promise, string] | undefined; private ssoSilentMeasurement?: InProgressPerformanceEvent; private acquireTokenByCodeAsyncMeasurement?: InProgressPerformanceEvent; @@ -2039,13 +2039,11 @@ export class StandardController implements IController { if (shouldTryToResolveSilently) { if (!this.activeIframeRequest) { - let _resolve: () => void, - _reject: (reason?: AuthError | Error) => void; + let _resolve: (result: boolean) => void; // Always set the active request tracker immediately after checking it to prevent races this.activeIframeRequest = [ - new Promise((resolve, reject) => { + new Promise((resolve) => { _resolve = resolve; - _reject = reject; }), silentRequest.correlationId, ]; @@ -2061,11 +2059,11 @@ export class StandardController implements IController { silentRequest.correlationId )(silentRequest) .then((iframeResult) => { - _resolve(); + _resolve(true); return iframeResult; }) .catch((e) => { - _reject(e); + _resolve(false); throw e; }) .finally(() => { @@ -2087,20 +2085,11 @@ export class StandardController implements IController { awaitIframeCorrelationId: activeCorrelationId, }); - // Await for errors first so we can distinguish errors thrown by activePromise versus errors thrown by .then below - await activePromise.catch(() => { - awaitConcurrentIframeMeasure.end({ - success: false, - }); - this.logger.info( - `Iframe request with correlationId: ${activeCorrelationId} failed. Interaction is required.` - ); - // If previous iframe request failed, it's unlikely to succeed this time. Throw original error. - throw refreshTokenError; + const activePromiseResult = await activePromise; + awaitConcurrentIframeMeasure.end({ + success: activePromiseResult, }); - - return activePromise.then(() => { - awaitConcurrentIframeMeasure.end({ success: true }); + if (activePromiseResult) { this.logger.verbose( `Parallel iframe request with correlationId: ${activeCorrelationId} succeeded. Retrying cache and/or RT redemption`, silentRequest.correlationId @@ -2110,7 +2099,13 @@ export class StandardController implements IController { silentRequest, cacheLookupPolicy ); - }); + } else { + this.logger.info( + `Iframe request with correlationId: ${activeCorrelationId} failed. Interaction is required.` + ); + // If previous iframe request failed, it's unlikely to succeed this time. Throw original error. + throw refreshTokenError; + } } else { // Cache policy set to skip and another iframe request is already in progress this.logger.warning( diff --git a/lib/msal-browser/test/app/PublicClientApplication.spec.ts b/lib/msal-browser/test/app/PublicClientApplication.spec.ts index 1fd1a6b3ab..e9836d79a4 100644 --- a/lib/msal-browser/test/app/PublicClientApplication.spec.ts +++ b/lib/msal-browser/test/app/PublicClientApplication.spec.ts @@ -4817,6 +4817,43 @@ describe("PublicClientApplication.ts Class Unit Tests", () => { }); }); + it("throws iframe error if iframe renewal throws", (done) => { + const testAccount: AccountInfo = { + homeAccountId: TEST_DATA_CLIENT_INFO.TEST_HOME_ACCOUNT_ID, + localAccountId: TEST_DATA_CLIENT_INFO.TEST_UID, + environment: "login.windows.net", + tenantId: "testTenantId", + username: "username@contoso.com", + }; + + jest.spyOn( + RefreshTokenClient.prototype, + "acquireTokenByRefreshToken" + ).mockRejectedValue( + createInteractionRequiredAuthError( + InteractionRequiredAuthErrorCodes.refreshTokenExpired + ) + ); + + const testIframeError = new InteractionRequiredAuthError( + "interaction_required", + "interaction is required" + ); + + jest.spyOn( + SilentIframeClient.prototype, + "acquireToken" + ).mockRejectedValue(testIframeError); + + pca.acquireTokenSilent({ + scopes: ["Scope1"], + account: testAccount, + }).catch((e) => { + expect(e).toEqual(testIframeError); + done(); + }); + }); + it("Falls back to silent handler if thrown error is a refresh token expired error", async () => { const invalidGrantError: ServerError = new ServerError( "invalid_grant",