Token cache not used for Standard client

[0Dmitry]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.23.0

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

2.0.22

Public or Confidential Client?

Public

Description

I create MSAL lib instance with PublicClientApplication type. When I request a token with acquireTokenSilent the lib always makes a network request. My request looks like this:

authResult = await msalClient.acquireTokenSilent({
      scopes: ['https://musehubdev.onmicrosoft.com/<my-appid>/default', 'openid'],
      account: account,
})

I tried requesting only the scope for the API and adding all default scopes. But it always skips the cache.

I looked into the implementation of StandardController.ts in the source files of the lib and it seems that it doesn't try to use the cache. It has some logic to reuse currently executing requests with the same params with this code:

const cachedResponse = this.activeSilentTokenRequests.get(silentRequestKey);

But the tokenCache or browserCache is not used anywhere in this controller class it seems.

Error Message

No response

MSAL Logs

[Mon, 16 Sep 2024 21:38:26 GMT] : [] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenStart
msalConfig.ts:64 [Mon, 16 Sep 2024 21:38:26 GMT] : [] : @azure/[email protected] : Info - CacheManager:getIdToken - Returning ID token
msalConfig.ts:64 [Mon, 16 Sep 2024 21:38:27 GMT] : [] : @azure/[email protected] : Info - CacheManager:getAccessToken - Returning access token
msalConfig.ts:64 [Mon, 16 Sep 2024 21:38:27 GMT] : [0191fcc5-cc31-7cc4-9b45-8b3b198d41a0] : @azure/[email protected] : Info - Token refresh is required due to cache outcome: 3
msalConfig.ts:64 [Mon, 16 Sep 2024 21:38:27 GMT] : [] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenFromNetworkStart
msalConfig.ts:64 [Mon, 16 Sep 2024 21:38:27 GMT] : [] : @azure/[email protected] : Info - CacheManager:getIdToken - Returning ID token
msalConfig.ts:64 [Mon, 16 Sep 2024 21:38:27 GMT] : [] : @azure/[email protected] : Info - CacheManager:getRefreshToken - returning refresh token

Network Trace (Preferrably Fiddler)

• Sent
• Pending

MSAL Configuration

export const msalConfig: Configuration = {
  auth: {
    clientId: myClientId, 
    authority: b2cPolicies.authorities.signUpSignIn.authority, 
    knownAuthorities: [b2cPolicies.authorityDomain], 
    redirectUri: 'http://localhost:3001/auth/msal/callback', 
    postLogoutRedirectUri: '/', 
    navigateToLoginRequestUrl: false,
  },
  cache: {
    cacheLocation: 'sessionStorage', // Configures cache location. "sessionStorage" is more secure, but "localStorage" gives you SSO between tabs.
    storeAuthStateInCookie: false, // Set this to "true" if you are having issues on IE11 or Edge
  },
  system: {
    loggerOptions: {
      piiLoggingEnabled: true,
      logLevel: LogLevel.Verbose,
      loggerCallback: (level: LogLevel, message: string, containsPii: boolean) => {
        // if (containsPii) {
        //   return
        // }
        switch (level) {
          case LogLevel.Error:
            console.error(message)
            return
          case LogLevel.Info:
            console.info(message)
            return
          case LogLevel.Verbose:
            console.debug(message)
            return
          case LogLevel.Warning:
            console.warn(message)
            return
          default:
            return
        }
      },
    },
  },
}

Relevant Code Snippets

authResult = await msalClient.acquireTokenSilent({
      scopes: ['https://musehubdev.onmicrosoft.com/<myAppId>/default', 'openid'],
      account: account,
})

Reproduction Steps

• Request token with acquireTokenSilent multiple times
• See that each time token is requested, a network request is made

Expected Behavior

A cached token is used until if it is not expired and only after that a new request should be made.

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome, Safari

Regression

No response

Source

External (Customer)