Got error "no account or login hint was passed to the acquiretokensilent call" in the second visit

Thanh Binh Nguyen 6

Hi,
I got the error "no account or login hint was passed to the acquiretokensilent call" when I visit my page in the second time. This error occurs in the call GetAccessTokenOnBehalfOfUserAsync(scope). The first time is fine. If I clear the cache in the browser, it works fine again. Does anyone have a fix for this issue?

Saurabh Sharma 23,751 Reputation points Microsoft Employee

2020-01-07T14:31:17.227+00:00

Can you please check if scopes are getting passed during the second call ? Also, can you please provide code snippet including the GetAccessTokenOnBehalfOfUserAsyc call ?
Frank Hu MSFT 81 Reputation points

2020-01-07T20:32:21.597+00:00

following up on @sashar-msft comment, can you clarify if you're utilizing sharepoint or what the surrounding environment is that you're getting this error?

The reason you're receiving this error is because the acquiretokensilent call doesn't have a valid cookie anymore so it's not properly working. This document goes into how the acquiretokensilent call works further : https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-net-acquire-token-silently
Thanh Binh Nguyen 6 Reputation points

2020-01-08T08:19:08.557+00:00

Hi @sashar-msft ,

The scope was passed as well. It is not "the second call", but "the second visit". It means that I went to the website the first time, everything was ok. After some time, I reloaded the page and got the error. So it could be that the token was not cached, or the cache was deleted. My web app is a Razor page that calls a web api. All are written in C# asp.net core.
Here is the function that causes the error. This function is executed every time the Razor page calls the web apis.
public async Task GetAuthenticatedHttpClientAsync(ITokenAcquisition tokenAcquisition)
{
HttpClient apiClient = Create();
var accessToken = await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(Settings.Scope).ConfigureAwait(false); ;
apiClient.SetBearerToken(accessToken);
return apiClient;
}
Thanh Binh Nguyen 6 Reputation points

2020-01-08T08:22:36.633+00:00

Hi @FrankHuMSFT-48,

I am using asp.net core 3.0, and utilize the framework Microsoft.Identity.Web which I think should already take care of the cache. I have looked into the link you provided and saw that the library I am using already does exactly this. So what went wrong?

1 answer

FrankHu-MSFT 976 Reputation points

2020-01-08T18:37:24.353+00:00

Hey @Thanh Binh Nguyen ,

Per the comments, it looks like you're using the microsoft.identity.web library. For future reference I suggest filing issues against the library here : https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/Microsoft.Identity.Web

And the managers of the library will engage accordingly.

As said before the way it works is that the libraries are essentially using the ADAL/MSAL libraries to make calls, and the library wrapper is having issues and not properly making the acquiretokensilentasync call.

Please follow updates on this issue here : https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/issues/240
Please sign in to rate this answer.

0 comments No comments
Sign in to comment