question

ThanhBinhNguyen-1065 avatar image
0 Votes"
ThanhBinhNguyen-1065 asked ·

Got error "no account or login hint was passed to the acquiretokensilent call" in the second visit

Hi,
I got the error "no account or login hint was passed to the acquiretokensilent call" when I visit my page in the second time. This error occurs in the call GetAccessTokenOnBehalfOfUserAsync(scope). The first time is fine. If I clear the cache in the browser, it works fine again. Does anyone have a fix for this issue?

azure-active-directory
· 4
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Can you please check if scopes are getting passed during the second call ? Also, can you please provide code snippet including the GetAccessTokenOnBehalfOfUserAsyc call ?

0 Votes 0 ·

Hi @sashar-msft ,

The scope was passed as well. It is not "the second call", but "the second visit". It means that I went to the website the first time, everything was ok. After some time, I reloaded the page and got the error. So it could be that the token was not cached, or the cache was deleted. My web app is a Razor page that calls a web api. All are written in C# asp.net core.
Here is the function that causes the error. This function is executed every time the Razor page calls the web apis.
public async Task GetAuthenticatedHttpClientAsync(ITokenAcquisition tokenAcquisition)
{
HttpClient apiClient = Create();
var accessToken = await tokenAcquisition.GetAccessTokenOnBehalfOfUserAsync(Settings.Scope).ConfigureAwait(false); ;
apiClient.SetBearerToken(accessToken);
return apiClient;
}

0 Votes 0 ·

following up on @sashar-msft comment, can you clarify if you're utilizing sharepoint or what the surrounding environment is that you're getting this error?

The reason you're receiving this error is because the acquiretokensilent call doesn't have a valid cookie anymore so it's not properly working. This document goes into how the acquiretokensilent call works further : https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-acquire-token-silently

0 Votes 0 ·

Hi @FrankHuMSFT-48,

I am using asp.net core 3.0, and utilize the framework Microsoft.Identity.Web which I think should already take care of the cache. I have looked into the link you provided and saw that the library I am using already does exactly this. So what went wrong?

0 Votes 0 ·

1 Answer

FrankHuMSFT-3200 avatar image
0 Votes"
FrankHuMSFT-3200 answered ·

Hey @ThanhBinhNguyen-1065,

Per the comments, it looks like you're using the microsoft.identity.web library. For future reference I suggest filing issues against the library here : https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/Microsoft.Identity.Web

And the managers of the library will engage accordingly.

As said before the way it works is that the libraries are essentially using the ADAL/MSAL libraries to make calls, and the library wrapper is having issues and not properly making the acquiretokensilentasync call.

Please follow updates on this issue here : https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/issues/240

· Share
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.