skip to Main Content

I have a React Native project that we’ve recently been attempting to move over to AzureB2C. We have been leveraging the now archived package react-native-msal. Our project also employs react-native-web. The web functionality is working without issue, however, when working in the app natively, I am getting an issue when attempting to call the acquireTokenSilent method, which fails with the error message:

No cached accounts found for the supplied homeAccountId and clientId

I’ve found this post which mentions an issue with the signing key, but, re-running that does not result in a different Signature, and so I don’t believe it’s that. I also found this thread which suggests an answer but doesn’t provide it.

Our configuration is quite simple as well.

{
  "auth": {
    "clientId": "<CLIENT_ID>",
    "redirectUri": "msauth://<PACKAGE>/<SIGNATURE_HASH>",
    "authority": "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
    "navigateToLoginRequestUrl": false,
    "knownAuthorities": [
      "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
      "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_PASSWORDRESET"
    ]
  },
  "cache": {
    "cacheLocation": "sessionStorage",
    "storeAuthStateInCookie": false
  }
}

The Sign in, out, getting accounts all work fine in both Web and the Native App. It’s just that acquireTokenSilent doesn’t work correctly in the Native App.

Does anyone have any other suggestions?

2

Answers


  1. Chosen as BEST ANSWER

    In conjunction with Microsoft and a colleague of mine, we got to the bottom of the issue here. It seems we needed to do two things:

    Remove a line from out TRUSTFRAMEWORKBASE custom policy file. The line we removed was:

    <OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />
    

    Then we also had to remove the tenantId OutputClaim in our SignUpSignIn custom policy.

    The explanation given from Microsoft was:

    The existing MSAL caching code didn't anticipate the presence of tid claim in the token and therefore when this claim is present then it leads to the token being cached slightly differently by MSAL which then leads to cache miss on the subsequent silent token requests.


  2. This error occurs if there is no cache entry for the authority for request which can be cleared if the temporary cache in msal cleared. It is basically stored in session storage.
    So please make sure storeAuthStateInCookie is set to true.

     const msalConfig =         
        {
          "auth": {
            "clientId": "<CLIENT_ID>",
            "redirectUri": "msauth://<PACKAGE>/<SIGNATURE_HASH>",
            "authority": "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
            "navigateToLoginRequestUrl": false,
            "knownAuthorities": [
              "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
              "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_PASSWORDRESET"
            ]
          },
          "cache": {
            "cacheLocation": "sessionStorage",
            "storeAuthStateInCookie": false //make this true
          }
        }
    

    enter image description here

    Then check the auth info in cache that is stored

    Note : Update msal/browser to latest versions.

    • Try to enable the KMSI feature for users of native applications who
      have local accounts in your Azure AD B2C directory.This can be done
      under userflows > properties > session behaviour.

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search