Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Does MSAL.js support multiple accounts using acquireTokenSilent? #1627

Closed
1 of 5 tasks
IainAdamsLabs opened this issue May 11, 2020 · 2 comments
Closed
1 of 5 tasks

Does MSAL.js support multiple accounts using acquireTokenSilent? #1627

IainAdamsLabs opened this issue May 11, 2020 · 2 comments
Labels
question Customer is asking for a clarification, use case or information.

Comments

@IainAdamsLabs
Copy link

IainAdamsLabs commented May 11, 2020
edited
Loading

Library

  • msal@1.x.x or @azure/msal@1.x.x
  • @azure/msal-browser@2.x.x
  • @azure/msal-angular@0.x.x
  • @azure/msal-angular@1.x.x
  • @azure/msal-angularjs@1.x.x

Description

I want my application to support multiple MS accounts at once.

In my application the user logs in outside of MSAL, however, the session is still valid on the Authentication server.

I am following the instructions at https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-js-sso#sso-without-msaljs-login to retrieve an Access Token using acquireTokenSilent.

     const config = {
          scopes: [
              "User.ReadBasic.All"
          ],
          loginHint: this.user.email
      }
      return this.msalClient.acquireTokenSilent(config)
        .then((resp) => {
          return resp.accessToken;
        })
        .catch((error: AuthError) => {
          if (error.errorCode === "consent_required" || error.errorCode === "interaction_required" || error.errorCode === "login_required") {
            return this.msalClient.acquireTokenPopup(config)
              .then((resp) => resp.accessToken);
          } else {
            throw error;
          }
        });

The first user login is fine and the access token is retrieved. However, the second call to acquireTokenSilent (which uses a different loginHint) returns the access token from the first account.

I am not sure whether you support multiple accounts. If so, I believe this is a bug - I would expect the access token returned to respect the login_hint param as well as the scope.

Thanks
Iain
@IainAdamsLabs IainAdamsLabs added the question Customer is asking for a clarification, use case or information. label May 11, 2020
@IainAdamsLabs IainAdamsLabs changed the title Does MSAL.js support multiple accounts? Does MSAL.js support multiple accounts? Using acquireTokenSilent May 11, 2020
@IainAdamsLabs IainAdamsLabs changed the title Does MSAL.js support multiple accounts? Using acquireTokenSilent Does MSAL.js support multiple accounts using acquireTokenSilent? May 11, 2020
@pkanher617
Copy link
Contributor

Unfortunately we don't have multiple account support at this time, but we are working on adding this feature soon.

You can switch accounts by calling loginRedirect or loginPopup with your login_hint, but MSAL currently only keeps track of the most recently acquired account.

@IainAdams
Copy link

Thank you so much for getting back to me @pkanher617 . Looking forward to it being supported!

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 2, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
question Customer is asking for a clarification, use case or information.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@IainAdams @tnorling @pkanher617 @IainAdamsLabs