Microsoft-authentication-library-for-js: Access token renew fails with error AADB2C90077

@DavidHenri008 The acquireTokenSilent uses a hidden iframe with prompt=none which means the user will not be prompted for credentials. This API relies on the session cookie established between the browser and AAD to obtain a new access_token. If your session is expired , this API call will fail and you will have to do an interactive token renewal by calling either acquireTokenPopup or acquireTokenRedirect where you will be asked to enter your credentials again. Closing this issue for now. Please reopen if you still have questions.

@rohitnarula7176 Ok, but when does the session expires? In my case my access token expires after an hour and it looks like my session cookie on the login.microsoftonline.com also expire within an hour. Is this possible? Is there a way to read the cookie content and read the expiration time?

@DavidHenri008, you can parse token online using jwt.io

@AnnaShk I do not want to parse my access token, I want to parse the session cookie on the login.microsoftonline.com.

@rohitnarula7176 Can you tell me when the AAD session expires?

For the record, after multiple back and forth with Microsoft technical support and developers teams we finally identified the cause of my AADB2C90077 error code.
There was an issue in the Azure B2C backend where the default values were not handle properly by the system.
My workaround was to modify the four token lifetime values: ‘Access & ID token lifetime’, ‘Refresh token lifetime’, ‘Refresh token sliding window lifetime’ and the ‘Web app session lifetime’, in order for them to appear into the policy xml.

As of February 22nd 2018, Microsoft confirmed they issue a fix to solve this issue. So if someone has the issue it is most likely for a different reason.

@DavidHenri008 can you please enlight your solution? Can you supply the exact policy xml?

@mrman888 as mentionned, today the issue is supposed to be fixed by Microsoft.
To be more precise on the issue, by default on a newly created B2C AD policy, all settings are not defined inside the policy xml. So if a value is not defined in the policy xml, the default system value is used which is supposed to correspond to the default value in the Azure Portal. The bug was that the default system value was NOT equal to the default Azure Portal value. So my workaround, described in my previous post, was a way to force the value to be defined in the policy xml.
The following settings, of a policy xml, were the one missing with the wrong default system values:

   <ClaimsProvider>
      <DisplayName>Token Issuer</DisplayName>
      <TechnicalProfiles>
        <TechnicalProfile Id="JwtIssuer">
          <Metadata>
            <Item Key="token_lifetime_secs">3600</Item>
            <Item Key="id_token_lifetime_secs">3600</Item>
            <Item Key="refresh_token_lifetime_secs">1209600</Item>
            <Item Key="rolling_refresh_token_lifetime_secs">7776000</Item>
            <Item Key="IssuanceClaimPattern">AuthorityAndTenantGuid</Item>
            <Item Key="AuthenticationContextReferenceClaimPattern">None</Item>
          </Metadata>
        </TechnicalProfile>
      </TechnicalProfiles>
    </ClaimsProvider>

I have an angular app and B2C exhibiting this exact same behaviour. I am unable to upload a new policy as per @DavidHenri008 so what is the fix?

In my instance I can login with loginRedirect and see the token in localstorage, but when trying to use token again the authcallback errors with this

Could not silently retrieve token from storage. AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'.
Correlation ID: 5a74e513-f690-435f-b430-3cfb6801ea69
Timestamp: 2018-03-21 23:46:27Z

There are literally seconds passing between redirecting from the login and seeing the token to issuing another request and getting this, so it is not a long time out issue

@buildtestship This really seems to be the same issue I experienced. Microsoft told me the bug has been solved on there side and it should not reappear. I suggest you try my workaround and on the four lifetime setting in Azure.

My workaround was to modify the four token lifetime values: ‘Access & ID token lifetime’, ‘Refresh token lifetime’, ‘Refresh token sliding window lifetime’ and the ‘Web app session lifetime’, in order for them to appear into the policy xml.

Let me know if it solves your issue.