Microsoft-authentication-library-for-js: How to manually expire token in order to test token renewal?

Created on 5 Jul 2019  路  3Comments  路  Source: AzureAD/microsoft-authentication-library-for-js

I'm submitting a...


[ ] Regression (a behavior that used to work and stopped working in a new release)
[ ] Bug report  
[ ] Performance issue
[ ] Feature request
[x ] Documentation issue or request
[ ] Other... Please describe:

I am trying to verify that the token renewal is working properly in my React App. The only way I have been able to do this is to simply wait 10 minutes between each test. Is there a way to invalidate or expire the token without waiting 10 minutes?

I actually wasted several hours troubleshooting after I created a policy with "Access & ID token lifetimes" set to 5 minutes. It turns out that anything lower than 10 minutes does not work. The access token from acquireTokenSilent() is simply null and no errors. It would be nice if the portal warned about this or if this library logged some warning.

question
Source
picture jfbloom22
👍2

All 3 comments

I need this feature too. Looks like MSAL.js does not have much feature which is present in their ios, dotnet library.

PraveenVerma17 picture PraveenVerma17 on 9 Jul 2019

I'm also expecting this

rick-hayek picture rick-hayek on 10 Jul 2019
👍1

I randomly ran across this config option: tokenRenewalOffsetSeconds.

Included in my config under system like so: 

export const msalApp = new UserAgentApplication({
  auth: {
    clientId: `${process.env.REACT_APP_MSAL_CLIENT_ID}`,
    authority: MSAL_AUTHORITY,
    validateAuthority: false,
    postLogoutRedirectUri: `${process.env.REACT_APP_HOST_DOMAIN}`,
    redirectUri: `${process.env.REACT_APP_HOST_DOMAIN}`,
    navigateToLoginRequestUrl: false
  },
  cache: {
    cacheLocation: 'sessionStorage',
    storeAuthStateInCookie: isIE()
  },
  system: {
    tokenRenewalOffsetSeconds: 1000
  }
});

When I set the tokenRenewalOffsetSeconds to a value greater than my 10 minute token life, it refreshes the token every time I call acquireTokenSilent(). I am also able to set it to 9 minutes and it will refresh every minute. This has sped up my testing significantly!

In order to test what happens when the token is invalided server side before it expires locally, I set the tokenRenewalOffsetSeconds to -120 and then waited 10 minutes. Sure enough it does not refresh the token until 2 minutes after the token has technically expired. Good thing I tested this because my API did not complain. Now I am investigating why my API is accepting expired tokens. :-)

ref: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/5a370582cbacc0a6c5e27650b848c64583c7d867/lib/msal-core/src/Configuration.ts#L58

jfbloom22 picture jfbloom22 on 11 Jul 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sameerag picture sameerag  路  3Comments
atvoid picture atvoid  路  3Comments
adriannasui picture adriannasui  路  3Comments
ArneMancofi picture ArneMancofi  路  3Comments
exequeryphil picture exequeryphil  路  3Comments