Microsoft-authentication-library-for-js: acquireTokenSilent times out when user interaction is required

This is a re-opening of issue #699, which is closed, but I'm still facing the issue. The original issue does a great job of explaining the problem, but there was a lot of discussion which I'll try to consolidate here.

I'm submitting a...

[ ] Regression (a behavior that used to work and stopped working in a new release)
[x] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[ ] Other... Please describe:

Browser:

• [x] Chrome version 78.0.3904.70
• [x] Firefox version 70.0
• [ ] IE version XX
• [x] Edge version 44.18362.387.0 and 79.0.309.5 (beta)
• [ ] Safari version XX

Library version

Library version: 1.1.3 and 1.2.0-beta.3

Current behavior

When user interaction is required, acquireTokenSilent() hangs for a few seconds and then throws the following error:

ClientAuthError: Token renewal operation failed due to timeout.

Expected behavior

acquireTokenSilent() should reject the promise more quickly and throw an InteractionRequiredAuthError with one of the specific error codes (interaction_required, consent_required, or login_required).

Minimal reproduction of the problem with instructions

Host a page that runs the following JS (fill in YOUR_CLIENT_ID, YOUR_REDIRECT_URI, and YOUR_UPN):

// Create MSAL object
var msalConfig = {
    auth: {
        clientId: "<YOUR_CLIENT_ID>",
        redirectUri: "<YOUR_REDIRECT_URI>"
    },
    cache: {
        cacheLocation: "localStorage",
        storeAuthStateInCookie: true
    }
};

var myMSALObj = new Msal.UserAgentApplication(msalConfig);

// Config for acquiring token silently
var tokenRequestObj = {
    scopes: ["user.read"],
    loginHint: '<YOUR_UPN>',
    // extraQueryParameters: {
    //     response_mode: 'fragment'
    // }
};

// Try to acquire token silently
myMSALObj.acquireTokenSilent(tokenRequestObj).then(authTokenResult => {
    console.info('successfully acquired token silently');
    console.info(authTokenResult);
}).catch(function (error) {
    console.error(error);
});

Additional details

The cause of the issue seems to be that AAD passes the error to the redirect URI as query parameters, but MSAL is looking for fragments.

The AAD doc for implicit flow states that response_mode "defaults to query for an access token, but fragment if the request includes an id_token." This is true if the request succeeds - id_token, expires_in, etc. are passed as fragments. But if it fails, then the error parameters are passed as query parameters. You can see this by opening the following link in a private browser session: link with response_type=id_token, prompt=none
In this case, the error is sent as a query parameter:

http://localhost/myapp/?error=interaction_required&error_description=...&state=...

If you explicitly set response_mode=fragment (see commented section in repro code above), then the error does come through in the fragment. You can see this by opening the following link in a private browser session: link with response_type=id_token, prompt=none, response_mode=fragment
Now the error is sent as a fragment and MSAL would pick it up properly:

http://localhost/myapp/#error=interaction_required&error_description=...&state=...

By default, MSAL does not pass the response_mode parameter. So the error comes through as a query parameter, MSAL misses it, and the call times out.

It seems like there could be 3 solutions:

• AAD could return errors in the fragment when no response_mode is specified
• MSAL could explicitly set response_mode=fragment by default
• MSAL could listen for errors in the query string parameters