Getting stuck in 'interaction is currently in progress' after refusing to give consent

[vvolodin]

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.22.1

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.1.2

Description

My little app is basically a tutorial app with very little modifications. I have three pages, home, profile and directory. I have MsalGuard protecting the directory page, but I don't even visit this page when I'm getting an error I'll describe in steps to reproduce.

Error Message

http://localhost:4201/#error=consent_required&error_description=AADSTS65004:+User+declined+to+consent+to+access+the+app.%0D%0ATrace+ID:+29387491-f0f0-41d4-89b8-8344ebc8a300%0D%0ACorrelation+ID:+9994ba2d-c2ab-4bc1-b2cd-79c5ff309f0c%0D%0ATimestamp:+2022-03-27+09:55:01Z&error_uri=https://login.microsoftonline.com/error?code=65004&state=eyJpZCI6IjZmMDA5MGYxLTJhYmItNGRjMS04ZmJiLWE5YWJjOGQ1MzE0YyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=

Msal Logs

`
[Sun, 27 Mar 2022 10:12:41 GMT] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenStart
app.module.ts:20

[Sun, 27 Mar 2022 10:12:41 GMT] : [2725f50d-8226-4599-8110-c1518596bc8d] : [email protected] : Info - Navigate to: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=0ebe3cc3-4205-4351-a732-f7196757d69f&scope=openid%20profile%20offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A4201%2F&client-request-id=2725f50d-8226-4599-8110-c1518596bc8d&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.22.1&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=joBrr1o1-hsrRIn2M-POdjFyQIERmoT8rVJ6DckJMl0&code_challenge_method=S256&nonce=388588de-2143-4fb2-adda-c6ba11f96943&state=eyJpZCI6IjI3YmQxMjgyLTUzZGQtNDNlNC1hZmQwLTQyOTI1MmRiMTBmZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicG9wdXAifX0%3D
app.module.ts:20

[Sun, 27 Mar 2022 10:12:41 GMT] : @azure/[email protected] : Info - Emitting event: msal:popupOpened
app.module.ts:20

[Sun, 27 Mar 2022 10:12:56 GMT] : [2725f50d-8226-4599-8110-c1518596bc8d] : @azure/[email protected] : Info - in acquireToken call
app.module.ts:20

[Sun, 27 Mar 2022 10:12:57 GMT] : @azure/[email protected] : Info - BrowserCacheManager.cleanRequestByState: Removing temporary cache items for state: eyJpZCI6IjI3YmQxMjgyLTUzZGQtNDNlNC1hZmQwLTQyOTI1MmRiMTBmZiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicG9wdXAifX0=
app.module.ts:20

[Sun, 27 Mar 2022 10:12:57 GMT] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenSuccess
app.component.ts:43 {authority: 'https://login.microsoftonline.com/common/', uniqueId: '4a9997d7-5bbc-49f2-9af5-f4c336592f9a', tenantId: 'e3ca96ea-bb0a-42f8-b41c-85522b3514d6', scopes: Array(3), account: {…}, …}
app.module.ts:20

[Sun, 27 Mar 2022 10:13:02 GMT] : @azure/[email protected] : Info - Interceptor - 2 scopes found for endpoint
app.module.ts:20

[Sun, 27 Mar 2022 10:13:02 GMT] : @azure/[email protected] : Info - Interceptor - [user.read,profile] scopes found for https://graph.microsoft.com/v1.0/me
app.module.ts:20

[Sun, 27 Mar 2022 10:13:02 GMT] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenStart
app.module.ts:20

[Sun, 27 Mar 2022 10:13:02 GMT] : [f460a714-bb94-4a5a-975c-84f07135019e] : @azure/[email protected] : Info - SilentFlowClient:acquireCachedToken - No access token found in cache for the given properties.
app.module.ts:20

[Sun, 27 Mar 2022 10:13:02 GMT] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenFromNetworkStart
zone.js:1505 POST https://login.microsoftonline.com/common/oauth2/v2.0/token 400 (Bad Request)
(anonymous) @ polyfills.js:4620
proto. @ polyfills.js:4088
(anonymous) @ vendor.js:7860
step @ vendor.js:799
(anonymous) @ vendor.js:780
(anonymous) @ vendor.js:773
ZoneAwarePromise @ polyfills.js:4542
__awaiter @ vendor.js:769
FetchClient.sendPostRequestAsync @ vendor.js:7851
(anonymous) @ vendor.js:14735
step @ vendor.js:8995
(anonymous) @ vendor.js:8976
(anonymous) @ vendor.js:8969
ZoneAwarePromise @ polyfills.js:4542
__awaiter @ vendor.js:8965
NetworkManager.sendPostRequest @ vendor.js:14726
(anonymous) @ vendor.js:12736
step @ vendor.js:8995
(anonymous) @ vendor.js:8976
(anonymous) @ vendor.js:8969
ZoneAwarePromise @ polyfills.js:4542
__awaiter @ vendor.js:8965
BaseClient.executePostToTokenEndpoint @ vendor.js:12732
(anonymous) @ vendor.js:12927
step @ vendor.js:8995
(anonymous) @ vendor.js:8976
fulfilled @ vendor.js:8966
invoke @ polyfills.js:3487
onInvoke @ vendor.js:71911
invoke @ polyfills.js:3486
run @ polyfills.js:3249
(anonymous) @ polyfills.js:4390
invokeTask @ polyfills.js:3521
onInvokeTask @ vendor.js:71898
invokeTask @ polyfills.js:3520
runTask @ polyfills.js:3293
drainMicroTaskQueue @ polyfills.js:3700
invokeTask @ polyfills.js:3606
invokeTask @ polyfills.js:4763
globalCallback @ polyfills.js:4806
globalZoneAwareCallback @ polyfills.js:4827
Show 11 more frames
app.module.ts:20

[Sun, 27 Mar 2022 10:13:02 GMT] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenFailure
app.module.ts:20

[Sun, 27 Mar 2022 10:13:02 GMT] : @azure/[email protected] : Error - Interceptor - acquireTokenSilent rejected with error. Invoking interaction to resolve.
app.module.ts:20

[Sun, 27 Mar 2022 10:13:02 GMT] : @azure/[email protected] : Info - Emitting event: msal:acquireTokenStart
app.module.ts:20

[Sun, 27 Mar 2022 10:13:02 GMT] : [c75fbb74-29fb-4843-bd85-b6e2740db591] : [email protected] : Info - RedirectHandler.initiateAuthRequest: Navigate to: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=0ebe3cc3-4205-4351-a732-f7196757d69f&scope=user.read%20profile%20openid%20offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A4201%2F&client-request-id=c75fbb74-29fb-4843-bd85-b6e2740db591&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.22.1&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=cglH9VWVbQK21bJVJn6lQtlHTWk6-czXZ6anKjxTX2Q&code_challenge_method=S256&login_hint=user%40zgollum.onmicrosoft.com&X-AnchorMailbox=Oid%3A4a9997d7-5bbc-49f2-9af5-f4c336592f9a%40e3ca96ea-bb0a-42f8-b41c-85522b3514d6&nonce=89790d47-a3d4-4ee8-8f39-f292143f5c0d&state=eyJpZCI6IjAyNDU3NzZiLTBkMTctNDQ0NS1hNTgxLTNmMGY3MGRkYTA4MiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Navigated to https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=0ebe3cc3-4205-4351-a732-f7196757d69f&scope=user.read%20profile%20openid%20offline_access&redirect_uri=http%3A%2F%2Flocalhost%3A4201%2F&client-request-id=c75fbb74-29fb-4843-bd85-b6e2740db591&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=2.22.1&x-client-OS=&x-client-CPU=&client_info=1&code_challenge=cglH9VWVbQK21bJVJn6lQtlHTWk6-czXZ6anKjxTX2Q&code_challenge_method=S256&login_hint=user%40zgollum.onmicrosoft.com&X-AnchorMailbox=Oid%3A4a9997d7-5bbc-49f2-9af5-f4c336592f9a%40e3ca96ea-bb0a-42f8-b41c-85522b3514d6&nonce=89790d47-a3d4-4ee8-8f39-f292143f5c0d&state=eyJpZCI6IjAyNDU3NzZiLTBkMTctNDQ0NS1hNTgxLTNmMGY3MGRkYTA4MiIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D
Navigated to http://localhost:4201/
index.js:551

[webpack-dev-server] Live Reloading enabled.
core.mjs:24889 Angular is running in development mode. Call enableProdMode() to enable production mode.
`

MSAL Configuration

`
MsalModule.forRoot(
            new PublicClientApplication({
                auth: {
                    clientId: '0ebe3cc3-4205-4351-a732-f7196757d69f', // This is your client ID
                    authority: 'https://login.microsoftonline.com/common', // This is your tenant ID
                    redirectUri: 'http://localhost:4201/' // This is your redirect URI
                },
                cache: {
                    cacheLocation: 'localStorage',
                    storeAuthStateInCookie: false // Set to true for Internet Explorer 11
                },
                system: {
                    loggerOptions: {
                        loggerCallback,
                        piiLoggingEnabled: true,
                        logLevel: LogLevel.Info
                    }
                }
            }),
            {
                interactionType: InteractionType.Redirect,
                authRequest: {
                    scopes: ['directory.read.all']
                }
            },
            {
                interactionType: InteractionType.Redirect,
                protectedResourceMap: new Map([
                    ['https://graph.microsoft.com/v1.0/me', ['user.read', 'profile']],
                    ['https://graph.microsoft.com/v1.0/users', ['directory.read.all']]
                ])
            }
        )
`

Relevant Code Snippets

`
{
                interactionType: InteractionType.Redirect,
                authRequest: {
                    scopes: ['directory.read.all']
                }
            },
            {
                interactionType: InteractionType.Redirect,
                protectedResourceMap: new Map([
                    ['https://graph.microsoft.com/v1.0/me', ['user.read', 'profile']],
                    ['https://graph.microsoft.com/v1.0/users', ['directory.read.all']]
                ])
            }
`

Reproduction Steps

1. I click login button, consent to profile and user.read and log in via popup window. Login is successful.
2. I click profile. For some reason there's no token to get profile, shouldn't it be ready after Rohitnarula7176/token cache #1?
3. I get redirected to MS login page (because the interceptor is configured to use redirect flow).
4. I get asked for the same consent as in Rohitnarula7176/token cache #1. Again, why? I click cancel.
5. I get redirected to the following URL and now my app is totally stuck in "interaction is currently in progress" error and I can't trigger login any more. The URL:
   http://localhost:4201/#error=consent_required&error_description=AADSTS65004:+User+declined+to+consent+to+access+the+app.%0D%0ATrace+ID:+29387491-f0f0-41d4-89b8-8344ebc8a300%0D%0ACorrelation+ID:+9994ba2d-c2ab-4bc1-b2cd-79c5ff309f0c%0D%0ATimestamp:+2022-03-27+09:55:01Z&error_uri=https://login.microsoftonline.com/error?code=65004&state=eyJpZCI6IjZmMDA5MGYxLTJhYmItNGRjMS04ZmJiLWE5YWJjOGQ1MzE0YyIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0=

Expected Behavior

Allow me to trigger login flow again.

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

Chrome

Regression

No response

Source

External (Customer)

[jo-arroyo]

@vvolodin Are you able to show your app-routing.module.ts file? Also, are you calling loginPopup somewhere, and what are you passing in that request?

[ghost]

@vvolodin This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.