无法从B2C更新访问令牌，错误AADB2C90077 [英] Cannot renew access token from B2C, error AADB2C90077

问题描述

我在尝试从我的AD B2C获取新的访问令牌时遇到问题.在我的SPA中，我使用MSAL.js库(v0.1.3)对我的AD B2C进行身份验证.一个小时后，访问令牌到期，因此我执行了静默令牌续订过程，但失败了.我使用以下链接获取新的访问令牌:

https://login.microsoftonline.com/te/myApp.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2FmyApp.onmicrosoft.com%2Fapi%2Faccount.read%20openid%20profile&client_id=XXX&redirect_uri=https%3A%2F%2FmyApp.azurewebsites.net%2F&state=XXX&nonce=XXX&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=0.1.3&client-request-id=XXX&prompt=none&domain_req=XXX&login_req=XXX-b2c_1_signin&domain_hint=organizations

我从B2C收到以下错误:

AADB2C90077:用户没有现有的会话并请求提示 参数的值为无".相关ID:YYY

我找不到与导致AADB2C90077错误的原因有关的任何信息.

谢谢

记录下来，在Microsoft技术支持人员和开发人员团队多次往返之后，我们终于确定了我的ADB2C90077错误代码的原因. Azure B2C后端存在一个问题，系统无法正确处理默认值. 我的解决方法是修改四个令牌生存期值:访问& ID令牌生存期"，​​刷新令牌生存期"，​​刷新令牌滑动窗口生存期"和"Web应用会话生存期"，以便它们出现在策略xml中.

截至2018年2月22日，Microsoft确认他们已发布修复程序来解决此问题.因此，如果有人遇到问题，则很可能是出于其他原因.

I am experiencing issue trying to obtain a new access token from my AD B2C. From my SPA I use the MSAL.js library (v0.1.3) to authenticate to my AD B2C. After an hour, the access token expires so I do a silent token renew procedure but it fails. I use the following link to get a new access token:

https://login.microsoftonline.com/te/myApp.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2FmyApp.onmicrosoft.com%2Fapi%2Faccount.read%20openid%20profile&client_id=XXX&redirect_uri=https%3A%2F%2FmyApp.azurewebsites.net%2F&state=XXX&nonce=XXX&client_info=1&x-client-SKU=MSAL.JS&x-client-Ver=0.1.3&client-request-id=XXX&prompt=none&domain_req=XXX&login_req=XXX-b2c_1_signin&domain_hint=organizations

I receive the following error from the B2C:

AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'. Correlation ID: YYY

I could not find any information concerning the caused of the error AADB2C90077.

Thanks

解决方案

For the record, after multiple back and forth with Microsoft technical support and developers teams we finally identified the cause of my AADB2C90077 error code. There was an issue in the Azure B2C backend where the default values were not handle properly by the system. My workaround was to modify the four token lifetime values: ‘Access & ID token lifetime’, ‘Refresh token lifetime’, ‘Refresh token sliding window lifetime’ and the ‘Web app session lifetime’, in order for them to appear into the policy xml.

As of February 22nd 2018, Microsoft confirmed they issue a fix to solve this issue. So if someone has the issue it is most likely for a different reason.

这篇关于无法从B2C更新访问令牌，错误AADB2C90077的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！