Solvedmicrosoft authentication library for js Getting A silent sign-in request was sent but no user is signed in in multiple app sign-in environment

Please follow the issue template below. Failure to do so will result in a delay in answering your question.

Library

  • msal@1.x.x or @azure/msal@1.x.x
  • @azure/msal-browser@2.x.x
  • @azure/msal-angular@0.x.x
  • @azure/msal-angular@1.0.0
  • @azure/msal-angularjs@1.x.x

Important: Please fill in your exact version number above, e.g. msal@1.1.3.

Framework

  • Angular 9+

Description

Scenario:

  • When a User X, has access to two Multiple app's Lets say demo and prod.
  • The workflow of the app is to get the user account using this._authService.getAccount(); and if the value is empty, we will redirect this._authService.loginRedirect(); or initiate the app with other process
  • The scenario is when the user logged in prod and switched to demo(After some time say 4 hours or so) , this._authService.getAccount(); returns user information but this._authService.acquireTokenSilent(request).catch((error: string) => {}); returns aadsts50058 a silent sign-in request was sent but no user is signed in error.
  • The app gets automatically redirected to a Popup window sign in, but we required to do only loginRedirect().
  • This error cannot be replicated if the user has only access to one app

Error Message

AADSTS50058: A silent sign-in request was sent but no user is signed in.

Security

  • Is this issue security related?

Regression

  • Did this behavior work before?
    Version:

MSAL Configuration

  • Followed the exact same procedure as mentioned in Angular 9 demo app
// Provide configuration values here.
// For Azure B2C issues, please include your policies.

Reproduction steps

// Provide relevant code snippets here.
// For Azure B2C issues, please include your policies.

if (!this._authService.getAccount()) {
// Redirect to Login
this._authService.loginRedirect();
} else {
this._authService.acquireTokenSilent(request).catch((error: string) => {
// The Error hits here, but I assume the getAccount method should not return User Info so that i can do loginRedirect
console.log('Error: ' + error);
});

Expected behavior

Browsers/Environment

  • Chrome
  • Firefox
  • Edge
  • Safari
  • IE
  • Other (Please add browser name here)
18 Answers

✔️Accepted Answer

@jmckennon .. Might not be related to this, but after this issue is been closed, I am seeing a weird error in Chrome Incognito mode alone (all of a sudden) related to this (might be related to this fix).

InteractionRequiredAuthError: AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).

I am not seeing this in Chrome regular mode or Firefox (Private window/normal window) and Edge as well..

The behavior i am seeing is that, in local storage there are no cookies been set for Chrome incognito mode but cookies been set in other browsers.

UPDATE: It seems to be a problem with Chrome latest Version. The latest version by default sets Block third-party cookies in Incognito to true.. Need to switch to Allow all cookies to solve this issue.

Question, is there any chance for the MSAL Angular to handle this scenario, because I am not seeing this is MSAL used in C#.