AADSTS50058: A silent sign-in request was sent but no user is signed in

javascript azure-active-directory microsoft-graph-api hello.js
Hongbo Miao picture Hongbo Miao · Aug 3, 2017 · Viewed 18.1k times · Source

I am using hello.js to sign in Microsoft Graph.

First I initialized by

hello.init({
    msft: {
      id: myAppId,
      oauth: {
        version: 2,
        auth: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
      },
      scope_delim: ' ',
      form: false
    },
  },
  { redirect_uri: window.location.href }
);

Then I signed in successfully in my app

hello('msft').login({ scope: 'User.Read' })

This is what hello.js saved in localStorage after signing in.

{
  "msft": {
  "access_token":"aLongToken",
    "token_type":"Bearer",
    "expires_in":3599,
    "scope":"basic,User.Read",
    "state":"",
    "session_state":"f034f785-f8d0-4cec-aab4-88559c9d93dd",
    "client_id":"a91e6907-2b6e-4793-848d-633e960e809d",
    "network":"msft",
    "display":"popup",
    "redirect_uri":"http://localhost:3006/login",
    "expires":1501800737.361
  }
}

However, when I try to refresh the access_token

hello('msft').login({
  display: 'none',
  response_type: 'id_token token',
  response_mode: 'fragment',
  nonce: 'my-app',
  prompt: 'none',
  scope: 'User.Read',
  login_hint: '[email protected]',
  domain_hint: 'organizations'
})

I got the error

AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).

I am using Chrome.

Found this issue on GitHub. But still didn't figure out how to refresh correctly.

UPDATE:

After disable Allow Implicit Flow at https://apps.dev.microsoft.com, now I even failed to log in. So this is not the correct solution. hello.js saved this error in the localStorage:

{
  "msft": {
    "error": {
      "code":"unsupported_response_type",
      "message":"AADSTS70005: response_type 'token' is not enabled for the application\r\nTrace ID: 1dc20dd0-cab3-41b5-9849-2a7e35d60700\r\nCorrelation ID: caacce8f-6763-405d-a840-70c24d5306d4\r\nTimestamp: 2017-08-04 21:56:42Z"
    },
    "error_description":"AADSTS70005: response_type 'token' is not enabled for the application\r\nTrace ID: 1dc20dd0-cab3-41b5-9849-2a7e35d60700\r\nCorrelation ID: caacce8f-6763-405d-a840-70c24d5306d4\r\nTimestamp: 2017-08-04 21:56:42Z",
    "state":"",
    "client_id":"a91e6907-2b6e-4793-848d-633e960e809d",
    "network":"msft",
    "display":"popup",
    "redirect_uri":"http://localhost:3006/login",
    "scope":"basic,User.Read"
  }
}

Answer

baywet picture baywet · Aug 4, 2017

It happens when the cookie of the user currently connected for login.microsoftonline.com has expired. The way we handle it is we redirect the user to sign in page with current page as redirecturi parameter.

Related questions

Microsoft Graph API token validation failure

I would use Microsoft Graph API in my Angular Web application. First I make connexion using msal library When I try log in with my profil I get this error I have configured my app as the mentionned in the …

Read More
Get all user properties from Microsoft graph

We have an application which has used a local AD to fetch user info. Some customers want to move to the cloud and are using Azure AD. We extended the app to sign users in via owin and now we're …

Read More
How to integrate azure ad into a react web app that consumes a REST API in azure too

I have one web app which is React, and I already configured Azure AD Authentication for the web app itself. Its 100% Client site app, no server side components. I used this component: https://github.com/salvoravida/react-adal My code is …

Read More