ADAL.js - “Nonce is not same as undefined”

2019-07-19 08:37发布

站内问答 / JavaScript
1835 1 6

I am currently having trouble with the ADAL.js (v1.0.7) library. When I load my app after a decent period of time I get a login error stating "Nonce is not same as undefined." After looking over the code, I am wondering if I am missing a best practice. To my knowledge, I have followed the suggestions of @vibronet here. Should I be refreshing the user profile, or logging out, or something else?

My configuration looks like:

        window.config = {
        instance: 'https://login.microsoftonline.com/',
        tenant: 'blahblahblah.onmicrosoft.com',
        clientId: 'GUID',
        postLogoutRedirectUri: window.location.origin,
        cacheLocation: 'localStorage'
    };

    this.authContext = new window.AuthenticationContext(window.config);
    var isCallback = this.authContext.isCallback(window.location.hash);
    this.authContext.handleWindowCallback();

    if (isCallback && !this.authContext.getLoginError()) {
        window.location = this.authContext._getItem(this.authContext.CONSTANTS.STORAGE.LOGIN_REQUEST);
    }

If there has been an extended period of inactivity, the error occurs after calling this.authContext.login(). In order to get the error I call this.authContext.getLoginError().

I get why the nonce is different, but I want to "reset" it or cause a brand new login to happen.

Please let me know what other relevant information I can provide.

1条回答
劫难
2楼-- · 2019-07-19 09:12

Update:

Seems like solution has been provided in blog post you provide. below is the quote.

The trick is to go back to the authority asking for a token, like we’d do in the roundtrip apps scenario, but doing so in a hidden iframe. If there is still an existing session with the authority (which might be represented by a cookie – but it is a cookie in the domain of the authority, NOT the app’s) we will be able to get a new token without any UX. There is even a specific parameter, prompt=none, which lets Azure AD know that we want to get the token without a UX, and if it can’t be done we want to get an error back. Here there’s the request.

Previous answer:

i am not fully follow what your code does. but as from blog post, seems like underneath you are using OAuth 2.0

when you said error happen when there is period of inactivity, my guess is token has been invalid, and you will need to refresh the token. Not sure if there is a way for you to refresh it. But normally on server side once you authenticated, OAuth 2.0 provider will hand over you a token and a refresh token, if token is expired, you can use refresh token to get a new one.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)