如何解决Angular MSAL Guard:已调用RenewIdToken
我正在使用Angular 9,并且具有dotnet核心Web API,两者均受Azure B2C保护。
一切正常,除了在每次激活路由后MsalGuard似乎请求一个新的Id令牌外?这是记录器在每次导航后输出的内容。
MSAL Logging: Mon,14 Sep 2020 10:40:58 GMT:fcbfd80b-29e4-4ec6-b013-e871a247a091-1.4.0-Info RenewIdToken has been called
main.js:317 MSAL Logging: Mon,14 Sep 2020 10:41:00 GMT:fcbfd80b-29e4-4ec6-b013-e871a247a091-1.4.0-Info ProcessCallBack has been called. Processing callback from redirect response
main.js:317 MSAL Logging: Mon,14 Sep 2020 10:41:00 GMT:fcbfd80b-29e4-4ec6-b013-e871a247a091-1.4.0-Info State status: true; Request type: LOGIN
main.js:317 MSAL Logging: Mon,14 Sep 2020 10:41:00 GMT:fcbfd80b-29e4-4ec6-b013-e871a247a091-1.4.0-Info State is right
main.js:317 MSAL Logging: Mon,14 Sep 2020 10:41:00 GMT:fcbfd80b-29e4-4ec6-b013-e871a247a091-1.4.0-Info Fragment has idToken
main.js:317 MSAL Logging: Mon,14 Sep 2020 10:41:00 GMT:fcbfd80b-29e4-4ec6-b013-e871a247a091-1.4.0-Info unprotectedResources is deprecated and ignored. msalAngularConfig.protectedResourceMap now supports glob patterns
main.js:317 MSAL Logging: Mon,14 Sep 2020 10:41:09 GMT:fcbfd80b-29e4-4ec6-b013-e871a247a091-1.4.0-Info unprotectedResources is deprecated and ignored. msalAngularConfig.protectedResourceMap now supports glob patterns
我的配置文件
export const b2cPolicies = {
names: {
signUpSignIn: 'domain',resetPassword: 'b2c_1_reset',editProfile: 'b2c_1_edit_profile',},authorities: {
signUpSignIn: {
authority: 'https://domain.b2clogin.com/domain.onmicrosoft.com/B2C_1_signup',resetPassword: {
authority: 'https://domain.b2clogin.com/domain.onmicrosoft.com/b2c_1_reset',editProfile: {
authority: 'https://domain.b2clogin.com/domain.onmicrosoft.com/b2c_1_edit_profile',};
export const apiConfig: { b2cScopes: string[]; webApi: string } = {
b2cScopes: ['https://domain.onmicrosoft.com/api/user_access'],webApi: 'https://localhost:44363/',};
export const msalConfig: Configuration = {
auth: {
clientId: '0000...',authority: b2cPolicies.authorities.signUpSignIn.authority,redirectUri: 'http://localhost:4201/',postLogoutRedirectUri: 'http://localhost:4201/',navigateToLoginRequestUrl: true,validateAuthority: false,cache: {
cacheLocation: 'localStorage',storeAuthStateInCookie: isIE,// Set this to "true" to save cache in cookies to address trusted zones limitations in IE
},};
export const loginRequest: { scopes: string[] } = {
scopes: ['openid','profile'],};
export const tokenRequest: { scopes: string[] } = {
scopes: apiConfig.b2cScopes,// i.e. [https://fabrikamb2c.onmicrosoft.com/helloapi/demo.read]
};
export const protectedResourceMap: [string,string[]][] = [
[apiConfig.webApi,apiConfig.b2cScopes],// i.e. [https://fabrikamb2chello.azurewebsites.net/hello,['https://fabrikamb2c.onmicrosoft.com/helloapi/demo.read']]
];
export const msalAngularConfig: MsalAngularConfiguration = {
popUp: true,consentScopes: [...loginRequest.scopes,...tokenRequest.scopes],unprotectedResources: [],// API calls to these coordinates will NOT activate MSALGuard
protectedResourceMap,// API calls to these coordinates will activate MSALGuard
extraQueryParameters: {},};
基本上,使用msal防护程序保护的每条路由都需要花费大约2秒钟的时间加载,因为每次都会获得新的令牌?我不知道为什么会这样?
谢谢
解决方法
您最近是否更新了依赖关系?今天,当我更新到msal:1.4.0和@ azure / msal-angular:1.1.1时,这才发生在我身上。我回到了msal:1.3.4,看不到问题所在。