Fix react initialization race (#7720)

Fixes a race condition that can occur between cache initialization and
react state initialization

Fixes #7654, #7561

---------

Co-authored-by: Jo Arroyo <[email protected]>

Author: tnorling

change/@azure-msal-browser-6911f6de-1b4b-48fc-9ac9-f298b28461bc.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Fix throw when attempting to getAccount before initialization #7720",
+  "packageName": "@azure/msal-browser",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

change/@azure-msal-react-652ee5f7-5382-4665-b7b0-63e35a83d49c.json

@@ -0,0 +1,7 @@
+{
+  "type": "patch",
+  "comment": "Fix race between cache initialization and state initialization",
+  "packageName": "@azure/msal-react",
+  "email": "[email protected]",
+  "dependentChangeType": "patch"
+}

lib/msal-browser/src/cache/LocalStorage.ts

@@ -77,8 +77,6 @@ export class LocalStorage implements IWindowStorage<string> {
     }
 
     async initialize(correlationId: string): Promise<void> {
-        this.initialized = true;
-
         const cookies = new CookieStorage();
         const cookieString = cookies.getItem(ENCRYPTION_KEY);
         let parsedCookie = { key: "", id: "" };
@@ -158,6 +156,8 @@ export class LocalStorage implements IWindowStorage<string> {
 
         // Register listener for cache updates in other tabs
         this.broadcast.addEventListener("message", this.updateCache.bind(this));
+
+        this.initialized = true;
     }
 
     getItem(key: string): string | null {

lib/msal-browser/test/app/PublicClientApplication.spec.ts

@@ -6607,6 +6607,33 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
             expect(accounts).toEqual([]);
         });
 
+        it("getAllAccounts throws if called before initialize", (done) => {
+            pca = new PublicClientApplication({
+                auth: {
+                    clientId: TEST_CONFIG.MSAL_CLIENT_ID,
+                },
+                cache: {
+                    cacheLocation: "localStorage",
+                },
+            });
+
+            window.localStorage.setItem(
+                "msal.account.keys",
+                JSON.stringify([testAccount1.generateAccountKey()])
+            );
+
+            try {
+                pca.getAllAccounts();
+            } catch (e) {
+                expect(e).toEqual(
+                    createBrowserAuthError(
+                        BrowserAuthErrorCodes.uninitializedPublicClientApplication
+                    )
+                );
+                done();
+            }
+        });
+
         it("getAccountByUsername returns account specified", () => {
             const account = pca.getAccountByUsername(
                 ID_TOKEN_CLAIMS.preferred_username
@@ -6642,6 +6669,33 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
             expect(account).toBe(null);
         });
 
+        it("getAccountByUsername throws if called before initialize", (done) => {
+            pca = new PublicClientApplication({
+                auth: {
+                    clientId: TEST_CONFIG.MSAL_CLIENT_ID,
+                },
+                cache: {
+                    cacheLocation: "localStorage",
+                },
+            });
+
+            window.localStorage.setItem(
+                "msal.account.keys",
+                JSON.stringify([testAccount1.generateAccountKey()])
+            );
+
+            try {
+                pca.getAccountByUsername(testAccount1.username);
+            } catch (e) {
+                expect(e).toEqual(
+                    createBrowserAuthError(
+                        BrowserAuthErrorCodes.uninitializedPublicClientApplication
+                    )
+                );
+                done();
+            }
+        });
+
         it("getAccountByHomeId returns account specified", () => {
             const account = pca.getAccountByHomeId(
                 testAccountInfo1.homeAccountId
@@ -6661,6 +6715,33 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
             expect(account).toBe(null);
         });
 
+        it("getAccountByUsername throws if called before initialize", (done) => {
+            pca = new PublicClientApplication({
+                auth: {
+                    clientId: TEST_CONFIG.MSAL_CLIENT_ID,
+                },
+                cache: {
+                    cacheLocation: "localStorage",
+                },
+            });
+
+            window.localStorage.setItem(
+                "msal.account.keys",
+                JSON.stringify([testAccount1.generateAccountKey()])
+            );
+
+            try {
+                pca.getAccountByHomeId(testAccount1.homeAccountId);
+            } catch (e) {
+                expect(e).toEqual(
+                    createBrowserAuthError(
+                        BrowserAuthErrorCodes.uninitializedPublicClientApplication
+                    )
+                );
+                done();
+            }
+        });
+
         it("getAccountByLocalId returns account specified", () => {
             const account = pca.getAccountByLocalId(ID_TOKEN_CLAIMS.oid);
             expect(account?.idTokenClaims).not.toBeUndefined();
@@ -6678,12 +6759,66 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
             expect(account).toBe(null);
         });
 
+        it("getAccountByLocalId throws if called before initialize", (done) => {
+            pca = new PublicClientApplication({
+                auth: {
+                    clientId: TEST_CONFIG.MSAL_CLIENT_ID,
+                },
+                cache: {
+                    cacheLocation: "localStorage",
+                },
+            });
+
+            window.localStorage.setItem(
+                "msal.account.keys",
+                JSON.stringify([testAccount1.generateAccountKey()])
+            );
+
+            try {
+                pca.getAccountByLocalId(testAccount1.localAccountId);
+            } catch (e) {
+                expect(e).toEqual(
+                    createBrowserAuthError(
+                        BrowserAuthErrorCodes.uninitializedPublicClientApplication
+                    )
+                );
+                done();
+            }
+        });
+
         describe("getAccount", () => {
             it("getAccount returns null if empty filter is passed in", () => {
                 const account = pca.getAccount({});
                 expect(account).toBe(null);
             });
 
+            it("getAccount throws if called before initialize", (done) => {
+                pca = new PublicClientApplication({
+                    auth: {
+                        clientId: TEST_CONFIG.MSAL_CLIENT_ID,
+                    },
+                    cache: {
+                        cacheLocation: "localStorage",
+                    },
+                });
+
+                window.localStorage.setItem(
+                    "msal.account.keys",
+                    JSON.stringify([testAccount1.generateAccountKey()])
+                );
+
+                try {
+                    pca.getAccount({ username: testAccount1.username });
+                } catch (e) {
+                    expect(e).toEqual(
+                        createBrowserAuthError(
+                            BrowserAuthErrorCodes.uninitializedPublicClientApplication
+                        )
+                    );
+                    done();
+                }
+            });
+
             describe("loginHint filter", () => {
                 it("getAccount returns account specified using login_hint", () => {
                     const account = pca.getAccount({
@@ -6814,6 +6949,40 @@ describe("PublicClientApplication.ts Class Unit Tests", () => {
                 expect(pca.getActiveAccount()).toBe(null);
             });
 
+            it("getActiveAccount throws if called before initialize", (done) => {
+                pca = new PublicClientApplication({
+                    auth: {
+                        clientId: TEST_CONFIG.MSAL_CLIENT_ID,
+                    },
+                    cache: {
+                        cacheLocation: "localStorage",
+                    },
+                });
+
+                window.localStorage.setItem(
+                    `msal.${TEST_CONFIG.MSAL_CLIENT_ID}.active-account-filters`,
+                    JSON.stringify({
+                        homeAccountId: testAccount1.homeAccountId,
+                        localAccountId: testAccount1.localAccountId,
+                    })
+                );
+                window.localStorage.setItem(
+                    "msal.account.keys",
+                    JSON.stringify([testAccount1.generateAccountKey()])
+                );
+
+                try {
+                    pca.getActiveAccount();
+                } catch (e) {
+                    expect(e).toEqual(
+                        createBrowserAuthError(
+                            BrowserAuthErrorCodes.uninitializedPublicClientApplication
+                        )
+                    );
+                    done();
+                }
+            });
+
             it("setActiveAccount() sets the active account local id value correctly", () => {
                 expect(pca.getActiveAccount()).toBe(null);
                 pca.setActiveAccount(testAccountInfo1);

lib/msal-react/src/MsalProvider.tsx

@@ -85,6 +85,11 @@ const reducer = (
             throw new Error(`Unknown action type: ${type}`);
     }
 
+    if (newInProgress === InteractionStatus.Startup) {
+        // Can't start checking accounts until initialization is complete
+        return previousState;
+    }
+
     const currentAccounts = payload.instance.getAllAccounts();
     if (
         newInProgress !== previousState.inProgress &&
@@ -135,7 +140,7 @@ export function MsalProvider({
         // Lazy initialization of the initial state
         return {
             inProgress: InteractionStatus.Startup,
-            accounts: instance.getAllAccounts(),
+            accounts: [],
         };
     });
 

lib/msal-react/src/hooks/useAccount.ts

@@ -8,6 +8,7 @@ import {
     AccountInfo,
     IPublicClientApplication,
     AccountEntity,
+    InteractionStatus,
 } from "@azure/msal-browser";
 import { useMsal } from "./useMsal.js";
 import { AccountIdentifiers } from "../types/AccountIdentifiers.js";
@@ -42,26 +43,32 @@ export function useAccount(
 ): AccountInfo | null {
     const { instance, inProgress, logger } = useMsal();
 
-    const [account, setAccount] = useState<AccountInfo | null>(() =>
-        getAccount(instance, accountIdentifiers)
-    );
+    const [account, setAccount] = useState<AccountInfo | null>(() => {
+        if (inProgress === InteractionStatus.Startup) {
+            return null;
+        } else {
+            return getAccount(instance, accountIdentifiers);
+        }
+    });
 
     useEffect(() => {
-        setAccount((currentAccount: AccountInfo | null) => {
-            const nextAccount = getAccount(instance, accountIdentifiers);
-            if (
-                !AccountEntity.accountInfoIsEqual(
-                    currentAccount,
-                    nextAccount,
-                    true
-                )
-            ) {
-                logger.info("useAccount - Updating account");
-                return nextAccount;
-            }
+        if (inProgress !== InteractionStatus.Startup) {
+            setAccount((currentAccount: AccountInfo | null) => {
+                const nextAccount = getAccount(instance, accountIdentifiers);
+                if (
+                    !AccountEntity.accountInfoIsEqual(
+                        currentAccount,
+                        nextAccount,
+                        true
+                    )
+                ) {
+                    logger.info("useAccount - Updating account");
+                    return nextAccount;
+                }
 
-            return currentAccount;
-        });
+                return currentAccount;
+            });
+        }
     }, [inProgress, accountIdentifiers, instance, logger]);
 
     return account;

lib/msal-react/src/hooks/useMsalAuthentication.ts

@@ -253,8 +253,8 @@ export function useMsalAuthentication(
             shouldAcquireToken.current &&
             inProgress === InteractionStatus.None
         ) {
-            shouldAcquireToken.current = false;
             if (!isAuthenticated) {
+                shouldAcquireToken.current = false;
                 logger.info(
                     "useMsalAuthentication - No user is authenticated, attempting to login"
                 );
@@ -263,6 +263,7 @@ export function useMsalAuthentication(
                     return;
                 });
             } else if (account) {
+                shouldAcquireToken.current = false;
                 logger.info(
                     "useMsalAuthentication - User is authenticated, attempting to acquire token"
                 );

samples/msal-react-samples/b2c-sample/src/ui-components/WelcomeName.jsx

@@ -1,12 +1,13 @@
 import { useEffect, useState } from "react";
 import { useMsal } from "@azure/msal-react";
+import { InteractionStatus } from "@azure/msal-browser";
 import Typography from "@mui/material/Typography";
 
 const WelcomeName = () => {
-    const { instance } = useMsal();
+    const { instance, inProgress } = useMsal();
     const [name, setName] = useState(null);
 
-    const activeAccount = instance.getActiveAccount();
+    const activeAccount = inProgress === InteractionStatus.None ? instance.getActiveAccount() : null;
     useEffect(() => {
         if (activeAccount && activeAccount.name) {
             setName(activeAccount.name.split(' ')[0]);

samples/msal-react-samples/nextjs-sample/src/ui-components/WelcomeName.jsx

@@ -1,12 +1,13 @@
 import { useEffect, useState } from "react";
 import { useMsal } from "@azure/msal-react";
+import { InteractionStatus } from "@azure/msal-browser";
 import Typography from "@mui/material/Typography";
 
 const WelcomeName = () => {
-    const { instance } = useMsal();
+    const { instance, inProgress } = useMsal();
     const [name, setName] = useState(null);
 
-    const activeAccount = instance.getActiveAccount();
+    const activeAccount = inProgress === InteractionStatus.None ? instance.getActiveAccount() : null;
     useEffect(() => {
         if (activeAccount && activeAccount.name) {
             setName(activeAccount.name.split(' ')[0]);

samples/msal-react-samples/nextjs-sample/test/profile.spec.ts

@@ -24,7 +24,7 @@ async function verifyTokenStore(
         "b5c2e510-4a17-4feb-b219-e55aa5b74144"
     );
     expect(telemetryCacheEntry).not.toBeNull;
-    expect(telemetryCacheEntry["cacheHits"]).toBe(1);
+    expect(telemetryCacheEntry["cacheHits"]).toBeGreaterThanOrEqual(1);
 }
 
 describe("/profile", () => {

samples/msal-react-samples/react-router-sample/src/ui-components/WelcomeName.jsx

@@ -1,12 +1,13 @@
 import { useEffect, useState } from "react";
 import { useMsal } from "@azure/msal-react";
+import { InteractionStatus } from "@azure/msal-browser";
 import Typography from "@mui/material/Typography";
 
 const WelcomeName = () => {
-    const { instance } = useMsal();
+    const { instance, inProgress } = useMsal();
     const [name, setName] = useState(null);
 
-    const activeAccount = instance.getActiveAccount();
+    const activeAccount = inProgress === InteractionStatus.None ? instance.getActiveAccount() : null;
     useEffect(() => {
         if (activeAccount) {
             setName(activeAccount.name.split(' ')[0]);