TypeError for cached AD FS account in V3

[gabbsmo]

Core Library

MSAL.js (@azure/msal-browser)

Core Library Version

3.21.0

Wrapper Library

Not Applicable

Wrapper Library Version

0

Public or Confidential Client?

Public

Description

After upgrading from V2 to V3 and added the required initialize() call, handleRedirectPromise() will throw a TypeError. This does not seem to happen with Azure AD accounts.

Error Message

TypeError: Cannot set properties of undefined (setting 'tenantProfiles')
at BrowserCacheManager.updateOutdatedCachedAccount (CacheManager.mjs:568:39)
at BrowserCacheManager.getAccount (BrowserCacheManager.ts:399:21)
at CacheManager.mjs:268:33
at Array.forEach ()
at BrowserCacheManager.getAccountsFilteredBy (CacheManager.mjs:263:24)
at BrowserCacheManager.getAllAccounts (CacheManager.mjs:37:46)
at getAllAccounts (AccountManager.ts:21:41)
at StandardController.getAllAccounts (StandardController.ts:1354:16)
at StandardController.handleRedirectPromiseInternal (StandardController.ts:413:39)
at StandardController.handleRedirectPromise (StandardController.ts:386:33)

MSAL Logs

[Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - BrowserCrypto: modern crypto interface available
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Trace - BrowserCacheManager - createKeyMaps called.
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - BrowserCacheManager:createKeyMaps - account and token key maps already exist, skipping migration.
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Trace - initialize called
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Info - Emitting event: msal:initializeStart
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - Claims-based caching is disabled. Clearing the previous cache with claims
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Trace - Executing function clearTokensAndKeysWithClaims
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Trace - BrowserCacheManager.getTokenKeys called
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Trace - BrowserCacheManager.getAccessTokenCredential: cache hit
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Trace - Returning result from clearTokensAndKeysWithClaims
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Info - Emitting event: msal:initializeEnd
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - handleRedirectPromise called
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - getAllAccounts called
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:05 GMT] : [] : @azure/msal-browser@3.21.0 : Trace - BrowserCacheManager.getAccountKeys called
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:09 GMT] : [] : @azure/msal-browser@3.21.0 : Trace - BrowserCacheManager.getAccount called
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:12 GMT] : [] : @azure/msal-common@14.14.1 : Verbose - updateOutdatedCachedAccount: Found a single-tenant (outdated) account entity in the cache, migrating to multi-tenant account entity
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:12 GMT] : [] : @azure/msal-browser@3.21.0 : Trace - BrowserCacheManager.getAccountKeys called
msalServiceProvider.js:63 [Fri, 23 Aug 2024 15:28:12 GMT] : [] : @azure/msal-browser@3.21.0 : Verbose - handleRedirectPromise has been called for the first time, storing the promise

Network Trace (Preferrably Fiddler)

N/A since no network traffic with the identity provider at this point.

MSAL Configuration

{
    "auth": {
        "clientId": "SOME_GUID",
        "authority": "https://adfs.contoso/adfs",
        "redirectUri": "https://localhost:44300",
        "navigateToLoginRequestUrl": false,
        "knownAuthorities": [
            "https://adfs.contoso/adfs"
        ],
        "protocolMode": "OIDC"
    },
    "cache": {
        "cacheLocation": "localStorage"
    },
    "system": {
        "loggerOptions": {
            "logLevel": 4
        }
    }
}

Relevant Code Snippets

_msalInstance = new msal.PublicClientApplication(msalConfig);
_loginRedirectPromise = _msalInstance.initialize().then(function () {
    return _msalInstance.handleRedirectPromise();
});

Reproduction Steps

1. Sign in to SPA running V2 using AD FS
2. Upgrade to V3 and do the required code changes for the upgrade
3. Refresh the SPA

Expected Behavior

Attempt to upgrade previously cached AD FS accounts should not fail.

Identity Provider

ADFS

Browsers Affected (Select all that apply)

Edge

Regression

@azure/msal-browser 2.38.3

Source

External (Customer)

[fmontaltcv]

HI, same error here...
i am looking for a work around and i found this:

It seems that the problem is when is getting the accounts the startWith() function is keysensitive so that function doesn't found any account... then the array it is empty and then fails... looks like a bug from MSAL

The problem is in the function updateOutdatedCachedAccount in the file CacheManager.mjs

[fmontaltcv]

More info:

Looks like the msal.acount.keys that it is set in the localStorage it is in lowercase so... that is the problem... i am lloking if there is a way to set in the original stream

[RubSR]

Same problem here, 2 weeks without any answer? It's a huge problem.

[shurdev]

We have the same problem, when updating to v3, do we have a solution planned?

[fmontaltmer]

I have created this MR to fix the problem, please vote up to be set in the next version
#7287

[DHerreto]

Same problem here. How's the MR going? Seems like a pretty simple fix?

[fmontaltmer]

Hello, i am still waiting for merge mi fix of this problem into dev... any news?
#7287