Search code examples
react-nativeazure-ad-b2cazure-ad-msal

Receiving error "No cached accounts found for the supplied homeAccountId and clientId" when attempting to acquireTokenSilent

I have a React Native project that we've recently been attempting to move over to AzureB2C. We have been leveraging the now archived package react-native-msal. Our project also employs react-native-web. The web functionality is working without issue, however, when working in the app natively, I am getting an issue when attempting to call the acquireTokenSilent method, which fails with the error message:

No cached accounts found for the supplied homeAccountId and clientId

I've found this post which mentions an issue with the signing key, but, re-running that does not result in a different Signature, and so I don't believe it's that. I also found this thread which suggests an answer but doesn't provide it.

Our configuration is quite simple as well.

{
  "auth": {
    "clientId": "<CLIENT_ID>",
    "redirectUri": "msauth://<PACKAGE>/<SIGNATURE_HASH>",
    "authority": "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
    "navigateToLoginRequestUrl": false,
    "knownAuthorities": [
      "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_SIGNUP_SIGNIN",
      "https://<TENANT>.b2clogin.com/tfp/<TENANT>.onmicrosoft.com/B2C_1A_PASSWORDRESET"
    ]
  },
  "cache": {
    "cacheLocation": "sessionStorage",
    "storeAuthStateInCookie": false
  }
}

The Sign in, out, getting accounts all work fine in both Web and the Native App. It's just that acquireTokenSilent doesn't work correctly in the Native App.

Does anyone have any other suggestions?

Solution

  • In conjunction with Microsoft and a colleague of mine, we got to the bottom of the issue here. It seems we needed to do two things:

    Remove a line from out TRUSTFRAMEWORKBASE custom policy file. The line we removed was:

    <OutputClaim ClaimTypeReferenceId="tenantId" PartnerClaimType="tid" />

    Then we also had to remove the tenantId OutputClaim in our SignUpSignIn custom policy.

    The explanation given from Microsoft was:

    The existing MSAL caching code didn't anticipate the presence of tid claim in the token and therefore when this claim is present then it leads to the token being cached slightly differently by MSAL which then leads to cache miss on the subsequent silent token requests.