I'm writing a web app that supports Azure AD authentication to a tenant as well as personal Microsoft Account authentication and requests access to the MS Graph for both of these auth providers. I'm using the msal.js library on the client to handle the authentication.
I have experienced the following which makes me think that the underlying UserAgentApplication object in msal is sharing state and preventing me from authenticating asynchronously with both providers.
Background:
I have an AadAuthProvider class, which is used to authenticate against the tenant authority. I have an MsaAuthProvider class, which is used to authenticate against the personal Microsoft Account authority.
Each of these classes instantiates their own UserAgentApplication object with their own different Msal.Configurations.
Observations
- Attempting to return a
Promisefrom callingAadAuthProvider.acquireTokensilently and aPromisefrom callingMsaAuthProvider.acquireTokensilently asynchronously always fails with anonce_mismatch_error:Nonce is not matching, Nonce received: e5xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx, nonce expected : a7xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. - Most of the time the first call will succeed and the second will fail with the
nonce_mismatch_error. If I am debugging, then depending on the time spent at various breakpoints, the first or the second will fail with thenonce_mismatch_error. - If I await
AadAuthProvider.acquireTokenand then awaitMsaAuthProvider.acquireToken, the operations both succeed.
It strikes me as unexpected that you cannot make multiple calls through the msal library to different providers at the same time. I would expect that the UserAgentApplication could be instantiated multiple times with different configs and a consumer of msal could interact with them independently.
Is there a way to instantiate the UserAgentApplication class such that I can use them independently in the different providers?
