Skip to content

InteractionRequiredAuthError not caught in AuthCodeMSALBrowserAuthenticationProvider#1969

New issue
New issue
Open
Open
InteractionRequiredAuthError not caught in AuthCodeMSALBrowserAuthenticationProvider#1969
Labels
status:waiting-for-triageAn issue that is yet to be reviewed or assignedtype:bugA broken experience
@richard-einfinity

Description

@richard-einfinity
richard-einfinity
opened on Sep 7, 2025

Describe the bug

I am trying to increment my consent using and new scope using the AuthCodeMSALBrowserAuthenticationProvider but the browser doesn't prompt for interaction via the specified interaction type. (Popup / Redirect)

Expected behavior

If the scope doesn't exist the existing token the user should be prompted to consent.

How to reproduce

Setup the AuthCodeMSALBrowserAuthenticationProvider with a scope not previously consented.

const authProvider = new AuthCodeMSALBrowserAuthenticationProvider( instance as PublicClientApplication,{scopes: ["User.Read", "User.ReadBasic.All"], account: instance.getActiveAccount()!, interactionType: InteractionType.Redirect, } );

Attempt to call the GraphClient

const graphClient = Client.initWithMiddleware({authProvider, }); const user: User = await graphClient .api("/me") .select([ "displayName", "givenName", "id", "mail", "mobilePhone", "officeLocation", "preferredLanguage", "surname", "userPrincipalName", "jobTitle", "companyName", ]) .get();

SDK Version

3.0.7

Latest version known to work for scenario above?

No response

Known Workarounds

Specify the scopes in initial interactive login.

Debug output

Click to expand log ```

Uncaught (in promise) _GraphError: invalid_grant: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxxxxx'. Send an interactive authorization request for this user and resource. Trace ID: 53d15b9f-5e08-4e70-90fc-1448ddff9000 Correlation ID: 01992380-12dc-70c6-a2a2-33f9f074dd3b Timestamp: 2025-09-07 09:27:00Z

</details> ### Configuration _No response_ ### Other information It would seem that the error thrown is not being caught as an instance of InteractionRequiredAuthError here. [AuthCodeMSALBrowserAuthenticationProvider.ts](https://github.com/microsoftgraph/msgraph-sdk-javascript/blame/db1757abe7a4cad310f0cd4d7d2a83b961390cce/src/authentication/msal-browser/AuthCodeMSALBrowserAuthenticationProvider.ts#L65C5-L76C4) Setting a breakpoint and inspecting the output shows this:- **error** : Error at new GraphClientError2 (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16797:30) at AuthCodeMSALBrowserAuthenticationProvider2.<anonymous> (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16845:27) at step (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:208:17) at Object.next (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:160:14) at http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:147:67 at new Promise (<anonymous>) at Object.__awaiter (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:129:10) at AuthCodeMSALBrowserAuthenticationProvider2.getAccessToken (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16838:26) at _AuthenticationHandler.<anonymous> (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client.js?v=8e109230:803:52) at Generator.next (<anonymous>) stack : "Error\n at new GraphClientError2 (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16797:30)\n at AuthCodeMSALBrowserAuthenticationProvider2.<anonymous> (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16845:27)\n at step (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:208:17)\n at Object.next (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:160:14)\n at http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:147:67\n at new Promise (<anonymous>)\n at Object.__awaiter (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:129:10)\n at AuthCodeMSALBrowserAuthenticationProvider2.getAccessToken (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16838:26)\n at _AuthenticationHandler.<anonymous> (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client.js?v=8e109230:803:52)\n at Generator.next (<anonymous>)" [[Prototype]] : Error **error_1** : InteractionRequiredAuthError: invalid_grant: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxxx'. Send an interactive authorization request for this user and resource. Trace ID: a78c4369-1ba1-4643-9bc6-a41118743b00 Correlation ID: 01992398-5e93-72f1-97cb-19d935dc8e56 Timestamp: 2025-09-07 09:53:32Z at _ResponseHandler.validateTokenResponse (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:5595:15) at RefreshTokenClient.acquireToken (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:6052:21) at async RefreshTokenClient.acquireTokenWithCachedRefreshToken (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:6109:14) claims : "" correlationId : "01992398-5eb9-7c07-9a34-c2a893c5371a" errorCode : "invalid_grant" errorMessage : "AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxx'. Send an interactive authorization request for this user and resource. Trace ID: a78c4369-1ba1-4643-9bc6-a41118743b00 Correlation ID: 01992398-5e93-72f1-97cb-19d935dc8e56 Timestamp: 2025-09-07 09:53:32Z" errorNo : 65001 name : "InteractionRequiredAuthError" subError : "consent_required" timestamp : "2025-09-07 09:53:32Z" traceId : "a78c4369-1ba1-4643-9bc6-a41118743b00" message : "invalid_grant: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxx'. Send an interactive authorization request for this user and resource. Trace ID: a78c4369-1ba1-4643-9bc6-a41118743b00 Correlation ID: 01992398-5e93-72f1-97cb-19d935dc8e56 Timestamp: 2025-09-07 09:53:32Z" stack : "InteractionRequiredAuthError: invalid_grant: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxx'. Send an interactive authorization request for this user and resource. Trace ID: a78c4369-1ba1-4643-9bc6-a41118743b00 Correlation ID: 01992398-5e93-72f1-97cb-19d935dc8e56 Timestamp: 2025-09-07 09:53:32Z\n at _ResponseHandler.validateTokenResponse (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:5595:15)\n at RefreshTokenClient.acquireToken (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:6052:21)\n at async RefreshTokenClient.acquireTokenWithCachedRefreshToken (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:6109:14)" [[Prototype]] : _AuthError

Metadata

Metadata

Assignees

No one assigned

    Labels

    status:waiting-for-triageAn issue that is yet to be reviewed or assignedtype:bugA broken experience

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions