Login Component with MSAL2TeamsProvider and SSO and Scope enhancements

[jocsch]

Hi,
I stumbled upon a race condition and I would like to know what you think is the best way to deal with it.
I have a React Teams application with an MSAL2TeamsProvider and SSO configured (token swap in the backend) and a user element displaying the user information.

If the user has granted all permissions to the app this works fine.
If not, the login fails and the user has to login manually and grant the permissions.

The problem is, that as soon as the login component fires the loginCompleted event, the Provider tries to fetch the graph token from the tokenswap endpoint in the backend but that call fails with a 403 as it seems that there is a slight delay (couple of seconds) until the permission upgrade is propagated in the Microsoft backend and the token swap succeeds.

What would be the best way to deal with it? I can refresh the whole page after X seconds but that is a rather brutal user experience. Is there a way to retrigger the token fetching and component updating?

[sebastienlevert]

Are you saying that the token brought back by the swap is not up-to-date with the latest scopes?

[jocsch]

No. I get a 400 back with the error message "consent_required" (that is after the user has given the consent already).
And it takes like 30 seconds (of frequent polling) until the call succeeds.

So the token swap fails unless the permissions are propagated. That is just in the scenario where the user needs to grant new permissions. Once the permissions are granted the swap always works fine.