Error - Guard - error while logging in, unable to activate - blocks the msal guard

[SamShekhovtsov]

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.33.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.5.3

Public or Confidential Client?

Confidential

Description

When user clicks for example change password, there is a request created for a password change. In case, if the user cancelled the change password dialog, he is sent back to the site, however the "Error - Guard - error while logging in, unable to activate" blocks the user from any action.

I was trying different workarounds for solving this issue:
set the active account (however the active account is set correctly)

authService.ssoSilent

nothing helps, the system remains broken, all features are not functioning due to the error mentioned above.

When users cancels the Change Password or cancels the Impersonate flow by clicking the Cancel button - the system shouldn't be competely broken. The user is expected to remain logged in.

Error Message

ERROR ServerError: access_denied: AADB2C90091: The user has cancelled entering self-asserted information.
Error - Guard - error while logging in, unable to activate

Msal Logs

Error - Guard - error while logging in, unable to activate

MSAL Configuration

export function MSALInstanceFactory(): IPublicClientApplication {
  return new PublicClientApplication(msalConfig);
}

export function MSALGuardConfigFactory(): MsalGuardConfiguration {
  return {
    interactionType: InteractionType.Redirect,
    authRequest: loginRequest
  };
}

Relevant Code Snippets

changePassword() {
        let changePasswordRequest: RedirectRequest | PopupRequest = {
            authority: b2cPolicies.authorities.customChangePassword.authority,
            scopes: [],
        };

        this.login(changePasswordRequest);
    }


    trySsoSilentLogin(originalSignInAccount: AccountInfo) {
        
        let signUpSignInFlowRequest: SsoSilentRequest = {
            authority: b2cPolicies.authorities.customSignUpSignIn.authority,
            account: originalSignInAccount as AccountInfo
        };

        // silently login again with the customSignUpSignIn policy
        this.authService.ssoSilent(signUpSignInFlowRequest);
    }

this.authService.loginRedirect(userFlowRequest);

Reproduction Steps

1. implement the change password flow
2. click / activate the change password function
3. cancel the change password flow by clicking the "Cancel" button
4. try to use the system as usual

Expected Behavior

the user should be able to use the system as usual after cancelling the current change password or impoersonate user flow.

Identity Provider

Azure B2C Custom Policy

Browsers Affected (Select all that apply)

Chrome, Firefox, Edge, Internet Explorer

Regression

No response

Source

External (Customer)

[lalimasharda]

Hey @SamShekhovtsov! This is a known issue and a duplicate of #4378 (workaround mentioned). We are tracking this bug internally, but it is deprioritized at the moment.

[ghost]

@SamShekhovtsov This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.