Azure B2C Refresh Token Functionality Not Working In iOS Swift Sample App

Question

I started working with Azure-Samples/active-directory-b2c-ios-swift-native-msal app to demo the functionality of our Azure B2C tenant. I have gotten everything working outside of the refresh token functionality. I have added the "offline_access" scope to ensure that the refresh token is provided.

The first error that I got:

User Nil error

let application = try MSALPublicClientApplication.init(clientId: kClientID, authority: kAuthority)
let thisUser = try self.getUserByPolicy(withUsers: application.users(), forPolicy: kSignupOrSigninPolicy)

application.acquireTokenSilent(forScopes: kScopes, user: thisUser) { (result, error) in
if error == nil {
self.accessToken = (result?.accessToken)!
self.loggingText.text = "Refreshing token silently"
self.loggingText.text = "Refreshed Access token is \(self.accessToken)"

            } 

So I tried to store the MSAL user from the initial authorization and passed it into the AcquireTokenSilent method.

I get this error:

Failed to find any access token error

let application = try MSALPublicClientApplication.init(clientId: kClientID, authority: kAuthority)
let thisUser = userFromAuth

    application.acquireTokenSilent(forScopes: kScopes, user: thisUser) { (result, error) in
            if error == nil {
                self.accessToken = (result?.accessToken)!
                self.loggingText.text = "Refreshing token silently"
                self.loggingText.text = "Refreshed Access token is \(self.accessToken)"

            }

Finally, I tried to add the authority/policy used in the SignUp/SignIn (initial auth call) into the AcquireTokenSilent and I get this error:

I get: "No tokens matching this arguments found in the cache." (Wouldn't let me post a 3rd link)

let application = try MSALPublicClientApplication.init(clientId: kClientID, authority: kAuthority)
let thisUser = userFromAuth

    application.acquireTokenSilent(forScopes: kScopes, user: thisUser, authority: kAuthority) { (result, error) in
            if error == nil {
                self.accessToken = (result?.accessToken)!
                self.loggingText.text = "Refreshing token silently"
                self.loggingText.text = "Refreshed Access token is \(self.accessToken)"

            }     

I have tested the refresh token functionality in the Android sample app and I am able to refresh the token successfully so I don't think the issue is anywhere in our B2C. I also read that the MSAL library handles the refresh differently than the AppAuth library used in the Android and Obj-C examples so I am not sure if there is something I am missing.

Any insight into what could be wrong would be great!

Answer 1

Got it worked out. The useridentifier is returned with the policy name in all lowercase (ex: 56d56ec5-96a9-4c23-9717-4ae5d86f967c-b2c_1_policy) so it will fail to find the user (and the token) if you're policy has any capital letters.

I fixed it by adding .lowercased() to the end of the forPolicy string in the getUserByPolicy method:

for user in withUsers {
    if (user.userIdentifier().components(separatedBy: ".")[0].hasSuffix(forPolicy.lowercased())) {
        return user
  }    
}

Also had to be sure to be on the latest version of Xcode (8.3.3).