InteractionRequiredAuthError not caught in AuthCodeMSALBrowserAuthenticationProvider #1969
Description
Describe the bug
I am trying to increment my consent using and new scope using the AuthCodeMSALBrowserAuthenticationProvider but the browser doesn't prompt for interaction via the specified interaction type. (Popup / Redirect)
Expected behavior
If the scope doesn't exist the existing token the user should be prompted to consent.
How to reproduce
Setup the AuthCodeMSALBrowserAuthenticationProvider with a scope not previously consented.
const authProvider = new AuthCodeMSALBrowserAuthenticationProvider(
instance as PublicClientApplication,
{
scopes: ["User.Read", "User.ReadBasic.All"],
account: instance.getActiveAccount()!,
interactionType: InteractionType.Redirect,
}
);
Attempt to call the GraphClient
const graphClient = Client.initWithMiddleware({
authProvider,
});
const user: User = await graphClient
.api("/me")
.select([
"displayName",
"givenName",
"id",
"mail",
"mobilePhone",
"officeLocation",
"preferredLanguage",
"surname",
"userPrincipalName",
"jobTitle",
"companyName",
])
.get();
SDK Version
3.0.7
Latest version known to work for scenario above?
No response
Known Workarounds
Specify the scopes in initial interactive login.
Debug output
Click to expand log
```Uncaught (in promise) _GraphError: invalid_grant: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxxxxx'. Send an interactive authorization request for this user and resource. Trace ID: 53d15b9f-5e08-4e70-90fc-1448ddff9000 Correlation ID: 01992380-12dc-70c6-a2a2-33f9f074dd3b Timestamp: 2025-09-07 09:27:00Z
</details>
### Configuration
_No response_
### Other information
It would seem that the error thrown is not being caught as an instance of InteractionRequiredAuthError here.
[AuthCodeMSALBrowserAuthenticationProvider.ts](https://github.com/microsoftgraph/msgraph-sdk-javascript/blame/db1757abe7a4cad310f0cd4d7d2a83b961390cce/src/authentication/msal-browser/AuthCodeMSALBrowserAuthenticationProvider.ts#L65C5-L76C4)
Setting a breakpoint and inspecting the output shows this:-
**error**
:
Error at new GraphClientError2 (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16797:30) at AuthCodeMSALBrowserAuthenticationProvider2.<anonymous> (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16845:27) at step (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:208:17) at Object.next (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:160:14) at http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:147:67 at new Promise (<anonymous>) at Object.__awaiter (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:129:10) at AuthCodeMSALBrowserAuthenticationProvider2.getAccessToken (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16838:26) at _AuthenticationHandler.<anonymous> (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client.js?v=8e109230:803:52) at Generator.next (<anonymous>)
stack
:
"Error\n at new GraphClientError2 (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16797:30)\n at AuthCodeMSALBrowserAuthenticationProvider2.<anonymous> (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16845:27)\n at step (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:208:17)\n at Object.next (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:160:14)\n at http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:147:67\n at new Promise (<anonymous>)\n at Object.__awaiter (http://localhost:5173/node_modules/.vite/deps/chunk-QXXCRS6M.js?v=4882f8fb:129:10)\n at AuthCodeMSALBrowserAuthenticationProvider2.getAccessToken (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client_authProviders_authCodeMsalBrowser.js?v=3372f56d:16838:26)\n at _AuthenticationHandler.<anonymous> (http://localhost:5173/node_modules/.vite/deps/@microsoft_microsoft-graph-client.js?v=8e109230:803:52)\n at Generator.next (<anonymous>)"
[[Prototype]]
:
Error
**error_1**
:
InteractionRequiredAuthError: invalid_grant: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxxx'. Send an interactive authorization request for this user and resource. Trace ID: a78c4369-1ba1-4643-9bc6-a41118743b00 Correlation ID: 01992398-5e93-72f1-97cb-19d935dc8e56 Timestamp: 2025-09-07 09:53:32Z at _ResponseHandler.validateTokenResponse (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:5595:15) at RefreshTokenClient.acquireToken (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:6052:21) at async RefreshTokenClient.acquireTokenWithCachedRefreshToken (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:6109:14)
claims
:
""
correlationId
:
"01992398-5eb9-7c07-9a34-c2a893c5371a"
errorCode
:
"invalid_grant"
errorMessage
:
"AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxx'. Send an interactive authorization request for this user and resource. Trace ID: a78c4369-1ba1-4643-9bc6-a41118743b00 Correlation ID: 01992398-5e93-72f1-97cb-19d935dc8e56 Timestamp: 2025-09-07 09:53:32Z"
errorNo
:
65001
name
:
"InteractionRequiredAuthError"
subError
:
"consent_required"
timestamp
:
"2025-09-07 09:53:32Z"
traceId
:
"a78c4369-1ba1-4643-9bc6-a41118743b00"
message
:
"invalid_grant: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxx'. Send an interactive authorization request for this user and resource. Trace ID: a78c4369-1ba1-4643-9bc6-a41118743b00 Correlation ID: 01992398-5e93-72f1-97cb-19d935dc8e56 Timestamp: 2025-09-07 09:53:32Z"
stack
:
"InteractionRequiredAuthError: invalid_grant: AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx' named 'xxxx'. Send an interactive authorization request for this user and resource. Trace ID: a78c4369-1ba1-4643-9bc6-a41118743b00 Correlation ID: 01992398-5e93-72f1-97cb-19d935dc8e56 Timestamp: 2025-09-07 09:53:32Z\n at _ResponseHandler.validateTokenResponse (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:5595:15)\n at RefreshTokenClient.acquireToken (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:6052:21)\n at async RefreshTokenClient.acquireTokenWithCachedRefreshToken (http://localhost:5173/node_modules/.vite/deps/chunk-PJPP7UDJ.js?v=4882f8fb:6109:14)"
[[Prototype]]
:
_AuthError
Reactions are currently unavailable