AADSTS50058: A silent sign-in request was sent but no user is signed in

Question

I am using hello.js to sign in Microsoft Graph.

First I initialized by

hello.init({
    msft: {
      id: myAppId,
      oauth: {
        version: 2,
        auth: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
      },
      scope_delim: ' ',
      form: false
    },
  },
  { redirect_uri: window.location.href }
);

Then I signed in successfully in my app

hello('msft').login({ scope: 'User.Read' })

This is what hello.js saved in localStorage after signing in.

{
  "msft": {
  "access_token":"aLongToken",
    "token_type":"Bearer",
    "expires_in":3599,
    "scope":"basic,User.Read",
    "state":"",
    "session_state":"f034f785-f8d0-4cec-aab4-88559c9d93dd",
    "client_id":"a91e6907-2b6e-4793-848d-633e960e809d",
    "network":"msft",
    "display":"popup",
    "redirect_uri":"http://localhost:3006/login",
    "expires":1501800737.361
  }
}

However, when I try to refresh the access_token

hello('msft').login({
  display: 'none',
  response_type: 'id_token token',
  response_mode: 'fragment',
  nonce: 'my-app',
  prompt: 'none',
  scope: 'User.Read',
  login_hint: '[email protected]',
  domain_hint: 'organizations'
})

I got the error

AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user's session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the web app sending the silent sign-in request is in different IE security zone than the Azure AD endpoint (login.microsoftonline.com).

I am using Chrome.

Found this issue on GitHub. But still didn't figure out how to refresh correctly.

---

UPDATE:

After disable Allow Implicit Flow at https://apps.dev.microsoft.com, now I even failed to log in. So this is not the correct solution. hello.js saved this error in the localStorage:

{
  "msft": {
    "error": {
      "code":"unsupported_response_type",
      "message":"AADSTS70005: response_type 'token' is not enabled for the application\r\nTrace ID: 1dc20dd0-cab3-41b5-9849-2a7e35d60700\r\nCorrelation ID: caacce8f-6763-405d-a840-70c24d5306d4\r\nTimestamp: 2017-08-04 21:56:42Z"
    },
    "error_description":"AADSTS70005: response_type 'token' is not enabled for the application\r\nTrace ID: 1dc20dd0-cab3-41b5-9849-2a7e35d60700\r\nCorrelation ID: caacce8f-6763-405d-a840-70c24d5306d4\r\nTimestamp: 2017-08-04 21:56:42Z",
    "state":"",
    "client_id":"a91e6907-2b6e-4793-848d-633e960e809d",
    "network":"msft",
    "display":"popup",
    "redirect_uri":"http://localhost:3006/login",
    "scope":"basic,User.Read"
  }
}

Answer 1

It happens when the cookie of the user currently connected for login.microsoftonline.com has expired. The way we handle it is we redirect the user to sign in page with current page as redirecturi parameter.