chore(ui): Replace ssoSilent with acquireTokenSilent for token renewal (#27116)

chirag-madlani · Copilot · chirag-madlani · commit 07f1a0d666eb · 2026-04-09T11:52:36.000+05:30
* chore(ui): Replace ssoSilent with acquireTokenSilent for token renewal * fix(ui): update MsalAuthenticator tests to use acquireTokenSilent Agent-Logs-Url: https://github.com/open-metadata/OpenMetadata/sessions/4944b541-e32a-4904-9ac9-d1dc62acb565 Co-authored-by: chirag-madlani <12962843+chirag-madlani@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> (cherry picked from commit 65effdb)
diff --git a/openmetadata-ui/src/main/resources/ui/src/components/Auth/AppAuthenticators/MsalAuthenticator.test.tsx b/openmetadata-ui/src/main/resources/ui/src/components/Auth/AppAuthenticators/MsalAuthenticator.test.tsx
@@ -10,7 +10,10 @@
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  */
-import { InteractionStatus } from '@azure/msal-browser';
+import {
+  InteractionRequiredAuthError,
+  InteractionStatus,
+} from '@azure/msal-browser';
 import { useMsal } from '@azure/msal-react';
 import { act, render, screen } from '@testing-library/react';
 import { msalLoginRequest } from '../../../utils/AuthProvider.util';
@@ -37,7 +40,7 @@ const mockInstance = {
   loginPopup: jest.fn(),
   loginRedirect: jest.fn(),
   handleRedirectPromise: jest.fn(),
-  ssoSilent: jest.fn(),
+  acquireTokenSilent: jest.fn(),
   logout: jest.fn(),
 };
 
@@ -141,7 +144,7 @@ describe('MsalAuthenticator', () => {
   });
 
   it('should handle renewIdToken successfully', async () => {
-    mockInstance.ssoSilent.mockResolvedValueOnce({
+    mockInstance.acquireTokenSilent.mockResolvedValueOnce({
       account: { username: 'test@example.com' },
       idToken: 'new-token',
     });
@@ -155,10 +158,29 @@ describe('MsalAuthenticator', () => {
 
     const result = await authenticatorRef?.renewIdToken();
 
-    expect(mockInstance.ssoSilent).toHaveBeenCalled();
+    expect(mockInstance.acquireTokenSilent).toHaveBeenCalled();
     expect(result).toBe('mock-id-token');
   });
 
+  it('should throw InteractionRequiredAuthError when renewIdToken encounters expired session', async () => {
+    const interactionError = new InteractionRequiredAuthError(
+      'interaction_required'
+    );
+    mockInstance.acquireTokenSilent.mockRejectedValueOnce(interactionError);
+
+    render(
+      <MsalAuthenticator
+        {...mockProps}
+        ref={(ref) => (authenticatorRef = ref)}
+      />
+    );
+
+    await expect(authenticatorRef?.renewIdToken()).rejects.toThrow(
+      InteractionRequiredAuthError
+    );
+    expect(mockInstance.acquireTokenSilent).toHaveBeenCalled();
+  });
+
   it('should show loader when interaction is in progress', () => {
     (useMsal as jest.Mock).mockReturnValue({
       instance: mockInstance,
diff --git a/openmetadata-ui/src/main/resources/ui/src/components/Auth/AppAuthenticators/MsalAuthenticator.tsx b/openmetadata-ui/src/main/resources/ui/src/components/Auth/AppAuthenticators/MsalAuthenticator.tsx
@@ -87,7 +87,7 @@ const MsalAuthenticator = forwardRef<AuthenticatorRef, Props>(
         scopes: msalLoginRequest.scopes,
       };
       try {
-        const response = await instance.ssoSilent(tokenRequest);
+        const response = await instance.acquireTokenSilent(tokenRequest);
         const msalResponse = await parseMSALResponse(response);
 
         return msalResponse;
@@ -107,6 +107,7 @@ const MsalAuthenticator = forwardRef<AuthenticatorRef, Props>(
                     i18nKey="message.popup-block-message"
                     renderElement={
                       <a
+                        aria-label="Open popup settings"
                         href={getPopupSettingLink()}
                         rel="noopener noreferrer"
                         target="_blank"
diff --git a/openmetadata-ui/src/main/resources/ui/src/utils/Auth/TokenService/TokenServiceUtil.ts b/openmetadata-ui/src/main/resources/ui/src/utils/Auth/TokenService/TokenServiceUtil.ts
@@ -37,12 +37,12 @@ class TokenService {
 
   // Setup Service Worker listener for token updates (if available)
   private setupServiceWorkerListener() {
-    if ('serviceWorker' in navigator && 'indexedDB' in window) {
+    if ('serviceWorker' in navigator && 'indexedDB' in globalThis) {
       try {
         navigator.serviceWorker.addEventListener('message', (event) => {
           if (event.data.type === 'TOKEN_UPDATE') {
             // Token was updated via Service Worker, notify other tabs
-            this.refreshSuccessCallback && this.refreshSuccessCallback();
+            this.refreshSuccessCallback?.();
           } else if (event.data.type === 'TOKEN_CLEARED') {
             // Tokens were cleared (logout), don't trigger refresh callbacks
             // This prevents token restoration after logout
@@ -68,7 +68,7 @@ class TokenService {
   }
 
   public updateRefreshSuccessCallback(callback: () => void) {
-    window.addEventListener('storage', (event) => {
+    globalThis.addEventListener('storage', (event) => {
       if (event.key === REFRESHED_KEY && event.newValue === 'true') {
         callback(); // Notify the tab that the token was refreshed
         // Clear once notified
@@ -79,9 +79,6 @@ class TokenService {
 
   // Refresh the token if it is expired
   async refreshToken() {
-    // eslint-disable-next-line no-console
-    console.timeLog('refreshToken', 'Token initiated refresh');
-
     if (this.isTokenUpdateInProgress()) {
       return;
     }
@@ -100,7 +97,7 @@ class TokenService {
         if (newToken) {
           // Wait briefly for token to be persisted in SW+IndexedDB before notifying
           await new Promise((resolve) => setTimeout(resolve, 100));
-          this.refreshSuccessCallback && this.refreshSuccessCallback();
+          this.refreshSuccessCallback?.();
           // To update all the tabs on updating channel token
           // Notify all tabs that the token has been refreshed
           localStorage.setItem(REFRESHED_KEY, 'true');
