I'm using Blazor WebAssembly with MSAL for authentication and storing Azure AD B2C credentials in localStorage. My setup is roughly like this:
builder.Services.AddMsalAuthentication(options => { builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication); options.ProviderOptions.LoginMode = "redirect"; options.AuthenticationPaths.LogOutCallbackPath = "/"; options.UserOptions.RoleClaim = "roles"; options.ProviderOptions.Cache.CacheLocation = "localStorage"; options.ProviderOptions.Cache.StoreAuthStateInCookie = false; options.ProviderOptions.DefaultAccessTokenScopes.Add(builder.Configuration.GetValue<string>("ADApiScope")!); }).AddAccountClaimsPrincipalFactory<RolesClaimsPrincipalFactory>(); Current setup:
Login page: /Login
Main page after login: /
Logout: a button that clears localStorage
I store the user’s MSAL credentials in localStorage. The token expires after ~24 hours. After expiration, when the app tries to refresh the token:
Silent token refresh fails
The app redirects to the admin-consent-required page 
also get the error AADSTS700084: The refresh token was issued to a single page app (SPA), and therefore has a fixed, limited lifetime of 1.00:00:00, which cannot be extended. It is now expired and a new sign in request must be sent by the SPA to the sign in page. The token was issued on 2025-11-19T18:24:16.7883147Z.
Problem / Question:
How can I simulate or reproduce the scenario of token expiration to test the redirect flow?
- Is it correct that deleting the refresh token from localStorage will trigger MSAL to redirect to an admin-consent page?
- How can I manage redirects after token expiration properly in Blazor WASM with MSAL?
