Yeah I agree, coincidentally I have only ever had it happen when I have multiple tabs… you wonder if each tab is trying to renew the token and when it’s already been renewed properly on a different tab, are those other tabs now out of sync or in a state they were never prepared for? Maybe you’re on to something…
To your point,is there any way to segregate the network log in dev tools per tab to try and document this?
I don;t think multiple renew would be a problem. Maybe when 1 tab renews and then does not communicate it to others.
Yes, I think @jbooker may be on to a hypothesis we could try and test out, but he’s asking us what can we do to log it or capture what’s happening to try and prove that out? Any ideas @Olga ?
Obviously the first thing to do is to get it to happen.
I accidentally went to the tab like 3H ago now per the time stamp on my post so I’ll keep waiting and see what happens.
I am so tempted to try and start testing @jbooker’s hypothesis with multitab and combine with your testing steps too, BUT, one experiment at a time.
I’m trying to think… if you start the session in a browser, can you launch multiple network debug for each tab if you pull the tab into its own window?
Okay @mbayley so just after 4 hours go back to the tab? Nothing else that I need to do?
Yes, just go back to the kinetic tab. It will fail right away.
That’s what I thought, okay.
I will try this too. I did do multiple tabs last time, but they were for different environments.
I will also run this in a VM, so my day to day doesn’t affect anything
man haha why didn’t I think of that. I should try on a VM ahah
@mbayley, I have had the window open since 8:10AM EST and then I went to the tab accidentally around 9:30 AM EST and I see in the network dev tools tab that at 09:32AM the “token” fetch entry, no failure.
THEN just now, 1:27PM I dragged a tab from my browser to another window and lost all the logging BUT I went back and got the token expiration error, just no logs cause I messed that up.
I am going to attempt this from a VM, I’m sorry I messed the logging up. I did get it to happen though.
I take that back @mbayley, the dev window still says it’s logging the app server url, but all the info is gone that I had earlier, all the calls, the token, all that.
It’s like the expiration and refresh of it cleared all the logging from previous session.
Check this. It will keep your logs when the page changes for whatever reason
Man… wish I knew that!
Claude n I made an IFrame Redirect Monitor browser extension which compiles all silent renewals and analyzes tokens and timestamps for all tabs. Works good. May work for the AAD /token renewal endpoint as well but havn’t proven that.
Still looking for patterns. Oddly (perhaps coincidence?) appears some tabs are synced and other not.
Iframe-browser-extension.zip (21.3 KB)
Is it possible to catch initial tab window.location before it is redirected to IDP?
oh and it looks very cool 
Lemme ask Claude and I’ll tell him you like his style. 
Um wait, first, what url location are you refering to?
The window.location that contains the iframe which loads Idp /authorize? sure.
I did not look how you did this. but iframe should be created by some window. What is the address of this window.
There’s an Iframe on every window but yes can capture parent location.
There, grabbed the tab titles as well.
