ID Token and Access Tokens get overwritten when using two data sources

I cannot get my application working when I add a second data source.

Auth services store token(s) received during an authorization process even if the authorization is not for its data source.

Hello Radzen Team,

its me again...

this is what I have

data source 1: custom LOB API developed using Radzen uses Azure AD Authorization
data source 2: MS Graph uses Azure AD Authorization


  • The application requests data from data source 1
  • goes through authenticate / authorize.
  • ID and Access tokens are created for both data source 1 and data source 2, the tokens are the same.

At this time the application successfully gets data from data source 1
(the access token is correct for data source 1)

  • the application then requests data from data source 2
  • and authorize...
  • ID and Access tokens received over right both data source 1 and data source 2 the tokens are the same.

At this time the application can successfully get data from data source 2
(the access token is correct for data source 2)
but requesting data from data source 1 will now fail

as always, your help is much appreciated.

Unfortunately I couldn't understand this either. Can you check the Network tab to see what HTTP headers are being used? This should reveal the cause of the problem. Check the Authorization header.


sorry for the confusion. I'll try again.

to answer your question http header: Authorization: Bearer eyJ0eXAiOiJKV1QiL...

My application has two data sources and two Auth services.
An Access Token is required for each data source.
Each Service has a setter method to save the Access Token to session storage during the authorization process.
The stored token is later used in the Http Authorization header when a request for data occurs


set accessToken(value: string) {
  sessionStorage.setItem('TECHNEAUX_API_ACCESS_TOKEN', value);


set accessToken(value: string) {
  sessionStorage.setItem('MS_GRAPH_ACCESS_TOKEN', value);

These two tokens should be different. but they are not. they are always the same.

you would expect that
set TECHNEAUX_API_ACCESS_TOKEN would only execute during the Techneaux API authentication process and
set MS_GRAPH_ACCESS_TOKEN would only execute during the MS Graph authentication process.

but this is not the case.

regardless of which data source is being authenticated, the token returned is stored to both locations.

does this help in understanding this issue?


Most probably both services recognise the login sequence and the first gets the second token and overwrites the existing one. We will investigate this next week and report our findings.

1 Like

Hi @michael,

We released a new Radzen version today that attempts to address the described issue. The fix however affects the generated security services which you may have added to the ignore list. Please remove them from the ignore list temporarily to see if the fix is working.

1 Like


Thanks again for the quick response from the Radzen team. This resolved the issue.

seems to work great.