microsoft-authentication-library-for-android icon indicating copy to clipboard operation
microsoft-authentication-library-for-android copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Allow Prompt.None when acquiring a token after logging in

Open ravindu-edg opened this issue 1 year ago • 4 comments

I use MSAL in an app that supports login and edit profile features via Azure B2c. However, when the user logs in and tries to go to edit their profile via a different Policy, they are asked to enter the password again.

Is there a way to avoid this second login by perhaps setting "Prompt.None" or &prompt=none when calling the acquireToken() method in the SDK.

I have already tried

All the available Prompt types and not adding a prompt at all Passing a token (from silent token acquisition) as a id_token_hint query parameter to acquire token It seems that the .Net and Web SDKs have the ability to pass prompt=none but we are not able to do that with the native app sdks. Is there a possibility of adding this to the mobile SDKs? Also, would setting this allow the user to skip the second login?

ravindu-edg avatar Mar 22 '24 05:03 ravindu-edg

@ravindu-edg This is functioning as anticipated. You will experience Single Sign-On (SSO), once you've completed the sign-in process, you will not need to sign in again for the Profile Edit journey.

Here's how to verify this:

  1. Initiate a new browser session and complete the sign-in process.
  2. In a new tab, navigate to the Profile Edit page by pasting its link. Ensure you remove the prompt=login query parameter from the URL.
  3. Upon accessing the link, you'll be directed immediately to your profile modification page, bypassing the sign-in page.

negoe avatar Mar 26 '24 14:03 negoe

Hi @negoe, the issue is that I'm unable to remove the prompt=login query parameter from the URL when using the SDK.

When I omit the withPrompt value as below, I still get &prompt=select_account in the URL.

val params = AcquireTokenParameters.Builder()
            .startAuthorizationFromActivity(activity)
            .fromAuthority(authority)
            .withScopes(listOf(BuildConfig.B2C_SCOPE))
            //.withPrompt(Prompt.LOGIN)
            .withCallback(authenticationCallback)
            .build()
        client.acquireToken(params)

ravindu-edg avatar Apr 02 '24 05:04 ravindu-edg

@ravindu-edg Thank you for the clarification. I confirmed with our team, that as of today, we do not offer support for prompt=none. This is recognized as a request for a new feature. We will monitor the demand for this requirement closely and consider prioritizing it in the future should more customers express a need for it.

negoe avatar Apr 08 '24 18:04 negoe

@ravindu-edg Hi,

If i am not mistaken, you can reach the desired result by using this function - forAccount. The account you can get from library (application class)

https://learn.microsoft.com/en-us/java/api/com.microsoft.identity.client.tokenparameters.builder?view=azure-java-stable#com-microsoft-identity-client-tokenparameters-builder-foraccount(iaccount)

VolodaUa avatar Jul 06 '24 20:07 VolodaUa