microsoft-authentication-library-for-js icon indicating copy to clipboard operation
microsoft-authentication-library-for-js copied to clipboard
verified publisher icon AzureAD

MsalInterceptor calls acquireTokenPopup when acquireTokenSilent fails, but when popups are blocked in the browser (popup_window_error), this is not caught further in the interceptor

Open izgqwnqlb opened this issue 4 years ago • 2 comments

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.18.0

Wrapper Library

MSAL Angular (@azure/msal-angular)

Wrapper Library Version

2.0.4

Description

More and more browsers are blocking pop-ups by default. So you can't just assume that pop-ups will be shown. However, this is problematic when the use of pop-ups is required to obtain tokens. Using acquireTokenRedirect could circumvent this problem, but is not a good alternative for us as we don't want users to lose their current state on the page.

MsalInterceptor calls acquireTokenPopup when acquireTokenSilent fails, but when popups are blocked in the browser, this is not caught further.

A solution could be that via a dialog where the user clicks on a button, acquireTokenPopup is called, so that the pop-up is opened by user interaction and therefore would not be blocked by the browser.

Is this something you are considering adding to the library?

@jasonnutter, I've seen that you have already provided feedback about those pop-ups that have been blocked before (https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/76#issuecomment-574946304). Perhaps it has already been thought to provide extra fallbacks in the library itself or will something like that never be added?

I would like to know if there are other alternatives, besides having to deal with it ourselves.

MSAL Configuration

const msalInterceptorConfig: MsalInterceptorConfiguration = {
    interactionType: InteractionType.Popup,
    protectedResourceMap,
  };

Relevant Code Snippets

{
    "errorCode": "popup_window_error",
    "errorMessage": "Error opening popup window. This can happen if you are using IE or if popups are blocked in the browser. Details: BrowserAuthError: empty_window_error: window.open returned null or undefined window object.",
    "subError": "",
    "name": "BrowserAuthError"
}

Identity Provider

Azure B2C Custom Policy

Source

External (Customer)

izgqwnqlb avatar Oct 21 '21 14:10 izgqwnqlb

@izgqwnqlb You are correct that the popup opened by MSAL.js may be blocked by the user's browser. Unfortunately, it is too opinionated for MSAL.js to render a button, as that may not be acceptable for all scenarios (and does not guarantee the popup will work). For now, I would recommend either catching the error and rendering your own button (which performs acquireTokenPopup and then retries the http request), switching to redirects, or writing your own interceptor which has the desired business logic.

We can consider adding a callback in the interceptor to enable an application to provide its own error handling for this (without needing to manually invoke acquireTokenPopup and retry the network request), as that seems like a reasonable ask. Unfortunately, we are busy working on other features, so I would recommend opening a PR if you'd like to see that included in the interceptor sooner than later. Thanks!

jasonnutter avatar Oct 21 '21 17:10 jasonnutter

How is this coming along? would love the option to just tell msal to redirect if popups are blocked

furier avatar Sep 07 '23 10:09 furier