microsoft-authentication-library-for-js
microsoft-authentication-library-for-js copied to clipboard
AzureAD
SSOSilient isn't working
Core Library
MSAL.js (@azure/msal-browser)
Core Library Version
3.24.0
Wrapper Library
MSAL React (@azure/msal-react)
Wrapper Library Version
2.1.0
Public or Confidential Client?
Public
Description
While integrating my website into a parent website that uses Azure B2C, I encountered an issue when attempting Single Sign-On (SSO). After successfully logging into the parent website, I posted a message to an iframe containing the active account. However, when trying to authenticate using the SSOSilent method with loginHint and the active account, an error was thrown:
InteractionRequiredAuthError: interaction_required: AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'
The error indicates that the user does not have an existing session, although they are already logged into the parent website. I expected the session to persist across iframes for seamless SSO, but this seems to require interaction despite the prompt parameter being set to 'None.'
With SID, i saw it is not available with B2C: https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/1935
Here is my code in Iframe website:
const ssoSilent = async (account: AccountInfo): Promise<string> => {
try {
await instance.acquireTokenRedirect({
scopes: MicrosoftGraphAuth.GetLoginRequest().scopes,
account: account,
});
const result = await instance.ssoSilent({
scopes: ['client_id', 'offline_access', 'openid'],
loginHint: account.username,
});
const {accessToken} = result;
localStorage.setItem('accessToken', JSON.stringify(accessToken));
return accessToken;
} catch (error) {
console.log('error acquire token silent', error);
instance.clearCache();
}
};
Docs: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/iframe-usage.md#single-sign-on
Error Message
InteractionRequiredAuthError: interaction_required: AADB2C90077: User does not have an existing session and request prompt parameter has a value of 'None'. Correlation ID: 2fc57a11-158f-476a-8ce4-18843fb12fe6
MSAL Logs
No response
Network Trace (Preferrably Fiddler)
- [ ] Sent
- [ ] Pending
MSAL Configuration
const msalConfig: Configuration = {
auth: {
clientId: 'eadcd102-392c-45a3-xxxxxx-xxxxxxxxxx',
authority: 'https://xxxxxxx.b2clogin.com/amsb2cdera.onmicrosoft.com/B2C_1_signup',
redirectUri: 'http://localhost:8080/oauth2/microsoft/callback',
knownAuthorities: ['xxxxxxx.b2clogin.com'],
},
cache: {
cacheLocation: 'localStorage',
},
};
Relevant Code Snippets
const iframe: any = document.getElementById('child-iframe')
iframe?.contentWindow?.postMessage(accounts[0], '*')
Reproduction Steps
- Logged in Parent website
- Parent website call postMessage() send data to iframe (https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage)
- Got error when use instance.ssoSilent()
Expected Behavior
ssoSilent successfully
Identity Provider
Azure B2C Custom Policy
Browsers Affected (Select all that apply)
Chrome, Firefox, Edge, Safari, Other
Regression
"@azure/msal-browser": "3.24.0" and "@azure/msal-react": "2.1.0",
Source
External (Customer)
This is something the B2C team can answer, we do not yet custom brokering scenarios from MSAL JS. Please raise a ticket with B2C team here.
@luke-nguyen-ams This issue has been automatically marked as stale because it is marked as requiring author feedback but has not had any activity for 5 days. If your issue has been resolved please let us know by closing the issue. If your issue has not been resolved please leave a comment to keep this open. It will be closed automatically in 7 days if it remains stale.
![microsoft-github-policy-service[bot] avatar](https://avatars.githubusercontent.com/in/95686?v=4 "Published by a pub.dev verified publisher"){kind=small}