Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

'Keep me signed in' not available when redirect url is chrome-extension://xxxx

See original GitHub issue

Library

msal@1.x.x or @azure/msal@1.x.x
@azure/msal-browser@2.x.x
@azure/msal-angular@0.x.x
@azure/msal-angular@1.x.x
@azure/msal-angularjs@1.x.x

Description

We are creating an edge extension using msal.js to authenticate users against AAD. For edge extension the redirect url is in such format chrome-extension://xxxx. I noticed that in such case the ‘Keep me signed in’ option is not longer available. However, if I just replaced the redirect_url segment in the url with https://xxxx, the ‘Keep me signed in’ option showed up.

I am wondering if there is something that I should do to enable KMSI, or it is a bug/limitation on the msal/AAD side.

Thanks.

Issue Analytics

State:
Created 3 years ago
Comments:5 (1 by maintainers)

Top GitHub Comments

1reaction

hpsincommented, May 12, 2020

This is expected behavior at this time for AAD. Non-HTTP(S) redirect URIs at this time indicate to the login server that the request is going to a native application or otherwise embedded app, and therefore there’s no reason to keep the session around or show KMSI.

In your scenario this is not desirable, of course, since you are inside a browser and would like the session to stick around. This limitation has cropped up as well in native apps using the system webview/system browser on Windows/Android/iOS as well, so we’re looking at was to improve our detection of these browser scenarios. I don’t have any estimates on if or when that will be possible however.

0reactions

tnorlingcommented, May 27, 2020

Closing as no further action needed by msal